r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eb76c0b3adf4098ad8a9d1e38250758f
99610ddb2b4ec6d04250ac244f966951695d4f00
01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14283
Expires: Sun, 20 Nov 2022 15:18:52 GMT
Date: Sun, 20 Nov 2022 11:20:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f732c50f6a2482aeea20552e0370c2d0
6f33119d5c38e92a0a62f3a46766ff86014e4d68
a47e38c199c5fecd5594544a3889e1cfca5547d85f19056f06eaeeadf17f4fe9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4376
Cache-Control: max-age=87800
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 11:20:49 GMT
Etag: "6378b071-1d7"
Expires: Mon, 21 Nov 2022 11:44:09 GMT
Last-Modified: Sat, 19 Nov 2022 10:31:13 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e7724a1f27dc1b5b2fb63c7e486f74db
ef0ea648ce8bc189d31382baec4b181c724af93b
2a46916079563d95fa6a695104ebf41829ee95a156d6e4d45b9aef7231a8a80e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A46916079563D95FA6A695104EBF41829EE95A156D6E4D45B9AEF7231A8A80E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13225
Expires: Sun, 20 Nov 2022 15:01:14 GMT
Date: Sun, 20 Nov 2022 11:20:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 10:44:59 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2150
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ou8uq3q5cFmH69PuwNqyTdNNftDOeAhK4zCygRjeGsFx3Gh1mWefGKA1yOtX7pzH6ZbqDi7Rx5g=
x-amz-request-id: 9H0NPVG3GHHKRTXG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 10:38:42 GMT
age: 2527
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 11:20:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 10:25:04 GMT
cache-control: public,max-age=3600
age: 3345
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 27138f8625c320bd1434ccd92263b641
6a8f18728c9f324c1c631ffc85901d84ec4d0e0c
02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1273
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 11:20:50 GMT
Last-Modified: Sun, 20 Nov 2022 10:59:37 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.114.252101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.114.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WCRfUPJQCJBZPBzcU9XnEA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7QNT+64TVO16+8CreWCCiR2uhog=
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/normalize.css
162.240.217.8200 OK 9.9 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/normalize.css
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash f4c899699f3f6235f3bfa2db0cff86da
cbb6ec7fa4b58fb6c5a700720b239ce27e339646
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 9922
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
162.240.217.8200 OK 8.7 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 6098a67a35722198c889fa1f12fb5032
c25e0de5db72153246a7eac1dbf77418ea6caac9
271b5c13fa3fe1e4e95c29d886cbd5cbb0cfce1464652ce2246be8f66a71745e
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 8654
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/ad-containers.css
162.240.217.8200 OK 8.1 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/ad-containers.css
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 244b2430f8703783d10a3bfccbdf5fdc
f4c4aa7b24874d61a3c9b1d6a555fa36b29117ba
1572bc879235a69c559926fdf919121c6421ea3b1061e38e639434b2a3ea84d5
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 8125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
162.240.217.8200 OK 19 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (17428)
Hash f29c268b5d93ff1fff29dc002ddc7b1d
0226cb0382ce61923f72d9a25534cecea508385d
9ffaf49b44b2a283cf70ea615dd12d5d2a7d45593172a1c60fc5119278809687
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 19046
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
162.240.217.8200 OK 699 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1002)
Size 699 kB (698693 bytes)
Hash 631c042820284d43652ae6f221d504f7
eb51c695fbaccd3373df1069397e192c1fad5d69
f1a6abfef13f8211961c0fde4a827b4607a90cbae975277db2ca530df8d4e7c3
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; path=/
session_token=908078; expires=Tue, 20-Dec-2022 11:20:49 GMT; Max-Age=2592000; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
162.240.217.8200 OK 62 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash f560bd1ca294c67e7f239c09f05438b9
e3c5c21d75bc3155a032133f7956ee2d38011dba
8753fcfdbbc4d2ab7e9a972a16fc7091cedc982ed0c139210cd896fa32ac08d7
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 62515
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/fdicFooter.gif
162.240.217.8200 OK 2.2 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/fdicFooter.gif
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 56 x 24\012- data
Hash a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/fdicFooter.gif HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-facebook.png
162.240.217.8200 OK 395 B URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-facebook.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash 25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-facebook.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/equal-housing.gif
162.240.217.8200 OK 1.1 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/equal-housing.gif
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 14 x 9\012- data
Hash 39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/equal-housing.gif HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/ste.png
162.240.217.8200 OK 4.2 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/ste.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash edeb1da3a70dc89f6afdf7e104d06f6c
5afd9b50c42c7820edfceebcc47b4443c9dbb0f9
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/ste.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 4206
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/elh.gif
162.240.217.8200 OK 1.4 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/elh.gif
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 31 x 24\012- data
Hash f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/elh.gif HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/feed.png
162.240.217.8200 OK 824 B URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/feed.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/feed.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 824
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
162.240.217.8200 OK 32 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Hash 0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 31864
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
162.240.217.8200 OK 18 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Hash 022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 18524
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/icon-secure.png
162.240.217.8200 OK 292 B URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/icon-secure.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/icon-secure.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 292
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/flows-tooltip.png
162.240.217.8200 OK 364 B URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/flows-tooltip.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 364
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-button-white.png
162.240.217.8200 OK 1.0 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-button-white.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1017
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
162.240.217.8200 OK 32 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Hash d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 31968
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
162.240.217.8200 OK 28 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Hash 76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 27852
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-down-blue.png
162.240.217.8200 OK 1.1 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-down-blue.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1054
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-right-orange.png
162.240.217.8200 OK 165 B URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-right-orange.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 165
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-twitter.png
162.240.217.8200 OK 3.3 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-twitter.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-twitter.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13655
Expires: Sun, 20 Nov 2022 15:08:26 GMT
Date: Sun, 20 Nov 2022 11:20:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13655
Expires: Sun, 20 Nov 2022 15:08:26 GMT
Date: Sun, 20 Nov 2022 11:20:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G_b9L1-WBsD1eh58iF6Cwh8ij3yZVOei6oIUjwdoKQzHLayBLJdv0A==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:24:15 GMT
age: 46596
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1fe6564-e0ba-4c81-b868-04fa596cddaa.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1fe6564-e0ba-4c81-b868-04fa596cddaa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a8f1dddf91a53f8f28d70565d1a3458b
9d026c2c53629648cfda4a324eadae6e33de0d55
c352216d126382d7b588ff6e5a3ed6ab12d92dc5e58216cc5883c27bf612a7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1fe6564-e0ba-4c81-b868-04fa596cddaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7968
x-amzn-requestid: 0dc9cfbf-7e72-45a7-9496-49a5cf1a4465
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jZmEwboAMF1tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c3d-1f40770e29ad853b31a3aa23;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UM4MVSwb8F1uv2jbbdeh8bhV3KJNhqiN9wJj1Yua8h4x762uD8UKyQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:41:44 GMT
age: 49147
etag: "9d026c2c53629648cfda4a324eadae6e33de0d55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F655b8993-0bce-4e6f-91dc-bf1be7821320.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F655b8993-0bce-4e6f-91dc-bf1be7821320.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ab1011435c84b1d143e3daccdc3cf271
b82d5e707f1a4538531a43acc89ca6f9aef854a3
0ef1ed157670d2d6bce29f1205a0478f48b404e0ef7a4e430dec932f6bec14da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F655b8993-0bce-4e6f-91dc-bf1be7821320.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11861
x-amzn-requestid: 2915027b-f1ea-4f75-89c3-6a5bbd69ad31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jXDH_loAMFgeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c2c-3f0acb680850e4de2225b6fd;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nkE_EIP6MzoADA7hH_3BF82XOs1LXhWoPWH2buOnoKVLhl_ybr_zdQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:20:59 GMT
age: 46792
etag: "b82d5e707f1a4538531a43acc89ca6f9aef854a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F54276ef6-e002-4d55-a4fd-6d4f94f787a2.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F54276ef6-e002-4d55-a4fd-6d4f94f787a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83073085e08b3f219b42b841c1ca52bb
c1b91cf497433f2c8b8ec12a4a71e07f25191b32
913a923c7e210a82dfc6a23580eba7f81fb74a468582e8a7704aaad9958390e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F54276ef6-e002-4d55-a4fd-6d4f94f787a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9201
x-amzn-requestid: 91286e80-ec62-49aa-b405-048e17ac69bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3juyFgVoAMFkJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794cc4-024eb9f167cf3c531ebcfce2;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ca_WI36s3W3NButlADT1ITYX-Hw4EQTA_MI8fFyqwPiBe_T-mGpGAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:21:16 GMT
age: 46775
etag: "c1b91cf497433f2c8b8ec12a4a71e07f25191b32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ec00dd4-9302-4378-82e1-eb2f8686bdc7.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ec00dd4-9302-4378-82e1-eb2f8686bdc7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6653147acce57a88af20de89d4f40239
d097755b7cafd14d6dcf18fe09d0a3237a1057dd
5d0166eacfa748026865e4461b1a1c0fb7373e0fb7de16b266f3eee6b816f5f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ec00dd4-9302-4378-82e1-eb2f8686bdc7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13671
x-amzn-requestid: 26e11776-b559-4325-9082-df4b9366715e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jWaFEZoAMFb3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c28-0117d3a633ab918d6179fa87;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: q120_eM0o2PJMeCTmOBb-NpGFdTXdljRcLfytw7e9jv9CrwAqDKkzQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:08:06 GMT
age: 47565
etag: "d097755b7cafd14d6dcf18fe09d0a3237a1057dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-linkedin.png
162.240.217.8200 OK 3.2 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-linkedin.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-linkedin.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-youtube.png
162.240.217.8200 OK 3.3 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-youtube.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-youtube.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dcdeb5df10dd86dbc155dbefc4fd72b
b0a20213cdedc7fa472dbdad4e1152152009433e
ba98ae058e591f010056de61cdc58e09b5a2742be08421e0ba57ac2a0de36422
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11915
x-amzn-requestid: 93e2bad9-148f-4b10-9c07-8ab77bcaafcf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jW6F0BoAMFU3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c2c-19e415980648396973718d73;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3vxezxpU1re737vRthcDcV3hDb1NAhhZrslBYjIHE7hdtD40FslmzA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:35:16 GMT
age: 45935
etag: "b0a20213cdedc7fa472dbdad4e1152152009433e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/imo.png
162.240.217.8200 OK 6.2 kB URL HTTP/1.1 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/imo.png
IP 162.240.217.8:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 57 x 57, 8-bit/color RGB, non-interlaced\012- data
Hash 8c0a011f3abfae3c71a1acd599bbf665
041453f3392505906d922d893ddd047c8e768b81
5480b7ecff927a046fc21d7fa51d77792ddf4704e8a65f2a2066a79ad7353ecf
GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/imo.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078
HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 6242
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png