Report - cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz

Report Overview

Submitted URL
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
IP
162.240.217.8
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-11-20 11:21:00
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citizens Bank
Phishing - Citizens Bank

Detections

urlquery
21
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.114.252
cumnasi.cf	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	953 kB	162.240.217.8
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	69 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.5 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz	59 B	2023-03-11	2023-03-11
Pretty URL cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz IP 162.240.217.8 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:49:49 Last Seen2023-03-11 14:51:23 Times Seen1 Hash bc9ac1918584be8deacd022c0a34aa6e ddc911feefb03f4fff0a4640bfe79dfd2062f54d c0d3186ac4ea59a2c747ae2e06d88233016b52df3e2b73b5a8309819f4763f12 Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb76c0b3adf4098ad8a9d1e38250758f
99610ddb2b4ec6d04250ac244f966951695d4f00
01ed8c191c175471aee23cbc196d558e5bf5209f166806fc97db08eb06544bab

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01ED8C191C175471AEE23CBC196D558E5BF5209F166806FC97DB08EB06544BAB"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14283
Expires: Sun, 20 Nov 2022 15:18:52 GMT
Date: Sun, 20 Nov 2022 11:20:49 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f732c50f6a2482aeea20552e0370c2d0
6f33119d5c38e92a0a62f3a46766ff86014e4d68
a47e38c199c5fecd5594544a3889e1cfca5547d85f19056f06eaeeadf17f4fe9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4376
Cache-Control: max-age=87800
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 11:20:49 GMT
Etag: "6378b071-1d7"
Expires: Mon, 21 Nov 2022 11:44:09 GMT
Last-Modified: Sat, 19 Nov 2022 10:31:13 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e7724a1f27dc1b5b2fb63c7e486f74db
ef0ea648ce8bc189d31382baec4b181c724af93b
2a46916079563d95fa6a695104ebf41829ee95a156d6e4d45b9aef7231a8a80e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A46916079563D95FA6A695104EBF41829EE95A156D6E4D45B9AEF7231A8A80E"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13225
Expires: Sun, 20 Nov 2022 15:01:14 GMT
Date: Sun, 20 Nov 2022 11:20:49 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 20 Nov 2022 10:44:59 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2150
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ou8uq3q5cFmH69PuwNqyTdNNftDOeAhK4zCygRjeGsFx3Gh1mWefGKA1yOtX7pzH6ZbqDi7Rx5g=
x-amz-request-id: 9H0NPVG3GHHKRTXG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 20 Nov 2022 10:38:42 GMT
age: 2527
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 20 Nov 2022 11:20:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 20 Nov 2022 10:25:04 GMT
cache-control: public,max-age=3600
age: 3345
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
27138f8625c320bd1434ccd92263b641
6a8f18728c9f324c1c631ffc85901d84ec4d0e0c
02338368cfa2325e8463bd169cb0ad4df2967ca4260b75bc665cd0836e90e9f4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1273
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 20 Nov 2022 11:20:50 GMT
Last-Modified: Sun, 20 Nov 2022 10:59:37 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.89.114.252

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.114.252:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WCRfUPJQCJBZPBzcU9XnEA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7QNT+64TVO16+8CreWCCiR2uhog=

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/normalize.css

162.240.217.8

200 OK

9.9 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/normalize.css
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
9.9 kB (9922 bytes)
Hash
f4c899699f3f6235f3bfa2db0cff86da
cbb6ec7fa4b58fb6c5a700720b239ce27e339646
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 9922
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css

162.240.217.8

200 OK

8.7 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text
Size
8.7 kB (8654 bytes)
Hash
6098a67a35722198c889fa1f12fb5032
c25e0de5db72153246a7eac1dbf77418ea6caac9
271b5c13fa3fe1e4e95c29d886cbd5cbb0cfce1464652ce2246be8f66a71745e

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 8654
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/ad-containers.css

162.240.217.8

200 OK

8.1 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/ad-containers.css
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
8.1 kB (8125 bytes)
Hash
244b2430f8703783d10a3bfccbdf5fdc
f4c4aa7b24874d61a3c9b1d6a555fa36b29117ba
1572bc879235a69c559926fdf919121c6421ea3b1061e38e639434b2a3ea84d5

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 8125
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

162.240.217.8

200 OK

19 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (17428)
Size
19 kB (19046 bytes)
Hash
f29c268b5d93ff1fff29dc002ddc7b1d
0226cb0382ce61923f72d9a25534cecea508385d
9ffaf49b44b2a283cf70ea615dd12d5d2a7d45593172a1c60fc5119278809687

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 19046
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz

162.240.217.8

200 OK

699 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1002)
Size
699 kB (698693 bytes)
Hash
631c042820284d43652ae6f221d504f7
eb51c695fbaccd3373df1069397e192c1fad5d69
f1a6abfef13f8211961c0fde4a827b4607a90cbae975277db2ca530df8d4e7c3

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; path=/
session_token=908078; expires=Tue, 20-Dec-2022 11:20:49 GMT; Max-Age=2592000; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css

162.240.217.8

200 OK

62 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
62 kB (62515 bytes)
Hash
f560bd1ca294c67e7f239c09f05438b9
e3c5c21d75bc3155a032133f7956ee2d38011dba
8753fcfdbbc4d2ab7e9a972a16fc7091cedc982ed0c139210cd896fa32ac08d7

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:49 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 62515
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/fdicFooter.gif

162.240.217.8

200 OK

2.2 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/fdicFooter.gif
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
GIF image data, version 89a, 56 x 24\012- data
Size
2.2 kB (2245 bytes)
Hash
a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/fdicFooter.gif HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-facebook.png

162.240.217.8

200 OK

395 B

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-facebook.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Size
395 B (395 bytes)
Hash
25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-facebook.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/equal-housing.gif

162.240.217.8

200 OK

1.1 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/equal-housing.gif
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
GIF image data, version 89a, 14 x 9\012- data
Size
1.1 kB (1134 bytes)
Hash
39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/equal-housing.gif HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/ste.png

162.240.217.8

200 OK

4.2 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/ste.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
4.2 kB (4206 bytes)
Hash
edeb1da3a70dc89f6afdf7e104d06f6c
5afd9b50c42c7820edfceebcc47b4443c9dbb0f9
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/ste.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 4206
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/elh.gif

162.240.217.8

200 OK

1.4 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/elh.gif
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
GIF image data, version 89a, 31 x 24\012- data
Size
1.4 kB (1433 bytes)
Hash
f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/elh.gif HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/feed.png

162.240.217.8

200 OK

824 B

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/feed.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
824 B (824 bytes)
Hash
561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/feed.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 824
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

162.240.217.8

200 OK

32 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Size
32 kB (31864 bytes)
Hash
0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 31864
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

162.240.217.8

200 OK

18 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Size
18 kB (18524 bytes)
Hash
022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 18524
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/icon-secure.png

162.240.217.8

200 OK

292 B

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/icon-secure.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
292 B (292 bytes)
Hash
18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/icon-secure.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 292
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/flows-tooltip.png

162.240.217.8

200 OK

364 B

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/flows-tooltip.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 364
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-button-white.png

162.240.217.8

200 OK

1.0 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-button-white.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1017 bytes)
Hash
e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/flows.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1017
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

162.240.217.8

200 OK

32 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Size
32 kB (31968 bytes)
Hash
d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 31968
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

162.240.217.8

200 OK

28 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 27852
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-down-blue.png

162.240.217.8

200 OK

1.1 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-down-blue.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1054 bytes)
Hash
dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1054
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-right-orange.png

162.240.217.8

200 OK

165 B

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-right-orange.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
165 B (165 bytes)
Hash
1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/efs/jsp-ns/inc/css/main.css
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 165
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-twitter.png

162.240.217.8

200 OK

3.3 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-twitter.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3295 bytes)
Hash
ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-twitter.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13655
Expires: Sun, 20 Nov 2022 15:08:26 GMT
Date: Sun, 20 Nov 2022 11:20:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13655
Expires: Sun, 20 Nov 2022 15:08:26 GMT
Date: Sun, 20 Nov 2022 11:20:51 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7589 bytes)
Hash
06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G_b9L1-WBsD1eh58iF6Cwh8ij3yZVOei6oIUjwdoKQzHLayBLJdv0A==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:24:15 GMT
age: 46596
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1fe6564-e0ba-4c81-b868-04fa596cddaa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7968 bytes)
Hash
a8f1dddf91a53f8f28d70565d1a3458b
9d026c2c53629648cfda4a324eadae6e33de0d55
c352216d126382d7b588ff6e5a3ed6ab12d92dc5e58216cc5883c27bf612a7d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1fe6564-e0ba-4c81-b868-04fa596cddaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7968
x-amzn-requestid: 0dc9cfbf-7e72-45a7-9496-49a5cf1a4465
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jZmEwboAMF1tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c3d-1f40770e29ad853b31a3aa23;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UM4MVSwb8F1uv2jbbdeh8bhV3KJNhqiN9wJj1Yua8h4x762uD8UKyQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 21:41:44 GMT
age: 49147
etag: "9d026c2c53629648cfda4a324eadae6e33de0d55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F655b8993-0bce-4e6f-91dc-bf1be7821320.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11861 bytes)
Hash
ab1011435c84b1d143e3daccdc3cf271
b82d5e707f1a4538531a43acc89ca6f9aef854a3
0ef1ed157670d2d6bce29f1205a0478f48b404e0ef7a4e430dec932f6bec14da

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F655b8993-0bce-4e6f-91dc-bf1be7821320.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11861
x-amzn-requestid: 2915027b-f1ea-4f75-89c3-6a5bbd69ad31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jXDH_loAMFgeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c2c-3f0acb680850e4de2225b6fd;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nkE_EIP6MzoADA7hH_3BF82XOs1LXhWoPWH2buOnoKVLhl_ybr_zdQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:20:59 GMT
age: 46792
etag: "b82d5e707f1a4538531a43acc89ca6f9aef854a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F54276ef6-e002-4d55-a4fd-6d4f94f787a2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9201 bytes)
Hash
83073085e08b3f219b42b841c1ca52bb
c1b91cf497433f2c8b8ec12a4a71e07f25191b32
913a923c7e210a82dfc6a23580eba7f81fb74a468582e8a7704aaad9958390e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F54276ef6-e002-4d55-a4fd-6d4f94f787a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9201
x-amzn-requestid: 91286e80-ec62-49aa-b405-048e17ac69bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3juyFgVoAMFkJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794cc4-024eb9f167cf3c531ebcfce2;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ca_WI36s3W3NButlADT1ITYX-Hw4EQTA_MI8fFyqwPiBe_T-mGpGAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:21:16 GMT
age: 46775
etag: "c1b91cf497433f2c8b8ec12a4a71e07f25191b32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ec00dd4-9302-4378-82e1-eb2f8686bdc7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13671 bytes)
Hash
6653147acce57a88af20de89d4f40239
d097755b7cafd14d6dcf18fe09d0a3237a1057dd
5d0166eacfa748026865e4461b1a1c0fb7373e0fb7de16b266f3eee6b816f5f6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ec00dd4-9302-4378-82e1-eb2f8686bdc7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13671
x-amzn-requestid: 26e11776-b559-4325-9082-df4b9366715e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jWaFEZoAMFb3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c28-0117d3a633ab918d6179fa87;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: q120_eM0o2PJMeCTmOBb-NpGFdTXdljRcLfytw7e9jv9CrwAqDKkzQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:08:06 GMT
age: 47565
etag: "d097755b7cafd14d6dcf18fe09d0a3237a1057dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-linkedin.png

162.240.217.8

200 OK

3.2 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-linkedin.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3239 bytes)
Hash
b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-linkedin.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-youtube.png

162.240.217.8

200 OK

3.3 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-youtube.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3278 bytes)
Hash
09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/efs/hhf/img/footer-follow-youtube.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11915 bytes)
Hash
2dcdeb5df10dd86dbc155dbefc4fd72b
b0a20213cdedc7fa472dbdad4e1152152009433e
ba98ae058e591f010056de61cdc58e09b5a2742be08421e0ba57ac2a0de36422

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2640ea-cb67-4da2-9989-09bf608bd138.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11915
x-amzn-requestid: 93e2bad9-148f-4b10-9c07-8ab77bcaafcf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3jW6F0BoAMFU3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63794c2c-19e415980648396973718d73;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3vxezxpU1re737vRthcDcV3hDb1NAhhZrslBYjIHE7hdtD40FslmzA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 19 Nov 2022 22:35:16 GMT
age: 45935
etag: "b0a20213cdedc7fa472dbdad4e1152152009433e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/imo.png

162.240.217.8

200 OK

6.2 kB

URL HTTP/1.1
cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/imo.png
IP
162.240.217.8:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 57 x 57, 8-bit/color RGB, non-interlaced\012- data
Size
6.2 kB (6242 bytes)
Hash
8c0a011f3abfae3c71a1acd599bbf665
041453f3392505906d922d893ddd047c8e768b81
5480b7ecff927a046fc21d7fa51d77792ddf4704e8a65f2a2066a79ad7353ecf

HTTP Headers

GET /Citizensbnk/1124225a47b3f07185073f3df3b449bf/assets/img/imo.png HTTP/1.1
Host: cumnasi.cf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cumnasi.cf/Citizensbnk/1124225a47b3f07185073f3df3b449bf/%D8%B4%D8%B3.php?sslmode=true&access_token=aLjSxIRvsHwsGMedYS6BilgbdZx6XniqzDnWNAdDZ4RgT7GDwnE0gVLHQOmJ8Cah6aMq207OywFqKIIz
Cookie: PHPSESSID=61795b65ac8625ec4a07b0f167a7db45; session_token=908078

HTTP/1.1 200 OK
Date: Sun, 20 Nov 2022 11:20:50 GMT
Server: Apache
Last-Modified: Tue, 15 Nov 2022 09:39:40 GMT
Accept-Ranges: bytes
Content-Length: 6242
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size