Report - mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/

Report Overview

Submitted URL
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/
IP
160.153.133.168
ASN
#21501 Host Europe GmbH
Submitted
2023-01-27 02:39:24
Access
Website Title
Final URL
Tags
citi financial phishing
urlquery detections
Phishing - Citi

Detections

urlquery
15
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	817 B	641 B	142.250.74.131
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	46 kB	34.120.237.76
cdn.pbbl.co	8838	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	276 B	1.3 kB	54.230.111.59
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	818 B	641 B	142.250.74.132
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	774 B	862 B	54.229.62.148
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.6 kB	16 kB	142.250.74.162
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	54.230.245.100
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	70 kB	142.250.74.40
siteintercept.qualtrics.com	1163	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	70 kB	104.17.208.240
20766699p.rfihub.com	40171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.2 kB	193.0.160.128
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	424 B	779 B	104.17.208.240
mpu-solutions.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.8 kB	840 kB	160.153.133.168
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	22 kB	54.230.111.14
citicorpcreditservic.tt.omtrdc.net	31643	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	1.1 kB	52.50.213.80
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	7.0 kB	142.250.74.131
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.185.76.10
metrics.citi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	452 B	982 B	15.236.117.205
iad1.qualtrics.com	15985	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	434 B	3.0 kB	23.38.201.123
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	104.18.32.68
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	3.9 kB	52.17.115.124
c1.rfihub.net	6410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	281 B	6.8 kB	54.230.111.62
fast.citi.demdex.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	3.2 kB	23.36.76.161

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (56)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash ab5040dc5e322e38c2061afd5be524c7 726c600951047ae7c5ca6c0773cf1287f2b27962 b16542720cda19042b9720d15671d92701ea65329824fff6d0d13dc1ff1ea04c Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash 3e30fcbcdc54f07b0c01822162c757af cfdfffa9a10338c473d9b98557f5536d72550919 b74208ac51f52f1f2e63c1c41948111a10c58d3358deb5be30e94f71196e6faa Loading...

	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 02:22:04 Times Seen37533885 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash cbc272ac4da937917e75e823035066da 5553dbd64fb2f70e4a75b8e0601e74a56323e521 ec6df045a27a72d2ec5299bfe633f84fc414ff2b62e05c2180022ec4e0bf241a Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash 112f1fe2fc1a708df459702c059fc9d4 7370a596f496f0c78dcea9d39413fe03f52334c9 40feaad4bc21e9967ea95323cca0af9d685e88d171a1580de02465d84418dcf1 Loading...

	www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c	177 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:21 Times Seen1 Hash a9ff95fd457f6aa634158758c1ba5a5c 575bb1d057e943e6d6b7979d33e7dde582cd1955 9db06ba245a2d8005fdf5ed5f0ed47272532bf08d71438a45f39947b643f84b6 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash 78d32b677bcdd0982820d13e7bf2c5ec b1bf1e8c929702683b65407a2da19d4b6ba1e7b7 bdeb44ca07419a5abfd706e790edfb3a28572561f2cba8018f59ed85300fc4e4 Loading...

	nexus.ensighten.com/citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex	1.2 kB	2023-03-13	2023-03-13
Pretty URL nexus.ensighten.com/citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash e15548066cb8154ebce0853701ffd82e 541991678122d5628af923903a7ba588b8ede7c6 6a4a88f5902cea98c06465d58252528928a6c0891ad227b3991ea710d2945972 Loading...

	siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=mpu-solutions.com	64 kB	2023-03-13	2023-03-13
Pretty URL siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=mpu-solutions.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:19:53 Last Seen2023-03-13 18:25:22 Times Seen1 Hash 6e25ca65c7e8b978bd5cd03acfd51c6a 9ecf4b749a0309753ef25e0221ec8643676f5bab dd581effa1b3f11825266bdfda9b0e6cb5fbb26c2ef1ba47739a926f3a9396ca Loading...

	www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:35 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 8da2513382e8d6cf61f0f451cf50ee11 2031c0f6340768b6f21c9ca57cf85e09762e02d6 3342b54fb5b79b9855d678056534a9c919af9e896a05c0e7f3f449fc2fa42e62 Loading...

	www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:52:35 Last Seen2023-03-13 08:00:20 Times Seen1 Hash f56cd103ab386bf6823aa7df0f44c7ae 9d92438025dc02d3073eab73b4dfc7d229e71a17 3d36a78f506d74eae24aa1ba35ed4af07b24ec52b3e8d4c318ca5081aa6a4693 Loading...

	mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js	286 kB	2023-03-07	2024-04-11
Pretty URL mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js IP 160.153.133.168 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-11 02:39:48 Times Seen114 Hash 551a7fe0d5b6fdebb3d356a632e41f8e b2b4871d0eaf5125336e174160889a1c7dc309f5 c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935 Loading...

	nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099	7.5 kB	2023-03-07	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 412eb38d6a797c24fd5d7e30e1b9799d d2e692a369931cc5bda6418efcef831cbf115ac2 d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02 Loading...

	nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963	2.6 kB	2023-03-08	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 7df0440e45009010a99db868682aafb3 f6f8a42c1a87e2d77881df210582e60d201ba724 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169 Loading...

	20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019	54 B	2023-03-07	2023-03-29
Pretty URL 20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019 IP 193.0.160.128 ASN #54312 ROCKETFUEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-29 22:08:24 Times Seen3 Hash b83d4eb61e10d05bb3a3ff3c84d78520 c36664ca67a5ff74cc7769baa4284e1967c305a4 4ad528ebef2558de7f30f5917a123f7fd844c6a4462b4609fffeb7a8d922eb35 Loading...

	siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	29 kB	2023-03-13	2023-03-13
Pretty URL siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:35:45 Last Seen2023-03-13 17:28:28 Times Seen1 Hash a1981c2ddb174e550f738832fad43d71 19456f9b251d68c773673b51ee06dbf42af338ff abb40206ed8ce857debd90e80aa6d12c04cb82aca583d41fc0cfc9bf5ac15b9e Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:20 Last Seen2023-03-13 08:00:20 Times Seen1 Hash fa8a10da3f909326f03f8c4abac7bb83 8e635ed730409f03c00a557b9ec8f77e4e74bb75 1460cd7036995b3edb86a6777d21599e5a9f990f9371dc62d69e8aaad2201e13 Loading...

	nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153	1.3 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:05 Times Seen57 Hash 4d37444c012a76a0557182615bf5cdd3 1ba1932dcc6dff6035c37a14de9852606de28329 bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650 Loading...

	fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex	6.7 kB	2023-03-07	2024-03-23
Pretty URL fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	www.googletagmanager.com/gtag/js?id=AW-916451471	177 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-916451471 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:52:35 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 9bd46a8bc6ffc60f8ae200714166b102 68e0112ad2feacdc353988bfa83ca1652ef3c2b8 f599de7a9ea409b682ca57e10cc6ab9ee0deea31da5ffc7384237dc11e068024 Loading...

	www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:21 Last Seen2023-03-13 08:01:51 Times Seen1 Hash 5eba4280ef880235ef302fa3d8315982 1f097c31d82ffb3e104bf8400cdcc66969aa6b1b c28910caaf524f58fa22e52301705ef4f2a3d7a1cf392e64f74053913d21aa25 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:21 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 46817b81f52ce0b39059942298143760 39d29e80f20c6fd9efca1dc9956e4500d3813392 ef0f47215ea05107d712f93db3687eb8c83c87b1a9cbfd2b826ac11ff06659a7 Loading...

	mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/	36 B	2023-03-08	2023-04-01
Pretty URL mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ IP 160.153.133.168 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:32:21 Last Seen2023-04-01 11:05:56 Times Seen6 Hash 117b6b05cc63145b29c08fd061b26790 6502e807c78e218597f3d9acc341a4769d4c19e5 bae4b3e6973295ff0971fb9dfb7bbde1d697e54dd459fcbde53554c53822134e Loading...

	nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908	168 kB	2023-03-13	2023-03-13
Pretty URL nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:35 Last Seen2023-03-13 12:07:38 Times Seen1 Hash 7c6ed2a2e5419784aa286802d8321cac f2ccfd550d3025fb56ae2218d5cf4cbd4732ad6d 1c36fa71224fa12ec3e8dea34ec74ca92692c166e52a3e8a8928d7c3bbcd6e1f Loading...

	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc	7.3 kB	2023-03-13	2023-03-13
Pretty URL zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:09:17 Last Seen2023-03-13 17:28:27 Times Seen1 Hash 5c4979fcb19250d7a1e4f21b9a523830 53184cba621e3bd43cd235b8d5fca98d2db04639 5416dde4212e7b06ac56b8d967e039469b02c55a6751e5fb027300a3cabbfb15 Loading...

	siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	1.8 kB	2023-03-13	2023-03-13
Pretty URL siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:35:45 Last Seen2023-03-13 17:28:27 Times Seen1 Hash 62c75fe4cf7b3ddd53688a1beb3a51fd 00a864fb82081ffc99daf87fe2b1f88f5d4f92fd 2d093697d0a1dc3dabac2f146a385740d70ae359ad04932b53c00bbde6fa21da Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:21 Last Seen2023-03-13 08:00:21 Times Seen1 Hash e4d421c02fde3d8d38cf216b32460c9c 12ae61a0797c5e00fefcec48663dbbacc8044b4c 8e97611544f80b1842eab4c565d03b6127de5b0590133915c29adc620ff6adb3 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:21 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 5bb7e1dcddb1d3c38d6416038596628f b617b614a6bee7557ca2f1ccd98cf2972fe4810f 54efc512b415912812b763b7e235b5eaf52a8711f548d272bb5185bcd1366925 Loading...

	c1.rfihub.net/js/tc.min.js	20 kB	2023-03-07	2023-09-15
Pretty URL c1.rfihub.net/js/tc.min.js IP 54.230.111.62 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2023-09-15 03:24:05 Times Seen185 Hash 83c2974d08241a92c3b2dcb8f441271f 424d72cd7dfe7371c647addd7145ab3444a6b121 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Loading...

	siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	105 kB	2023-03-09	2023-03-26
Pretty URL siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:46:19 Last Seen2023-03-26 05:02:47 Times Seen10 Hash 526ff61c99a54f753b74e31474f5ce6a 46de5aae6959fe6c76a1fe7895b2304489aae98b 729d6411c6631a4b21c42200ac8a537fb9ec5c00986b2253be6b99be8203b4c6 Loading...

	www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c	132 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:35 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 463984af796469915fa2f9f71c8c297f ae208e1ab5bc762f362fd4d39d2e907617984cd0 ca983f445b4e505f50165510bf40d5a39088b7e69b61da68a2e2434676cf18ea Loading...

	siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	66 kB	2023-03-07	2023-06-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:02 Last Seen2023-06-10 10:45:44 Times Seen4 Hash 49a4d26fda8598291979bf28ede2b3e2 28b70837b5e9d6ad38bc83b5fe3ff16da6530005 2b5aceeabb3acd528746d88da082a178e77658bbeea164b0f382469c6e23b8de Loading...

	www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c	177 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:35 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 47bf7a67d4e7cab537a3c9648fb6c03c 2bde93c6039f569f9204769ffbce8beafe064b31 237fc80952f36a0e9f7162d65290340461e8763e586e44b83549ffce47213147 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4	2.2 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:00:21 Last Seen2023-03-13 08:00:21 Times Seen1 Hash 2530355acd9760c1465fa4ece6897d2c a54caa3d1ea89348893e9f56ed6435c903e08a97 6aa90749b9a15fc0731c18d4c584e69c6db97bd95b486b1011f639a2986c55e9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4f47924df1fa56990e14acaf264d97aa	17 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 4f47924df1fa56990e14acaf264d97aa 740225f82d0aabd8071991bc8e7529407bf524a6 c4cf569d2aebffe73838ef3b29349befda2332e7b28e56653f365fba8ddbb10b Loading...

	#2 Eval - c283a90e7c9b1743898c2347de3e500e	23 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash c283a90e7c9b1743898c2347de3e500e de3b8f46160ccf1c1e962f9a7f39b0136ad462e6 2451101feb9d6dec5546ba03764f41220b441f084d3fba4c31d02e8e0b2c2fae Loading...

	#3 Eval - 06346aa4169bfaf5ac59245649a6de1c	17 B	2023-03-13	2023-04-30
Pretty Observations First Seen2023-03-13 05:24:40 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 06346aa4169bfaf5ac59245649a6de1c a110a70effed6a14dd0751253400d45ff8013962 11ce5e29f636fbe5c9bf042972873178725f92af7330d3821c2accb231df630b Loading...

	#4 Eval - b552cf27f62c0b802d1c35b412a4d462	11 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash b552cf27f62c0b802d1c35b412a4d462 6c92e611f2c529f04e199b2b7f183cec1d8963db 2e22f065f364a8e9b48f76a19f244fee022f6ab696a00db5fd905f33dda10e3f Loading...

	#5 Eval - f8e3db69f9d544d712a057a91bc2a7ba	5 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash f8e3db69f9d544d712a057a91bc2a7ba 64f66c3f74a457ea1d5c233a9c2172a51d640d95 e679ba08e9aa79b7ab72183f6d23c67c9e40276f44d5caac4f6305a5b849d325 Loading...

	#6 Eval - d4aab59e71eb9fe8c5e9aa1c78c0766d	8 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash d4aab59e71eb9fe8c5e9aa1c78c0766d 7989dd2581949159a0febf23621a1bc0f0ef1fab 8b7a61822ff99290d6d9533283b520988f624f760b9658ba682f3b48cf50f822 Loading...

	#7 Eval - 94de87f72b0eda417b4fc03e4b0af2ea	10 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 94de87f72b0eda417b4fc03e4b0af2ea 02e81c125e6687275e50ba0374fe15a9691bfa87 2a49cf844faec4ce673304854207e6ddc96241be760b111f412a71e8a448225d Loading...

	#8 Eval - 5638f73047fd3adceff99a58afabbe0d	7 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 5638f73047fd3adceff99a58afabbe0d 7a68bbb88f11948c10bb35e173cb6f037d61a1a9 07fcfc823f6eb2dbc204581488b46dd30a8245de37e4b89a24c07f25d8444095 Loading...

	#9 Eval - a1e812d5f05d7cece0f88cbbd441cb0c	10 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash a1e812d5f05d7cece0f88cbbd441cb0c b3c0ae9c7de7985f174bfe604b81b6068d8acfbf 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86 Loading...

	#10 Eval - bfef28bd1122e33c69c3f19ca2922cd1	17 B	2023-03-13	2023-04-30
Pretty Observations First Seen2023-03-13 05:24:40 Last Seen2023-04-30 08:15:02 Times Seen24 Hash bfef28bd1122e33c69c3f19ca2922cd1 a90baca7542931f3c41b51723df66ec440795173 9aff55fedcf52c4e71aa7606c68df062b90a9a4a2af1a383a7ab51031ab083a7 Loading...

	#11 Eval - 555fc7931eb2cf9a46761a29bbf54b5c	76 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 555fc7931eb2cf9a46761a29bbf54b5c 7ead4d17e5d2f5cd6cda4ed8bcee46be50cb1f40 11b19cefd5be97fa129b375f3428fb1d34f8fd8641e9d3f4df580c1e7c7f0b17 Loading...

	#12 Eval - 35d6e5e025593bf2428f4a7915b5c47c	17 B	2023-03-13	2023-04-30
Pretty Observations First Seen2023-03-13 05:24:40 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 35d6e5e025593bf2428f4a7915b5c47c f18c6c95061eb46c28745335d11b037022931e2a b613683aa8af5df17d96685dbfd9c19237d1d1b715a345416043b8c4f2547adb Loading...

	#13 Eval - e6461d1b09ed059841ee03f1a685ad4f	7 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash e6461d1b09ed059841ee03f1a685ad4f 8a66db2008399a2f50241cd765f641f7b79033b1 259a9831751e74c5c0d082de5cb88efb89c8139e9e0936d320b396fbeb22e58b Loading...

	#14 Eval - b7330e9561297cdf3329a8553c319a6f	19 B	2023-03-08	2024-01-25
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2024-01-25 03:24:59 Times Seen30 Hash b7330e9561297cdf3329a8553c319a6f 7a8b40a1565ccc0b962addc715c6a659211f3f0d c79627a7f9ef361f7b3763bb2e0de164546ee448e183d4ff448714a92fcdf8c0 Loading...

	#15 Eval - d066c179a444118cb57f3c2c7bbc579f	12 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash d066c179a444118cb57f3c2c7bbc579f 2360e18b98d230ad8f2ffeb37fa09a2e9cd66262 bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3 Loading...

	#16 Eval - b4734db14bd1bb43cd03949aa45bcef3	12 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash b4734db14bd1bb43cd03949aa45bcef3 20cbe426c387b7a149b77b8975481e2985daca82 bb7c271804952bb8a05b975f015c2bf5c998347e68d0f0d3495f53bdfeea8f8a Loading...

	#17 Eval - e1cae01e1a0f787319b09f31d3c1d461	7 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash e1cae01e1a0f787319b09f31d3c1d461 1ba7b97a65e691d2989ec93b5265015a76ea3fd6 531ba6f66e1f6ea25947b7c7855727af207bf67015d775db59c9256cdb82b599 Loading...

	#18 Eval - 8e47adacd186b44e069895c02d32c90c	28 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 8e47adacd186b44e069895c02d32c90c b7a6a5fb691da602354e323e3eaca693df07c8d8 83399909dc134cac35ba243f89703b0a2b19d4892a72064c1db74530b6a68367 Loading...

	#19 Eval - 21d566847e9042cc77cf9638e62ca733	20 B	2023-03-07	2024-05-09
Pretty Observations First Seen2023-03-07 14:54:44 Last Seen2024-05-09 22:55:29 Times Seen145 Hash 21d566847e9042cc77cf9638e62ca733 1529a4f32a05ea70623bfc36673e78b013859da1 690111e4c32b4994fac8ab5125a2e99136c4284cf5857d42d1fe65c42f609a9d Loading...

	#20 Eval - cdc36a7f095e3455d82395abced0e812	12 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash cdc36a7f095e3455d82395abced0e812 4bb58ff9ad02f5fa1ec4a0c3ff8c7c8f64d54751 50cadee5eaf10e9141af667dbe4cc003d748e10f8c37b628afa61927c357e3fd Loading...

	#21 Eval - febcd1edf6010db4858e623d1dd2f3bc	8 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash febcd1edf6010db4858e623d1dd2f3bc a74bf07a162b19311370c60b3d4b724f089f0992 5985e40b5e87364a9e91ad59937dfcb39298e0d218ef54bf23c7a4f03fc2042d Loading...

	#22 Eval - 9aca1c156db84373fbaf67b54a7d31d4	10 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 9aca1c156db84373fbaf67b54a7d31d4 d3ce3033f173d0e2591a498852d09d876714bbc3 d1152a1a8c6451a5259a99422563e736ad1c23ca49ba298c5b64ddf2bbb9026e Loading...

HTTP Transactions (102)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20813
Expires: Fri, 27 Jan 2023 08:26:06 GMT
Date: Fri, 27 Jan 2023 02:39:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3431
Expires: Fri, 27 Jan 2023 03:36:24 GMT
Date: Fri, 27 Jan 2023 02:39:13 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 02:35:19 GMT
content-type: application/json
age: 234
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5694
Expires: Fri, 27 Jan 2023 04:14:07 GMT
Date: Fri, 27 Jan 2023 02:39:13 GMT
Connection: keep-alive

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/

160.153.133.168

200 OK

67 B

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
HTML document, ASCII text, with no line terminators
Size
67 B (67 bytes)
Hash
78621575014134fbf26575ca15222491
ecf1ea3e2b410b1a20aafadffa0c43bbca71d841
d4cea795764e3f56693903ba771672a71745e68cec31f14914793d0eb0401e9b

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:13 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 67
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YRKIkkxHLGsymiyrJNJIfRxenbr3rJvz3QTYKjShr7qZbxk+A4AkyOqWdHTlUIHNwge+/BIb4jU=
x-amz-request-id: AH7YB748AXEVAFRZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 01:49:13 GMT
age: 3000
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 02:39:13 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 01:41:40 GMT
age: 3454
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2414
Expires: Fri, 27 Jan 2023 03:19:28 GMT
Date: Fri, 27 Jan 2023 02:39:14 GMT
Connection: keep-alive

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

160.153.133.168

200 OK

38 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF line terminators
Size
38 kB (38445 bytes)
Hash
cee920674f25cc8e1d99fa733d0e85ba
9fff38391cda872ee1ea53eb599fa8371b0563da
f8eb694fb421a63949eeafc84de0cb53b55941bb8df42f56ad071fb706c999c8

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/index HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:13 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 38445
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff

160.153.133.168

200 OK

79 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Size
79 kB (78762 bytes)
Hash
b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801708-133aa-5f332d617d2ed"
Accept-Ranges: bytes
Content-Length: 78762
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff

160.153.133.168

200 OK

76 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801713-12712-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 75538
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js

160.153.133.168

200 OK

93 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
ASCII text, with very long lines (577), with CRLF line terminators
Size
93 kB (93009 bytes)
Hash
cd9a01f7849b534916657b9f1d3efd2b
5dee9128c3f16c81ac4826a05e032520601af6ce
1613ce76209129abdd48df9dcbd4df8061905c2f1b439a84c91c29d37461910f

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:13 GMT
ETag: "a801723-45e8f-5f332d653de16-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

push.services.mozilla.com/

54.185.76.10

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.185.76.10:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rUwCquDKblx9HLx0c1SWXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r4uLgBuxHG1Ye2+t2+BvVbJfQrg=

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff

160.153.133.168

200 OK

72 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80171b-118c2-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 71874
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css

160.153.133.168

200 OK

159 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size
159 kB (158660 bytes)
Hash
7ebcd2fe88b0261210306fc048761108
0a5641bfc99ea4a7cf3b8aa64567d22060536b2d
3ac180be4bf58a3bd43434f682561c7fc56c3a3a739bd905909252f26fff1dbc

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016fa-152f86-5f332d617c735-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/css

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png

160.153.133.168

200 OK

28 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801717-6df5-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 28149
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg

160.153.133.168

200 OK

2.7 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2658 bytes)
Hash
9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801715-a62-5f332d617dabd"
Accept-Ranges: bytes
Content-Length: 2658
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: image/jpeg

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png

160.153.133.168

200 OK

12 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016ff-2d2a-5f332d617cb1d"
Accept-Ranges: bytes
Content-Length: 11562
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg

160.153.133.168

200 OK

3.5 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
3.5 kB (3523 bytes)
Hash
8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80170d-dc3-5f332d617d2ed"
Accept-Ranges: bytes
Content-Length: 3523
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml

dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566

52.17.115.124

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
IP
52.17.115.124:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=42026625067569170023213201916544668225; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:14 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: nKmaM91XQBg=
Content-Length: 0
Connection: keep-alive

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg

160.153.133.168

200 OK

1.8 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
1.8 kB (1752 bytes)
Hash
2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801719-6d8-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 1752
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif

160.153.133.168

200 OK

37 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
GIF image data, version 89a, 60 x 60\012- data
Size
37 kB (36855 bytes)
Hash
9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801712-8ff7-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 36855
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/gif

dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566

52.17.115.124

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
IP
52.17.115.124:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://mpu-solutions.com
Content-Type: application/x-www-form-urlencoded
Referer: http://mpu-solutions.com/
Connection: keep-alive

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-03c381005.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: Ss5sPKtVSUo=
Content-Length: 124
Connection: keep-alive

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg

160.153.133.168

200 OK

175 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size
175 kB (174933 bytes)
Hash
4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801703-2ab55-5f332d617cf05"
Accept-Ranges: bytes
Content-Length: 174933
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png

160.153.133.168

200 OK

445 B

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801716-1bd-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 445
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png

160.153.133.168

200 OK

45 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size
45 kB (44996 bytes)
Hash
7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016fd-afc4-5f332d617cb1d"
Accept-Ranges: bytes
Content-Length: 44996
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png

160.153.133.168

200 OK

1.3 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80171d-4fd-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 1277
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png

160.153.133.168

500 Internal Server Error

251 B

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
9142176c5ccdb63bc03d514412d42b00
6c2eee1ba6dae02385c94121a3465329f7587d33
d44ef6cef0d915260653c10e6b0b08f295385f542e73e7cb779e2be26a15255f

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 500 Internal Server Error
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787154888

15.236.117.205

200 OK

89 B

URL HTTP/1.1
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787154888
IP
15.236.117.205:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
89 B (89 bytes)
Hash
12fd2c272cd812b54e72a4c21c95545c
8eab392104b3c71793b228ece21bd2cccf6fde55
9f0ff7d11ed55f2fcb500ce136797c170e6c807cab792e35d19d719934154c9f

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787154888 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
access-control-allow-origin: http://mpu-solutions.com
access-control-allow-credentials: true
date: Fri, 27 Jan 2023 02:39:15 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31E99CA982EDAA79-4000062CD7248365[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C08985093871224282552351059577296488327; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT;
s_ecid=MCMID%7C08985093871224282552351059577296488327; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png

160.153.133.168

200 OK

1.2 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80170f-497-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 1175
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png

nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError

54.230.111.14

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 27 Jan 2023 01:25:29 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RNRlOcVAh1RXNEoHK-FimJIrV4WmYVwZHZHnU-T0iWnXgTBI7cclsw==
Age: 4426

nexus.ensighten.com/citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex

54.230.111.14

200 OK

533 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1155)
Size
533 B (533 bytes)
Hash
d49d9380647244a27a0f033ad7ebd48a
2af0e7d53f1c6992ea4584f6da404651bc43153a
42357050863c91ab11db80ea58432db5a6380f0ef40531147004c24a28d49e4a

HTTP Headers

GET /citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 27 Jan 2023 02:39:15 GMT
Expires: Fri, 27 Jan 2023 02:39:14 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9hMz03LFd6TBntPDFXx-xtnTAPOP0IGiny7c2ww9ly8fnD4cPBt1GQ==

nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099

54.230.111.14

200 OK

2.2 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (542)
Size
2.2 kB (2184 bytes)
Hash
9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec

HTTP Headers

GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 10 Dec 2022 06:06:17 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: I_eUpLQ44F7LTy2Cm2foyGFSkgF6C6h8KdwgaGNN3UFX_UsfZ0Thcg==
Age: 4134779

nexus.ensighten.com/citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757

54.230.111.14

200 OK

12 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (624)
Size
12 kB (12327 bytes)
Hash
9a21efb810e005f76e430bb10b2ce0cc
e6b0785bc2b3bb8d9a797160f18c7370ebe82596
3b97a219fb963980a4c1ce378411151ebfb84bb4c0bb1cba37a8904bf19e5203

HTTP Headers

GET /citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 24 Jan 2023 19:03:19 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 24 Jan 2023 19:00:09 GMT
ETag: W/"164d0faee75a2f7c85d81bc3a7146002"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: MEQHyFHZiQJGYPyMAwbUe8bzCLmiLli9
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EYOCZhTx0biyJCPPi1e5Rtjp6XWRRbnJv9Z2qx977Ned_RQZE5sAgA==
Age: 200157

nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963

54.230.111.14

200 OK

1.2 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (619)
Size
1.2 kB (1227 bytes)
Hash
a05915f969bf171c0654f5d393072216
75cefb35166449bf83bb2d37aef23573e0a84b08
545459f7e277145aae24c10c6871e7de74c5b7d890fd6b8fee26b9d578ab1976

HTTP Headers

GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Dec 2022 07:24:16 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 58SgGJSSVBIGhiukwlPsXF0dhfUQIZpW0wSlOhNnp5UqdQg6b3mazw==
Age: 3870899

nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

54.230.111.14

200 OK

655 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
655 B (655 bytes)
Hash
b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034

HTTP Headers

GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 10 Jan 2023 01:21:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xnC6Snnl8fok30a4pnaRHu57mnt02HTMqTVFOe8K7chNla5HYVhszQ==
Age: 1473437

dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=08985093871224282552351059577296488327&d_cid_ic=AVID%0131E99CA982EDAA79-4000062CD7248365&ts=1674787155070

52.17.115.124

200 OK

301 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=08985093871224282552351059577296488327&d_cid_ic=AVID%0131E99CA982EDAA79-4000062CD7248365&ts=1674787155070
IP
52.17.115.124:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Size
301 B (301 bytes)
Hash
259e7ad326af14d73a3b843b74687434
9c3cd42d87be78eaf20fecedda8fd9f8674947c6
5165260c9a7dad51f52edb30c0c73b78ebb5f4db21ce7dfae000d84b99016386

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=08985093871224282552351059577296488327&d_cid_ic=AVID%0131E99CA982EDAA79-4000062CD7248365&ts=1674787155070 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-024ef1325.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=04221418184462461402955273963176181284; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:15 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: SKKuYf50SmE=
Content-Length: 301
Connection: keep-alive

mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico

160.153.133.168

200 OK

8.7 kB

URL HTTP/1.1
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico
IP
160.153.133.168:0
ASN
#21501 Host Europe GmbH

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
8.7 kB (8747 bytes)
Hash
5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:02 GMT
ETag: "a8016e4-222b-5f332d5ab073d"
Accept-Ranges: bytes
Content-Length: 8747
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/x-icon

c1.rfihub.net/js/tc.min.js

54.230.111.62

200 OK

6.2 kB

URL HTTP/1.1
c1.rfihub.net/js/tc.min.js
IP
54.230.111.62:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (19497)
Size
6.2 kB (6162 bytes)
Hash
ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f

HTTP Headers

GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Fri, 27 Jan 2023 02:27:43 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 27 Jan 2023 03:27:43 GMT
Last-Modified: Fri, 27 Jan 2023 02:27:33 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ghm2Ww_9o6nKDJTvNiNzj10K7ofAaSS8JBYhGJcTVFl65YE0BTUEaA==
Age: 692

citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d&mboxPC=&mboxPage=910173ea2bc047958d5c5c4b6bde1065&mboxRid=a7b3aa4ece41474f8f0e579f71364c36&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787154575&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&mboxReferrer=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=403EA2075090230A-199CBB7198D93562&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=08985093871224282552351059577296488327&mboxMCAVID=31E99CA982EDAA79-4000062CD7248365&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6

52.50.213.80

200

142 B

URL HTTP/1.1
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d&mboxPC=&mboxPage=910173ea2bc047958d5c5c4b6bde1065&mboxRid=a7b3aa4ece41474f8f0e579f71364c36&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787154575&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&mboxReferrer=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=403EA2075090230A-199CBB7198D93562&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=08985093871224282552351059577296488327&mboxMCAVID=31E99CA982EDAA79-4000062CD7248365&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP
52.50.213.80:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
142 B (142 bytes)
Hash
e0be1a858092c03987488e4de63a5aac
f6d50baa58254ac40593040474b62d701ff8620f
5ef041bf3bcc362487b698c3777ef0d77b46f60bcec14fc3ddc31bdd5edfe1c9

HTTP Headers

GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d&mboxPC=&mboxPage=910173ea2bc047958d5c5c4b6bde1065&mboxRid=a7b3aa4ece41474f8f0e579f71364c36&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787154575&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&mboxReferrer=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=403EA2075090230A-199CBB7198D93562&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=08985093871224282552351059577296488327&mboxMCAVID=31E99CA982EDAA79-4000062CD7248365&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://mpu-solutions.com
Access-Control-Allow-Credentials: true
X-Request-ID: a7b3aa4ece41474f8f0e579f71364c36
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d; Max-Age=1860; Expires=Fri, 27-Jan-2023 03:10:15 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=c1d6e27a412c4a998b62d9ecd2bb128d.37_0; Max-Age=63244800; Expires=Tue, 28-Jan-2025 02:39:15 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *

fast.citi.demdex.net/dest5.html?d_nsid=0

23.36.76.161

200 OK

2.8 kB

URL HTTP/1.1
fast.citi.demdex.net/dest5.html?d_nsid=0
IP
23.36.76.161:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2785 bytes)
Hash
b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284

54.229.62.148

301 Moved Permanently

134 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284
IP
54.229.62.148:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /cm/dd?d_uuid=04221418184462461402955273963176181284 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=04221418184462461402955273963176181284

20766699p.rfihub.com/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019

193.0.160.128

302 Found

0 B

URL HTTP/1.1
20766699p.rfihub.com/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
IP
193.0.160.128:0
ASN
#54312 ROCKETFUEL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Fri, 27 Jan 2023 02:39:15 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
Content-Length: 0

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13253
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13253
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13253
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5567 bytes)
Hash
540b084166fb1ad476a2b816848004ac
d10694af4ff8fbdf58896085611b4614a7353eda
b5ce9c01e4ac5a634ab858787c69fe4bf1f297df92b1258f0de6e1461329154b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5567
x-amzn-requestid: 07346e30-a195-4e30-80ed-09bc2844c64d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fORCGGMGIAMFmWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2eda-266bd30056d9d09c009ac086;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:05:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1S1gNaWbByU2Ufc46x0shFDogteGouCIQZ9xX2n2QAFa4AjsFozrRA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:04:49 GMT
age: 12866
etag: "d10694af4ff8fbdf58896085611b4614a7353eda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
828fff395e93f7be2544b97ca2a81e09
2d9b76b7bb7e4505707e6fa30cdaaf80ae05fb88
90d1e5a199f990e517064222bb83c7bb7db1217300c25b14637df3c74f4029d1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131215
Date: Fri, 27 Jan 2023 02:39:15 GMT
Etag: "63d287a1-1d7"
Expires: Sat, 28 Jan 2023 15:06:10 GMT
Last-Modified: Thu, 26 Jan 2023 14:01:05 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Bma-z62TPJDvu4k78eXw_XcEdQDIPi95HIv-T1VGonTESw6za8aNVQ==
Age: 3905

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5669 bytes)
Hash
869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zH3wYMLXCFCcoop-xy3r_wXiY2g684Ei-o6BVntyzqjNeX1UuvQsxA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:25:48 GMT
age: 80007
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4272 bytes)
Hash
6e96f3ea585b5fa8ed6446ed16e2b4b2
f90c205f370a2426dffe3c21b24bfa551b385556
6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e051c22b-c2ec-4e59-b29b-ba1464d8015b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRz28G13oAMFeeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d099c5-48b013ff34b9702a6d2fd560;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:53:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X4SfAYS0JvW4sUNqSuBERNBwaI_xgKugxZ76_fsih_LSnImMC7Pnzg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:20 GMT
age: 49495
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5263 bytes)
Hash
7d2506ac511dfbea29e29ab14ba10f85
b2e2972ffa82b103c62ffde0fca99454e12d95e6
fbe6f833114208d84033ba691a74da18d641e38f0f327c752333a339f1baae34

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5263
x-amzn-requestid: ea2f25ff-f62a-4850-a9d1-72f26d817faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzOkGtWoAMFV0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325d-39e5ed054ead447d3cedf047;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BcMB1y0etnIGvZr54EllkdEOlahZGTjgrw2-3FYu3WET2f5lDLV1dw==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:24:02 GMT
age: 18913
etag: "b2e2972ffa82b103c62ffde0fca99454e12d95e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10973 bytes)
Hash
2dfd3530064d405643a31fedd4fd7618
d8268771360e609892c5506f3114dc4f73c0aad0
b4790125e39e400c30d640cd0c64497256168892405511ec3d43b03dc0e5715a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: caff330a-0cc6-488d-be82-c09c2bb87408
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQYTEduIAMFZkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfa9b-1f26b225062c8465440cf460;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L-i1AEFIP6AoWwjds6n7ohyz-Ls1HoF9CXNJS7RRDFApBceBZXmoxA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:29:15 GMT
age: 51000
etag: "d8268771360e609892c5506f3114dc4f73c0aad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7538 bytes)
Hash
131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 16759
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284

54.229.62.148

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284
IP
54.229.62.148:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=04221418184462461402955273963176181284 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y9M5UwAAAMZ-2ANx; Domain=.everesttech.net; Expires=Sat, 27-Jan-2024 02:39:15 GMT; Path=/
everest_session_v2=Y9M5UwAAAMZ-2QNx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
Server: AMO-cookiemap/1.1

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
77d978757d6657d8b60fda5fb85406b6
b30cb7f2022b6d7677fe1ff6e04a632516ef17af
4af31f6250099b795ff34dcef20d30afe42fa5c7073719692429457ed097f51b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 02:15:45 GMT
Expires: Wed, 01 Feb 2023 02:15:44 GMT
Etag: "b30cb7f2022b6d7677fe1ff6e04a632516ef17af"
Cache-Control: max-age=429988,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fe1debac02b51e-OSL

20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019

193.0.160.128

200 OK

118 B

URL HTTP/1.1
20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
IP
193.0.160.128:0
ASN
#54312 ROCKETFUEL

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

HTTP Headers

GET /sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjE3MzA1Njc2MRHiM9QNdHLNNfLOyQ53dA4CAFu-UNclAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 21 Feb 2024 02:39:15 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjE3MzA1Njc2MRHiM9QNdHLNNfLOyQ53dA4CAFu-UNclAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
dfa9dc702504acce47cb04d6a8baca2c
1f929541d4bd86c02ab87572391767192b098c7e
d11455044effe3f1093b7655fb5ac5ef7f36bd8c71f989217d8de54066ca1b79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3263
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:15 GMT
Last-Modified: Fri, 27 Jan 2023 01:44:52 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx

52.17.115.124

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
IP
52.17.115.124:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-093556e0f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=11290298079458938674126440875186424415; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:15 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: hEBCTNE/RE4=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx

52.17.115.124

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
IP
52.17.115.124:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-017f03edc.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: FAtx8AeFRTc=
Content-Length: 59
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.40

302 Found

253 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
253 B (253 bytes)
Hash
e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
76f89b22072eabd8bc345d830ab3554b
c44bed01a9ce166052eb9fb1bbed136cdca7cf7a
5013e5e2d32c6a17580303642c2a531822b675233cb8633da2658a28a296b1f4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5698
Cache-Control: max-age=124017
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Etag: "63d26483-1d7"
Expires: Sat, 28 Jan 2023 13:06:13 GMT
Last-Modified: Thu, 26 Jan 2023 11:31:15 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.40

200 OK

65 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2917)
Size
65 kB (64556 bytes)
Hash
5d36afd59461f020aeaf4550edda2dad
c72202f142b0197f863eee8c588d8dd3b1b7e5e5
8c39676d99ba787e9f8722ef9a3f74e53977be16e0ff9e8f1bf15482a0c434aa

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 02:39:16 GMT
expires: Fri, 27 Jan 2023 02:39:16 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 00:18:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64556
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62

HTTP Headers

GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb

HTTP Headers

GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4

HTTP Headers

GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce

HTTP Headers

GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908

54.230.111.14

200 OK

278 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
data
Size
278 B (278 bytes)
Hash
6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e

HTTP Headers

GET /citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 24 Jan 2023 19:03:19 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 24 Jan 2023 19:00:09 GMT
ETag: W/"7c6ed2a2e5419784aa286802d8321cac"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: vmiujIR6LRxZmQcVHZsuRM62q4klkTqH
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dCrnRnW91BEhy6rfhjG0ubILy7v3ozX0MMSvr0JUCQxyVs4bZde57g==
Age: 200157

www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64

HTTP Headers

GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c

HTTP Headers

GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

142.250.74.40

302 Found

280 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
280 B (280 bytes)
Hash
a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd

HTTP Headers

GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0

cdn.pbbl.co/r/1560.js

54.230.111.59

403 Forbidden

986 B

URL HTTP/1.1
cdn.pbbl.co/r/1560.js
IP
54.230.111.59:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
986 B (986 bytes)
Hash
4a0760aa456c0c68e3c686106b41e288
c0cf8712b940620f9d6bbb0d84384005af26b835
88dac95e5e4bda88fb1a954facf7e57b3df4d7072d14daf091a2c7f20410c3ed

HTTP Headers

GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KKhwGmENfinWKmthWTExsY9hZHtlcQkQUS_fyLi5OnFEEgrFgHYZeA==
Vary: Origin

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

937 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
937 B (937 bytes)
Hash
77dd2285862054e4e381c8cf74bad608
0ac38a666fcd879b470d905b02def3886c63fe6c
b9fbb181a7348e56b5fa37793109ae6745e07fb158c18c5291cba1abaa332664

HTTP Headers

GET /pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 937
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

936 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
936 B (936 bytes)
Hash
07deae6b124f169a69fe3c2be572c6fa
1e9cf90f6b86e9c8efe7b896a45b5819c7388afb
f27f5d1ef6786a7b4f48407e06e94f0e093934925ff65dd1100600a16c98ac34

HTTP Headers

GET /pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

938 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
938 B (938 bytes)
Hash
2500b94ef48f5ec18556ec011b683d52
2dd82886acd1fb7e161d2ebc4e23251669c11697
d73f11c6b900f0d36bfcccd56566baf9d181c57b4eca429769addb28cf20158a

HTTP Headers

GET /pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 938
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

936 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
936 B (936 bytes)
Hash
7d2b5c13c7e6a517832f3af476e783bc
61736c84439aa134323b3086c2dea7dbed17f1f8
bb107a900f5d52854cc39fc37e9d909798eefc2a8d1629f5eac351410e217822

HTTP Headers

GET /pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

935 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
935 B (935 bytes)
Hash
649b7b2fb7ec88ed0001c597406a4aa5
e82aebbf8173bce38f8f16f8342e67d983881a0e
d9f41d943457cab3e4d42f0e3df726396809a148e4771cb474c8d9ab54e96c55

HTTP Headers

GET /pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 935
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

936 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
936 B (936 bytes)
Hash
cfb1e63d984eaf7f3fe09117852cfaff
e0cfbddb30b6c2a760db635043379e3d88e3c8a6
742003fdcb6f7ed3601f73f36db843c3b74a18cb76cf482ebd35832e45e36d0e

HTTP Headers

GET /pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

936 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
936 B (936 bytes)
Hash
d5b5b3358e4dc1dd92f3a9f428601a55
afe4ba12c2b510137121684ed625ec6ab62a9e9e
3b7b61e64ea577685e363456e06211a833adde36351014e5b8d08148f8106dfe

HTTP Headers

GET /pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

936 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2201), with no line terminators
Size
936 B (936 bytes)
Hash
8b87995b58e085dcff03a5547fd6a072
c6628714223cee4b08f454f42c46079c475a3830
4051e85fad54bb9ecbc9458e4735980e06ac52c06898fbd2301bd5a531e7446e

HTTP Headers

GET /pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

933 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2197), with no line terminators
Size
933 B (933 bytes)
Hash
6b1fcc57622eb661abf3d9d6b8a91c7e
c44b78e0d8512fd6267adb48e78858e8345b6256
f2036b1c46a3bea8f2ba89b899fde47d2511a83c8023bf4c9a375b6c79badb4d

HTTP Headers

GET /pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 933
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3ebf9d7211aba4c70b84fb470a61b414
28fe29a24e47d6abda88eeeb5e22eddda03c7fca
a8276e099d9d8452b65b70d161a459fae25afb37cea7eff9cc5563b7de972acc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=0&ipr=y

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=0&ipr=y
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=1&ipr=y

142.250.74.131

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=1&ipr=y
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
97ccaa279f6ade845b71b57615d40388
5186089108dca0136feab418da66a9e027c7e427
515128c713e98c9a0546c35d9a1e0719057136509b5b2312e4af56a9acc80ec2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

23.38.201.123

200 OK

2.2 kB

URL HTTP/2
iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc
IP
23.38.201.123:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2196 bytes)
Hash
e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

HTTP Headers

GET /WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc HTTP/1.1
Host: iad1.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
access-control-allow-origin: *
x-request-id: d9e9863d-2e5a-4add-a01a-675b5f0765a5
x-transaction-id: fbaa79ef-970b-4a3b-a69d-b162659bd712
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
content-disposition: inline; filename=feedback.png
content-length: 2196
content-type: image/png
x-robots-tag: noindex
cache-control: public, max-age=47
expires: Fri, 27 Jan 2023 02:40:03 GMT
date: Fri, 27 Jan 2023 02:39:16 GMT
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

24 kB

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (63465), with no line terminators
Size
24 kB (23946 bytes)
Hash
45f05a0c9f60570f3284a9f1851af188
bd15768cafd077c8e31433b1878d3bfe73efd3c0
bc75682e705b284815e5eef5a14e5b2ba9bd30fb330879a66fd594aac84df653

HTTP Headers

GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1def5ecab51b-OSL
access-control-allow-origin: *
age: 168567
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"102f7-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66295
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

6.7 kB

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (28843), with no line terminators
Size
6.7 kB (6702 bytes)
Hash
27546a31c282f163aa41c6847e781d6f
2fa9ab719e998763b27ef67398a2fd91add85568
466748b71892d8bf299a0b50264e31cf889a34569a2eb0b57d486e89cc97e8b9

HTTP Headers

GET /dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1def4ec9b51b-OSL
access-control-allow-origin: *
age: 169042
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"73bc-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29628
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

34 kB

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33670 bytes)
Hash
795bedaaceda39e8c8cb7dffb83905e8
479371f829b0322df8ef4d0fe0b683e204853d42
c274b145f4eecfc2b2062cf4c8a2eb132440872ef01cb7e68aa54c8318bc976d

HTTP Headers

GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1dee9e9bb51b-OSL
access-control-allow-origin: *
age: 169044
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19ba5-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105381
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

104.17.208.240

200 OK

254 B

URL HTTP/2
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Size
254 B (254 bytes)
Hash
48240b2998738f29efb197386e688338
2a864e0cdba56126f8eb46d4945b758c7c732bcd
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

HTTP Headers

GET /WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: image/png
content-length: 254
cf-ray: 78fe1df0ff41b51b-OSL
accept-ranges: bytes
age: 20233788
cache-control: max-age=315360000, public
expires: Mon, 23 Feb 2032 07:18:15 GMT
last-modified: Wed, 23 Feb 2022 00:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
referrer-policy: strict-origin-when-cross-origin
servershortname: 
trace-id: d15759f42a15818a
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
server: cloudflare
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787156492

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787156492
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787156492 HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 78fe1df0ff42b51b-OSL
access-control-allow-origin: http://mpu-solutions.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: 04531c13ff894103
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

104.17.208.240

200 OK

0 B

URL HTTP/2
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc HTTP/1.1
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 78fe1ded2e19b51b-OSL
access-control-allow-origin: *
age: 516744
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-aoOvy5SYikJ8p0DGyA39bMfBM7w"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1def4ec8b51b-OSL
access-control-allow-origin: *
age: 169042
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9eb-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2539
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/json
cf-ray: 78fe1def5eccb51b-OSL
access-control-allow-origin: *
age: 13412
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Sun, 23 Jan 2033 22:55:44 GMT
last-modified: Thu, 26 Jan 2023 22:55:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname: 
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (56)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL