r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20813
Expires: Fri, 27 Jan 2023 08:26:06 GMT
Date: Fri, 27 Jan 2023 02:39:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3431
Expires: Fri, 27 Jan 2023 03:36:24 GMT
Date: Fri, 27 Jan 2023 02:39:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 02:35:19 GMT
content-type: application/json
age: 234
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5694
Expires: Fri, 27 Jan 2023 04:14:07 GMT
Date: Fri, 27 Jan 2023 02:39:13 GMT
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/
160.153.133.168200 OK 67 B URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type HTML document, ASCII text, with no line terminators
Hash 78621575014134fbf26575ca15222491
ecf1ea3e2b410b1a20aafadffa0c43bbca71d841
d4cea795764e3f56693903ba771672a71745e68cec31f14914793d0eb0401e9b
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:13 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 67
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YRKIkkxHLGsymiyrJNJIfRxenbr3rJvz3QTYKjShr7qZbxk+A4AkyOqWdHTlUIHNwge+/BIb4jU=
x-amz-request-id: AH7YB748AXEVAFRZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 01:49:13 GMT
age: 3000
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 02:39:13 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 01:41:40 GMT
age: 3454
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2414
Expires: Fri, 27 Jan 2023 03:19:28 GMT
Date: Fri, 27 Jan 2023 02:39:14 GMT
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
160.153.133.168200 OK 38 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF line terminators
Hash cee920674f25cc8e1d99fa733d0e85ba
9fff38391cda872ee1ea53eb599fa8371b0563da
f8eb694fb421a63949eeafc84de0cb53b55941bb8df42f56ad071fb706c999c8
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/index HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:13 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 38445
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff
160.153.133.168200 OK 79 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Hash b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801708-133aa-5f332d617d2ed"
Accept-Ranges: bytes
Content-Length: 78762
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff
160.153.133.168200 OK 76 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801713-12712-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 75538
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js
160.153.133.168200 OK 93 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type ASCII text, with very long lines (577), with CRLF line terminators
Hash cd9a01f7849b534916657b9f1d3efd2b
5dee9128c3f16c81ac4826a05e032520601af6ce
1613ce76209129abdd48df9dcbd4df8061905c2f1b439a84c91c29d37461910f
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:13 GMT
ETag: "a801723-45e8f-5f332d653de16-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
push.services.mozilla.com/
54.185.76.10101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.185.76.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rUwCquDKblx9HLx0c1SWXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r4uLgBuxHG1Ye2+t2+BvVbJfQrg=
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff
160.153.133.168200 OK 72 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash 9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80171b-118c2-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 71874
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css
160.153.133.168200 OK 159 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size 159 kB (158660 bytes)
Hash 7ebcd2fe88b0261210306fc048761108
0a5641bfc99ea4a7cf3b8aa64567d22060536b2d
3ac180be4bf58a3bd43434f682561c7fc56c3a3a739bd905909252f26fff1dbc
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016fa-152f86-5f332d617c735-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/css
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png
160.153.133.168200 OK 28 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801717-6df5-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 28149
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg
160.153.133.168200 OK 2.7 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801715-a62-5f332d617dabd"
Accept-Ranges: bytes
Content-Length: 2658
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: image/jpeg
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png
160.153.133.168200 OK 12 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016ff-2d2a-5f332d617cb1d"
Accept-Ranges: bytes
Content-Length: 11562
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg
160.153.133.168200 OK 3.5 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80170d-dc3-5f332d617d2ed"
Accept-Ranges: bytes
Content-Length: 3523
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
52.17.115.124302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
IP 52.17.115.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=42026625067569170023213201916544668225; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:14 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: nKmaM91XQBg=
Content-Length: 0
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg
160.153.133.168200 OK 1.8 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801719-6d8-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 1752
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif
160.153.133.168200 OK 37 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type GIF image data, version 89a, 60 x 60\012- data
Hash 9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801712-8ff7-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 36855
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/gif
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
52.17.115.124200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566
IP 52.17.115.124:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787154566 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://mpu-solutions.com
Content-Type: application/x-www-form-urlencoded
Referer: http://mpu-solutions.com/
Connection: keep-alive
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-03c381005.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: Ss5sPKtVSUo=
Content-Length: 124
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg
160.153.133.168200 OK 175 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size 175 kB (174933 bytes)
Hash 4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801703-2ab55-5f332d617cf05"
Accept-Ranges: bytes
Content-Length: 174933
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png
160.153.133.168200 OK 445 B URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801716-1bd-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 445
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png
160.153.133.168200 OK 45 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Hash 7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016fd-afc4-5f332d617cb1d"
Accept-Ranges: bytes
Content-Length: 44996
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png
160.153.133.168200 OK 1.3 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80171d-4fd-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 1277
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png
160.153.133.168500 Internal Server Error 251 B URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9142176c5ccdb63bc03d514412d42b00
6c2eee1ba6dae02385c94121a3465329f7587d33
d44ef6cef0d915260653c10e6b0b08f295385f542e73e7cb779e2be26a15255f
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 500 Internal Server Error
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787154888
15.236.117.205200 OK 89 B URL HTTP/1.1 metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787154888
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 12fd2c272cd812b54e72a4c21c95545c
8eab392104b3c71793b228ece21bd2cccf6fde55
9f0ff7d11ed55f2fcb500ce136797c170e6c807cab792e35d19d719934154c9f
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787154888 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
access-control-allow-origin: http://mpu-solutions.com
access-control-allow-credentials: true
date: Fri, 27 Jan 2023 02:39:15 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31E99CA982EDAA79-4000062CD7248365[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C08985093871224282552351059577296488327; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT;
s_ecid=MCMID%7C08985093871224282552351059577296488327; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png
160.153.133.168200 OK 1.2 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:14 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80170f-497-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 1175
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
54.230.111.14204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP 54.230.111.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 27 Jan 2023 01:25:29 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RNRlOcVAh1RXNEoHK-FimJIrV4WmYVwZHZHnU-T0iWnXgTBI7cclsw==
Age: 4426
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex
54.230.111.14200 OK 533 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex
IP 54.230.111.14:0
File type ASCII text, with very long lines (1155)
Hash d49d9380647244a27a0f033ad7ebd48a
2af0e7d53f1c6992ea4584f6da404651bc43153a
42357050863c91ab11db80ea58432db5a6380f0ef40531147004c24a28d49e4a
GET /citi/na_prod/serverComponent.php?r=480.0608925813834&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 27 Jan 2023 02:39:15 GMT
Expires: Fri, 27 Jan 2023 02:39:14 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9hMz03LFd6TBntPDFXx-xtnTAPOP0IGiny7c2ww9ly8fnD4cPBt1GQ==
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
54.230.111.14200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP 54.230.111.14:0
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 10 Dec 2022 06:06:17 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: I_eUpLQ44F7LTy2Cm2foyGFSkgF6C6h8KdwgaGNN3UFX_UsfZ0Thcg==
Age: 4134779
nexus.ensighten.com/citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757
54.230.111.14200 OK 12 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757
IP 54.230.111.14:0
File type ASCII text, with very long lines (624)
Hash 9a21efb810e005f76e430bb10b2ce0cc
e6b0785bc2b3bb8d9a797160f18c7370ebe82596
3b97a219fb963980a4c1ce378411151ebfb84bb4c0bb1cba37a8904bf19e5203
GET /citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 24 Jan 2023 19:03:19 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 24 Jan 2023 19:00:09 GMT
ETag: W/"164d0faee75a2f7c85d81bc3a7146002"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: MEQHyFHZiQJGYPyMAwbUe8bzCLmiLli9
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EYOCZhTx0biyJCPPi1e5Rtjp6XWRRbnJv9Z2qx977Ned_RQZE5sAgA==
Age: 200157
nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
54.230.111.14200 OK 1.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
IP 54.230.111.14:0
File type ASCII text, with very long lines (619)
Hash a05915f969bf171c0654f5d393072216
75cefb35166449bf83bb2d37aef23573e0a84b08
545459f7e277145aae24c10c6871e7de74c5b7d890fd6b8fee26b9d578ab1976
GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Dec 2022 07:24:16 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 58SgGJSSVBIGhiukwlPsXF0dhfUQIZpW0wSlOhNnp5UqdQg6b3mazw==
Age: 3870899
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
54.230.111.14200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP 54.230.111.14:0
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 10 Jan 2023 01:21:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xnC6Snnl8fok30a4pnaRHu57mnt02HTMqTVFOe8K7chNla5HYVhszQ==
Age: 1473437
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=08985093871224282552351059577296488327&d_cid_ic=AVID%0131E99CA982EDAA79-4000062CD7248365&ts=1674787155070
52.17.115.124200 OK 301 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=08985093871224282552351059577296488327&d_cid_ic=AVID%0131E99CA982EDAA79-4000062CD7248365&ts=1674787155070
IP 52.17.115.124:0
File type JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Hash 259e7ad326af14d73a3b843b74687434
9c3cd42d87be78eaf20fecedda8fd9f8674947c6
5165260c9a7dad51f52edb30c0c73b78ebb5f4db21ce7dfae000d84b99016386
GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=08985093871224282552351059577296488327&d_cid_ic=AVID%0131E99CA982EDAA79-4000062CD7248365&ts=1674787155070 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-024ef1325.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=04221418184462461402955273963176181284; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:15 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: SKKuYf50SmE=
Content-Length: 301
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico
160.153.133.168200 OK 8.7 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico
IP 160.153.133.168:0
ASN #21501 Host Europe GmbH
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/index
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#c1d6e27a412c4a998b62d9ecd2bb128d#1674789015
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:02 GMT
ETag: "a8016e4-222b-5f332d5ab073d"
Accept-Ranges: bytes
Content-Length: 8747
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/x-icon
c1.rfihub.net/js/tc.min.js
54.230.111.62200 OK 6.2 kB URL HTTP/1.1 c1.rfihub.net/js/tc.min.js
IP 54.230.111.62:0
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Fri, 27 Jan 2023 02:27:43 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 27 Jan 2023 03:27:43 GMT
Last-Modified: Fri, 27 Jan 2023 02:27:33 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ghm2Ww_9o6nKDJTvNiNzj10K7ofAaSS8JBYhGJcTVFl65YE0BTUEaA==
Age: 692
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d&mboxPC=&mboxPage=910173ea2bc047958d5c5c4b6bde1065&mboxRid=a7b3aa4ece41474f8f0e579f71364c36&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787154575&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&mboxReferrer=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=403EA2075090230A-199CBB7198D93562&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=08985093871224282552351059577296488327&mboxMCAVID=31E99CA982EDAA79-4000062CD7248365&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
52.50.213.80200 142 B URL HTTP/1.1 citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d&mboxPC=&mboxPage=910173ea2bc047958d5c5c4b6bde1065&mboxRid=a7b3aa4ece41474f8f0e579f71364c36&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787154575&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&mboxReferrer=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=403EA2075090230A-199CBB7198D93562&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=08985093871224282552351059577296488327&mboxMCAVID=31E99CA982EDAA79-4000062CD7248365&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP 52.50.213.80:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e0be1a858092c03987488e4de63a5aac
f6d50baa58254ac40593040474b62d701ff8620f
5ef041bf3bcc362487b698c3777ef0d77b46f60bcec14fc3ddc31bdd5edfe1c9
GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d&mboxPC=&mboxPage=910173ea2bc047958d5c5c4b6bde1065&mboxRid=a7b3aa4ece41474f8f0e579f71364c36&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787154575&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&mboxReferrer=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=403EA2075090230A-199CBB7198D93562&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=08985093871224282552351059577296488327&mboxMCAVID=31E99CA982EDAA79-4000062CD7248365&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://mpu-solutions.com
Access-Control-Allow-Credentials: true
X-Request-ID: a7b3aa4ece41474f8f0e579f71364c36
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=c1d6e27a412c4a998b62d9ecd2bb128d; Max-Age=1860; Expires=Fri, 27-Jan-2023 03:10:15 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=c1d6e27a412c4a998b62d9ecd2bb128d.37_0; Max-Age=63244800; Expires=Tue, 28-Jan-2025 02:39:15 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
fast.citi.demdex.net/dest5.html?d_nsid=0
23.36.76.161200 OK 2.8 kB URL HTTP/1.1 fast.citi.demdex.net/dest5.html?d_nsid=0
IP 23.36.76.161:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284
54.229.62.148301 Moved Permanently 134 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284
IP 54.229.62.148:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cm/dd?d_uuid=04221418184462461402955273963176181284 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=04221418184462461402955273963176181284
20766699p.rfihub.com/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
193.0.160.128302 Found 0 B URL HTTP/1.1 20766699p.rfihub.com/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
IP 193.0.160.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 27 Jan 2023 02:39:15 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
Content-Length: 0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13253
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13253
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13253
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 540b084166fb1ad476a2b816848004ac
d10694af4ff8fbdf58896085611b4614a7353eda
b5ce9c01e4ac5a634ab858787c69fe4bf1f297df92b1258f0de6e1461329154b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5567
x-amzn-requestid: 07346e30-a195-4e30-80ed-09bc2844c64d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fORCGGMGIAMFmWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2eda-266bd30056d9d09c009ac086;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:05:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1S1gNaWbByU2Ufc46x0shFDogteGouCIQZ9xX2n2QAFa4AjsFozrRA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:04:49 GMT
age: 12866
etag: "d10694af4ff8fbdf58896085611b4614a7353eda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 828fff395e93f7be2544b97ca2a81e09
2d9b76b7bb7e4505707e6fa30cdaaf80ae05fb88
90d1e5a199f990e517064222bb83c7bb7db1217300c25b14637df3c74f4029d1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131215
Date: Fri, 27 Jan 2023 02:39:15 GMT
Etag: "63d287a1-1d7"
Expires: Sat, 28 Jan 2023 15:06:10 GMT
Last-Modified: Thu, 26 Jan 2023 14:01:05 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Bma-z62TPJDvu4k78eXw_XcEdQDIPi95HIv-T1VGonTESw6za8aNVQ==
Age: 3905
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zH3wYMLXCFCcoop-xy3r_wXiY2g684Ei-o6BVntyzqjNeX1UuvQsxA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:25:48 GMT
age: 80007
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e96f3ea585b5fa8ed6446ed16e2b4b2
f90c205f370a2426dffe3c21b24bfa551b385556
6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e051c22b-c2ec-4e59-b29b-ba1464d8015b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRz28G13oAMFeeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d099c5-48b013ff34b9702a6d2fd560;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:53:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X4SfAYS0JvW4sUNqSuBERNBwaI_xgKugxZ76_fsih_LSnImMC7Pnzg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:20 GMT
age: 49495
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d2506ac511dfbea29e29ab14ba10f85
b2e2972ffa82b103c62ffde0fca99454e12d95e6
fbe6f833114208d84033ba691a74da18d641e38f0f327c752333a339f1baae34
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5263
x-amzn-requestid: ea2f25ff-f62a-4850-a9d1-72f26d817faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzOkGtWoAMFV0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325d-39e5ed054ead447d3cedf047;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BcMB1y0etnIGvZr54EllkdEOlahZGTjgrw2-3FYu3WET2f5lDLV1dw==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:24:02 GMT
age: 18913
etag: "b2e2972ffa82b103c62ffde0fca99454e12d95e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dfd3530064d405643a31fedd4fd7618
d8268771360e609892c5506f3114dc4f73c0aad0
b4790125e39e400c30d640cd0c64497256168892405511ec3d43b03dc0e5715a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: caff330a-0cc6-488d-be82-c09c2bb87408
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQYTEduIAMFZkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfa9b-1f26b225062c8465440cf460;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L-i1AEFIP6AoWwjds6n7ohyz-Ls1HoF9CXNJS7RRDFApBceBZXmoxA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:29:15 GMT
age: 51000
etag: "d8268771360e609892c5506f3114dc4f73c0aad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 16759
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=04221418184462461402955273963176181284
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=04221418184462461402955273963176181284 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y9M5UwAAAMZ-2ANx; Domain=.everesttech.net; Expires=Sat, 27-Jan-2024 02:39:15 GMT; Path=/
everest_session_v2=Y9M5UwAAAMZ-2QNx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
Server: AMO-cookiemap/1.1
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 77d978757d6657d8b60fda5fb85406b6
b30cb7f2022b6d7677fe1ff6e04a632516ef17af
4af31f6250099b795ff34dcef20d30afe42fa5c7073719692429457ed097f51b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 02:15:45 GMT
Expires: Wed, 01 Feb 2023 02:15:44 GMT
Etag: "b30cb7f2022b6d7677fe1ff6e04a632516ef17af"
Cache-Control: max-age=429988,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fe1debac02b51e-OSL
20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
193.0.160.128200 OK 118 B URL HTTP/1.1 20766699p.rfihub.com/sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019
IP 193.0.160.128:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
GET /sr/ca.html?ver=9&ra=435&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&pf=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&ra=4607444720761019 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjE3MzA1Njc2MRHiM9QNdHLNNfLOyQ53dA4CAFu-UNclAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 21 Feb 2024 02:39:15 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjE3MzA1Njc2MRHiM9QNdHLNNfLOyQ53dA4CAFu-UNclAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dfa9dc702504acce47cb04d6a8baca2c
1f929541d4bd86c02ab87572391767192b098c7e
d11455044effe3f1093b7655fb5ac5ef7f36bd8c71f989217d8de54066ca1b79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3263
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:15 GMT
Last-Modified: Fri, 27 Jan 2023 01:44:52 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
52.17.115.124302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
IP 52.17.115.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-093556e0f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=11290298079458938674126440875186424415; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:15 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: hEBCTNE/RE4=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
52.17.115.124200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx
IP 52.17.115.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5UwAAAMZ-2ANx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-017f03edc.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: FAtx8AeFRTc=
Content-Length: 59
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.40302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:15 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 76f89b22072eabd8bc345d830ab3554b
c44bed01a9ce166052eb9fb1bbed136cdca7cf7a
5013e5e2d32c6a17580303642c2a531822b675233cb8633da2658a28a296b1f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5698
Cache-Control: max-age=124017
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Etag: "63d26483-1d7"
Expires: Sat, 28 Jan 2023 13:06:13 GMT
Last-Modified: Thu, 26 Jan 2023 11:31:15 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.40200 OK 65 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.40:0
File type ASCII text, with very long lines (2917)
Hash 5d36afd59461f020aeaf4550edda2dad
c72202f142b0197f863eee8c588d8dd3b1b7e5e5
8c39676d99ba787e9f8722ef9a3f74e53977be16e0ff9e8f1bf15482a0c434aa
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 02:39:16 GMT
expires: Fri, 27 Jan 2023 02:39:16 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 00:18:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64556
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4
GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908
54.230.111.14200 OK 278 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908
IP 54.230.111.14:0
Hash 6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
GET /citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 24 Jan 2023 19:03:19 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 24 Jan 2023 19:00:09 GMT
ETag: W/"7c6ed2a2e5419784aa286802d8321cac"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: vmiujIR6LRxZmQcVHZsuRM62q4klkTqH
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dCrnRnW91BEhy6rfhjG0ubILy7v3ozX0MMSvr0JUCQxyVs4bZde57g==
Age: 200157
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
142.250.74.40302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
142.250.74.40302 Found 280 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0
cdn.pbbl.co/r/1560.js
54.230.111.59403 Forbidden 986 B IP 54.230.111.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4a0760aa456c0c68e3c686106b41e288
c0cf8712b940620f9d6bbb0d84384005af26b835
88dac95e5e4bda88fb1a954facf7e57b3df4d7072d14daf091a2c7f20410c3ed
GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KKhwGmENfinWKmthWTExsY9hZHtlcQkQUS_fyLi5OnFEEgrFgHYZeA==
Vary: Origin
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 937 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash 77dd2285862054e4e381c8cf74bad608
0ac38a666fcd879b470d905b02def3886c63fe6c
b9fbb181a7348e56b5fa37793109ae6745e07fb158c18c5291cba1abaa332664
GET /pagead/viewthroughconversion/916451471/?random=1674787156056&cv=11&fst=1674787156056&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 937
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 936 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash 07deae6b124f169a69fe3c2be572c6fa
1e9cf90f6b86e9c8efe7b896a45b5819c7388afb
f27f5d1ef6786a7b4f48407e06e94f0e093934925ff65dd1100600a16c98ac34
GET /pagead/viewthroughconversion/830907969/?random=1674787156250&cv=11&fst=1674787156250&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 938 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash 2500b94ef48f5ec18556ec011b683d52
2dd82886acd1fb7e161d2ebc4e23251669c11697
d73f11c6b900f0d36bfcccd56566baf9d181c57b4eca429769addb28cf20158a
GET /pagead/viewthroughconversion/960621875/?random=1674787156208&cv=11&fst=1674787156208&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 938
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 936 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash 7d2b5c13c7e6a517832f3af476e783bc
61736c84439aa134323b3086c2dea7dbed17f1f8
bb107a900f5d52854cc39fc37e9d909798eefc2a8d1629f5eac351410e217822
GET /pagead/viewthroughconversion/975701947/?random=1674787156269&cv=11&fst=1674787156269&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 935 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash 649b7b2fb7ec88ed0001c597406a4aa5
e82aebbf8173bce38f8f16f8342e67d983881a0e
d9f41d943457cab3e4d42f0e3df726396809a148e4771cb474c8d9ab54e96c55
GET /pagead/viewthroughconversion/959299794/?random=1674787156288&cv=11&fst=1674787156288&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 935
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 936 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash cfb1e63d984eaf7f3fe09117852cfaff
e0cfbddb30b6c2a760db635043379e3d88e3c8a6
742003fdcb6f7ed3601f73f36db843c3b74a18cb76cf482ebd35832e45e36d0e
GET /pagead/viewthroughconversion/695231162/?random=1674787156239&cv=11&fst=1674787156239&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 936 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash d5b5b3358e4dc1dd92f3a9f428601a55
afe4ba12c2b510137121684ed625ec6ab62a9e9e
3b7b61e64ea577685e363456e06211a833adde36351014e5b8d08148f8106dfe
GET /pagead/viewthroughconversion/644574043/?random=1674787156190&cv=11&fst=1674787156190&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 936 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2201), with no line terminators
Hash 8b87995b58e085dcff03a5547fd6a072
c6628714223cee4b08f454f42c46079c475a3830
4051e85fad54bb9ecbc9458e4735980e06ac52c06898fbd2301bd5a531e7446e
GET /pagead/viewthroughconversion/10955006959/?random=1674787156301&cv=11&fst=1674787156301&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 936
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 933 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2197), with no line terminators
Hash 6b1fcc57622eb661abf3d9d6b8a91c7e
c44b78e0d8512fd6267adb48e78858e8345b6256
f2036b1c46a3bea8f2ba89b899fde47d2511a83c8023bf4c9a375b6c79badb4d
GET /pagead/viewthroughconversion/819500023/?random=1674787156315&cv=11&fst=1674787156315&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1802913925.1674787156&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 933
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3ebf9d7211aba4c70b84fb470a61b414
28fe29a24e47d6abda88eeeb5e22eddda03c7fca
a8276e099d9d8452b65b70d161a459fae25afb37cea7eff9cc5563b7de972acc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1674787156208&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Findex&ref=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2632855785&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 97ccaa279f6ade845b71b57615d40388
5186089108dca0136feab418da66a9e027c7e427
515128c713e98c9a0546c35d9a1e0719057136509b5b2312e4af56a9acc80ec2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc
23.38.201.123200 OK 2.2 kB URL HTTP/2 iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc
IP 23.38.201.123:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
GET /WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc HTTP/1.1
Host: iad1.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
access-control-allow-origin: *
x-request-id: d9e9863d-2e5a-4add-a01a-675b5f0765a5
x-transaction-id: fbaa79ef-970b-4a3b-a69d-b162659bd712
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
content-disposition: inline; filename=feedback.png
content-length: 2196
content-type: image/png
x-robots-tag: noindex
cache-control: public, max-age=47
expires: Fri, 27 Jan 2023 02:40:03 GMT
date: Fri, 27 Jan 2023 02:39:16 GMT
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 24 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
File type Unicode text, UTF-8 text, with very long lines (63465), with no line terminators
Hash 45f05a0c9f60570f3284a9f1851af188
bd15768cafd077c8e31433b1878d3bfe73efd3c0
bc75682e705b284815e5eef5a14e5b2ba9bd30fb330879a66fd594aac84df653
GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1def5ecab51b-OSL
access-control-allow-origin: *
age: 168567
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"102f7-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66295
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 6.7 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
File type ASCII text, with very long lines (28843), with no line terminators
Hash 27546a31c282f163aa41c6847e781d6f
2fa9ab719e998763b27ef67398a2fd91add85568
466748b71892d8bf299a0b50264e31cf889a34569a2eb0b57d486e89cc97e8b9
GET /dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1def4ec9b51b-OSL
access-control-allow-origin: *
age: 169042
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"73bc-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29628
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 34 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 795bedaaceda39e8c8cb7dffb83905e8
479371f829b0322df8ef4d0fe0b683e204853d42
c274b145f4eecfc2b2062cf4c8a2eb132440872ef01cb7e68aa54c8318bc976d
GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1dee9e9bb51b-OSL
access-control-allow-origin: *
age: 169044
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19ba5-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105381
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png
104.17.208.240200 OK 254 B URL HTTP/2 siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png
IP 104.17.208.240:0
File type PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Hash 48240b2998738f29efb197386e688338
2a864e0cdba56126f8eb46d4945b758c7c732bcd
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
GET /WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: image/png
content-length: 254
cf-ray: 78fe1df0ff41b51b-OSL
accept-ranges: bytes
age: 20233788
cache-control: max-age=315360000, public
expires: Mon, 23 Feb 2032 07:18:15 GMT
last-modified: Wed, 23 Feb 2022 00:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
referrer-policy: strict-origin-when-cross-origin
servershortname:
trace-id: d15759f42a15818a
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
server: cloudflare
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787156492
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787156492
IP 104.17.208.240:0
POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787156492 HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 78fe1df0ff42b51b-OSL
access-control-allow-origin: http://mpu-solutions.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: 04531c13ff894103
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
104.17.208.240200 OK 0 B URL HTTP/2 zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
IP 104.17.208.240:0
GET /SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc HTTP/1.1
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 78fe1ded2e19b51b-OSL
access-control-allow-origin: *
age: 516744
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-aoOvy5SYikJ8p0DGyA39bMfBM7w"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
GET /dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/javascript
cf-ray: 78fe1def4ec8b51b-OSL
access-control-allow-origin: *
age: 169042
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9eb-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2539
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:16 GMT
content-type: application/json
cf-ray: 78fe1def5eccb51b-OSL
access-control-allow-origin: *
age: 13412
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Sun, 23 Jan 2033 22:55:44 GMT
last-modified: Thu, 26 Jan 2023 22:55:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2