r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8196
Expires: Thu, 01 Dec 2022 21:40:22 GMT
Date: Thu, 01 Dec 2022 19:23:46 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1912
Cache-Control: max-age=142758
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:03:04 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
192.185.105.9200 OK 65 kB URL HTTP/1.1 mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
Analyzer Verdict Alert fortinet Phishing
GET /login.php?primarymember_id=079c293f29245fef87ad50ebf HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:45 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 19:19:48 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 238
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14720
Expires: Thu, 01 Dec 2022 23:29:06 GMT
Date: Thu, 01 Dec 2022 19:23:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: P0NitgNKC8/ybjS0JEZ+GZwYsh1EdlpKn7X1jGFFOZu3CgQ7LenkHr0HdYCOxsvla+8BQLMal4Q=
x-amz-request-id: EG8QZ2T7JF0DT8TV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 18:46:23 GMT
age: 2243
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 19:23:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1625
Cache-Control: max-age=109366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:46:32 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1625
Cache-Control: max-age=109366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:46:32 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1625
Cache-Control: max-age=109366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:46:32 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=7AD7C70C5AF85A877A6075F7632D79FA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1625
Cache-Control: max-age=109366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:46:32 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
104.110.15.25200 OK 3.7 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP 104.110.15.25:0
Hash 912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069
GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=6C774E3D5D451CAB1E54B58BCD9CAFF2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1625
Cache-Control: max-age=109366
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:46:32 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
151.101.65.230200 OK 2.2 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP 151.101.65.230:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068
GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 19:23:46 GMT
via: 1.1 varnish
age: 827594
x-served-by: cache-bma1660-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669922627.706538,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=041D4A5A5E1D9F38A402BE1EC365E7B3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/loginpage/styles/homePage.min.css
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/loginpage/styles/homePage.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (24793), with no line terminators
Hash 8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506
GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=544BEF4EDAAFD13F5058B7C335BAB6CA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
104.110.15.25200 OK 2.9 kB URL HTTP/2 online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5928)
Hash f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05
GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=F0CD630AAEC02DCF93053C20381374A0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
104.110.15.25200 OK 65 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP 104.110.15.25:0
File type Unicode text, UTF-8 text, with very long lines (65509)
Hash 68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d
GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=ED1C42674ABB58D902E82D97D1A7185E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
151.101.65.230200 OK 63 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP 151.101.65.230:0
File type Unicode text, UTF-8 text, with very long lines (44679)
Hash 2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3
GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 19:23:46 GMT
via: 1.1 varnish
age: 16228
x-served-by: cache-bma1660-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669922627.717370,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/JSO/js/fp.min.js
104.110.15.25200 OK 4.3 kB URL HTTP/2 online.citi.com/JSO/js/fp.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (13962)
Hash 37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982
GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=514FBDE74B5CBF6FDD9B4EEFBC7551AA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
104.110.15.25200 OK 337 B URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (1265), with no line terminators
Hash 7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b
GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=B6017F3ABCE5F9596F6F42094989D54B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
104.110.15.25200 OK 899 B URL HTTP/2 online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP 104.110.15.25:0
Hash 1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3
GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=6F62F62AC07ACF10848A5F7C90B71DF4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/personalization/peworkflow.min.js
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/personalization/peworkflow.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5321), with no line terminators
Hash 1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78
GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=F86EDCBBDE105A290C22C635E8CEBBA2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (32021)
Hash 4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090
GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=2C4F05AF742CD2F46B788EC8538A1260; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
104.110.15.25200 OK 31 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (368)
Hash 51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538
GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=C3CA676121F102DF196FEAF882A7D184; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
104.110.15.25200 OK 18 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (65331), with no line terminators
Hash 2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439
GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=9F9B368F0687E7CF6F3EE5231FC2A2EC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/main.js
104.110.15.25200 OK 8.0 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/main.js
IP 104.110.15.25:0
File type HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Hash 6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee
GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=5CF822102BBF5D2692C750C78C3A9849; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
104.110.15.25200 OK 1.0 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (3018), with no line terminators
Hash fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5
GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=23102F0AB35EBF77078256539623E608; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
104.110.15.25200 OK 3.0 kB URL HTTP/2 online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP 104.110.15.25:0
Hash cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0
GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=ADDAE0972A45AC2E427140D54032E665; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/passivebio/bcsid.js
104.110.15.25200 OK 427 B URL HTTP/2 online.citi.com/passivebio/bcsid.js
IP 104.110.15.25:0
Hash 62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd
GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
content-length: 427
set-cookie: AKMTLTSID=3A705D767773FDFA5E6F288C02BB74AD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
104.110.15.25200 OK 1.6 kB URL HTTP/2 online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP 104.110.15.25:0
Hash 48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449
GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=0181113B2BA93C2CC1F5DE017B76AC4D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
104.110.15.25200 OK 62 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (7824)
Hash 72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
content-length: 61658
set-cookie: AKMTLTSID=A8A69D49F6E9ADB9C3068E85F9DB68B5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
104.110.15.25200 OK 2.4 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP 104.110.15.25:0
File type C source, ASCII text, with very long lines (7615)
Hash e1577cfb2e8936a3c801851fff429693
1e861beca6b15a5f3d2ae277a95d7fd53e6256ec
95b8e61a19f61148c98e111e451ba37b8f27f55a415318e3fd49b56115c000a9
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2415
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=910430364ACC5A46A090BA10DEC697EB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
104.110.15.25200 OK 678 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d
GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=33F9355B447E6373EDA00E6F8B051A85; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
104.110.15.25200 OK 758 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f
GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=5EE10579A1F8B44ECC1ADF862F5BEC23; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/lang.svg
104.110.15.25200 OK 1.4 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/lang.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784
GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=774B7E8C4521289E2EA0503A75EE0CCB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
104.110.15.25200 OK 547 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb
GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=00AA93A49A8EA456F6392517181F19DD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
104.110.15.25200 OK 713 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799
GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=12A632D3C7965D8557475FCDF454EB3E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
104.110.15.25200 OK 917 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP 104.110.15.25:0
File type PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902
GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=DDE0603501EBDC359A5B352F2ACB3152; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
104.110.15.25200 OK 374 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2
GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=0021F60E50F188643FDCFF5595F5794D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
104.110.15.25200 OK 515 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3
GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=A33F185C4A7561C82B11A1915D3AD7AE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
104.110.15.25200 OK 399 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP 104.110.15.25:0
File type PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c
GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=6123978E2CAE7E1B298B9826BA879AF6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
104.110.15.25200 OK 26 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (8207)
Hash 4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 18 Apr 2021 07:56:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=2EA5655A5A80E2229E65C14E6C392C9F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
104.110.15.25200 OK 822 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP 104.110.15.25:0
File type PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b
GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=405262CA57E3E1A3EDA6379172317DE1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
104.110.15.25200 OK 894 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0
GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=393183876D95DC721AB7C88564A904D5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
104.110.15.25200 OK 697 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP 104.110.15.25:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987
GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=F90BAA990C180A5723CEAD4E96524B64; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
104.110.15.25200 OK 819 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38
GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=62853BA8CCA899DEA2E3386B17DD498A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/search.png
104.110.15.25200 OK 540 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/search.png
IP 104.110.15.25:0
File type PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae
GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=116FA8B4FE0EBAF4F8B8E8F2E16D2E15; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
104.110.15.25200 OK 137 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d
GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=6ECD266456D72AE708EA933C74C18842; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 19:08:56 GMT
cache-control: public,max-age=3600
age: 891
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1905
Cache-Control: max-age=137687
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:47 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:38:34 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
104.110.15.25200 OK 327 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0
GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=5BCF51F69ADA291ECF98B21E7DD5B405; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
104.110.15.25200 OK 888 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58
GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=31BA0173113CB895A78A9F5D5140C9AC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
104.110.15.25200 OK 1.3 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a
GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=F938245BE86E2A240D4BF78437347169; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
104.110.15.25200 OK 21 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash a7a9a73a978e579f64235bf7ce768235
fc2af74ed45ab50faf2c2e9393ff7218171c59e2
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=3A04CDD531619592D0DBE6F653183187; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
104.110.15.25200 OK 329 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP 104.110.15.25:0
File type PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b
GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=8A4BB060E1D36F08272DFE01E6F708FC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
104.110.15.25200 OK 840 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP 104.110.15.25:0
File type PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5
GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=FEEFBC3B86123F6594CEF227F06C8E99; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
104.110.15.25200 OK 808 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP 104.110.15.25:0
File type PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b
GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=F102173EC7735FF6DEF008FA8359A755; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
104.110.15.25200 OK 28 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP 104.110.15.25:0
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=F16ADE09711F27AF5D9D9026C2F1BBC7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
104.110.15.25200 OK 748 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (57530)
Size 748 kB (747501 bytes)
Hash 9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92
GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
content-length: 747501
set-cookie: AKMTLTSID=4140BC4AE656F333E36450F19071E7AF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
104.110.15.25200 OK 45 kB URL HTTP/2 online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP 104.110.15.25:0
File type PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Hash d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0
GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=74FFFA14DEA993AD01CD9C0E96F5984A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
104.110.15.25200 OK 53 kB URL HTTP/2 online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Hash ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d
GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=5EB104A11CB47C84EC1C445BD2FF0B38; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
104.110.15.25200 OK 46 kB URL HTTP/2 online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4
GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=D50B0EA2771F1A77541EACE2960F99D5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
104.110.15.25200 OK 35 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63
GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=0A57BEF0D5A5F61500BE1F62C81B3989; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
104.110.15.25200 OK 50 kB URL HTTP/2 online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80
GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=C980E50D9C5D823E751DFB04ED0E16AA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP 104.110.15.25:0
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=11CFFFD385DC705BA5C85B1353162F0D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/errorLogo.svg
104.110.15.25200 OK 584 B URL HTTP/2 online.citi.com/GFC/branding/img/errorLogo.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Hash 3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341
GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=91D49E211E5305735F5FFE258652D091; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main.css
104.110.15.25200 OK 7.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (47574), with no line terminators
Hash 3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682
GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:47 GMT
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=119FDCC6AC60D290F5208E3ED2E71C60; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
104.110.15.25200 OK 15 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (342)
Hash 7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae
GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:47 GMT
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=D6E6286B9743699A182A046AC539A68D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
104.110.15.25200 OK 70 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (53390)
Hash 1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851
GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:47 GMT
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=EF8C1874E10BC3870F796645C33FC9EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
104.110.15.25200 OK 47 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (900)
Hash c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd
GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:47 GMT
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=9A36920B017B6FC2F045607DCA1E15AE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
104.110.15.25200 OK 344 B URL HTTP/2 online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (1035), with no line terminators
Hash ee56ceb81a2c453ad35d592085dc1030
93465f3d60e2561772ade8cf8cbccccb8038ab74
b1282d6ce2f019a78ac693026f2d21cf72b63e5203594be911f894531a142b4b
GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:47 GMT
date: Thu, 01 Dec 2022 19:23:47 GMT
content-length: 344
set-cookie: AKMTLTSID=7BE50FBC0F4CE5772C928AAA1C8F0CD1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oftVr31rk9CjCnS8o5jROg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rejLRV36191r2LJWAv5n4JSttcU=
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=5920C34E2C73EA64D73E2C1E703FCCE8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP 104.110.15.25:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=66FBE5F30BE3DD4D5BA295D25D7E0B03; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
104.110.15.25200 OK 76 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP 104.110.15.25:0
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Thu, 01 Dec 2022 19:23:48 GMT
content-length: 75538
set-cookie: AKMTLTSID=4C339360B94202E5484CB148BB2294EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/loginpage/images/icons/svgs/close.svg
104.110.15.25200 OK 641 B URL HTTP/2 online.citi.com/loginpage/images/icons/svgs/close.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Hash dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8
GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=1FD48D5609D4954105B3097A0EBDCE67; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/HP8564_M.jpg
104.110.15.25200 OK 73 kB URL HTTP/2 online.citi.com/JRS/banners/modules/HP8564_M.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash ca6fda0b33ffcd4733ba669c8d52c784
0232c5afd2b6fc6c079d1f15b046bb6a9cff07a9
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
GET /JRS/banners/modules/HP8564_M.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
accept-ranges: bytes
content-length: 72898
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=75C8058568D7217ECEC8A4222FD2142E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
104.110.15.25200 OK 499 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d0d6851fdc21e63eb57af3709578a0dd
2140b733bc5e6a17cdb8537fa8759e06861cbaed
4145e83a3ccffc44dd543b258d3b9ce64e55ac66c56b8f3c8d15a36875a8fc67
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 499
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=45D1E8AF6EF320390EEE40B5904BAA3D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/fonts/Interstate-Regular.ttf
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP 104.110.15.25:0
Hash eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=6F5A80A55BB96A3B7D79F828524A5F9A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
104.110.15.25200 OK 81 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP 104.110.15.25:0
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash f223269bf1378bfee0cac76afe3c6558
1698d419d29668680169e2a2f55dc2a8935b760b
1aa41951816be84de1e1c70c775c3a6f6d28642341d30ab16ea8a702ee75aa93
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=DB447BCB85C35097434392CF4CDC1500; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
104.110.15.25200 OK 8.3 kB URL HTTP/2 online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP 104.110.15.25:0
File type PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47
GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:47 GMT
set-cookie: AKMTLTSID=C73BF01D8974AF42E1E7AB1C61609539; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
104.110.15.25200 OK 496 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=B45ACFF6194BD098583C9371F2D4A791; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=1; cdContextId=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ddab80233c274543c6966650c5d569e4; path=/
Location: login.php?primarymember_id=a4d0db0b19184862e433969d7
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=497345,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e330ddf2dfac0-OSL
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.193.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.193.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Thu, 01 Dec 2022 19:23:48 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1678-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669922629.837759,VS0,VE0
Strict-Transport-Security: max-age=31557600
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
23.38.201.22200 OK 71 B URL HTTP/2 stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP 23.38.201.22:0
File type HTML document text\012- HTML document, ASCII text
Hash 988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: d921
date: Thu, 01 Dec 2022 19:23:48 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Thu, 01 Dec 2022 20:00:42 GMT
Date: Thu, 01 Dec 2022 19:23:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Thu, 01 Dec 2022 20:00:42 GMT
Date: Thu, 01 Dec 2022 19:23:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Thu, 01 Dec 2022 20:00:42 GMT
Date: Thu, 01 Dec 2022 19:23:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 77778
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: 2711a135-b390-43ef-9e95-92438058bc27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz81FIpIAMFs9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-742f7f293df074340ab6a217;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ygs-Qd7UU_k4t4_breZTyqkHqGjJzlH1UMa9ncww5_IGpJ1n781jfg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:51:55 GMT
age: 77513
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 49112
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 18:58:06 GMT
age: 1542
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 77508
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 71f8798f-93e9-4649-8822-7ad3fadeec34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz6vH05oAMF_qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd11-1849aa08463e5c1f3d9b15b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QVGFEOePBybOeNxG6eWBffm8Ha_fmBnT8vMIGcI8zv9C7yiBeSncDw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
age: 77508
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.193.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.193.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 19:23:48 GMT
via: 1.1 varnish
x-served-by: cache-bma1673-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1669922629.992043,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5548
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:49 GMT
Last-Modified: Thu, 01 Dec 2022 17:51:21 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a4d0db0b19184862e433969d7
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a4d0db0b19184862e433969d7
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a4d0db0b19184862e433969d7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=1; cdContextId=1; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=93f2e98208bd89045ac3b7fd9
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 1.3 kB URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1330), with no line terminators
Hash 7e5df1f938a2a739f094df49c2cd054a
075ea3321f47565543f4ac73fca9b7e4b8120171
2ecade471a49354fcdf5021bd17a8f5ad7bc33b51d183a83287c077694c1419f
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 231
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 1330
date: Thu, 01 Dec 2022 19:23:46 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: cf62ff2f-b841-41f9-aa9f-d959056b8c60
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=93f2e98208bd89045ac3b7fd9
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=93f2e98208bd89045ac3b7fd9
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=93f2e98208bd89045ac3b7fd9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7a166ecf0aaa312106469ab65
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
54.230.111.46200 OK 221 B URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP 54.230.111.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 07:42:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2A4x_YLrDKMnFLxdVpJ8PWIwsnBgdTyyCp18v7Mw-NQ7GqQVTzAbsQ==
age: 42067
X-Firefox-Spdy: h2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.46200 OK 3.2 kB URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.46:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lXNXLYi-hpQffviQ7zpkl3gkgC4I90VFEbs788EBB2itbthIQBef6w==
age: 12622
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=383178,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3310af04b4f3-OSL
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
54.230.111.39200 OK 221 B URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP 54.230.111.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:37:34 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 94YdkmvA8r_ElXBfGtk8_M15tmweFCnkw7Vs547TunA4t2OMWxYM4Q==
age: 38776
X-Firefox-Spdy: h2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.39200 OK 3.2 kB URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.39:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 23:00:06 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yAG0rvPAvaCB2BqRhXkMTzLIauShdCGMavtMHLPBlqU5D2inUUzmfA==
age: 73424
X-Firefox-Spdy: h2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTIyNjI3NDk5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZjI0ZTAxNzQ2Zi0wMjdjNjkwMGM2NDc4NTgtYzUwNTQyNS0xNDAwMDAtMTg0Y2YyNGUwMTgyMjYiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL21haWwuY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD0wNzljMjkzZjI5MjQ1ZmVmODdhZDUwZWJmIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIwYjY2LWFlODMtMDI1My0yNDVlLTE5NTAtZDI4OC0wNzM0LTM4YjAiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkyMjYyNzI4MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1MDgsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MjI2MjcyODUsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTIyNjI3NDk5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZjI0ZTAxNzQ2Zi0wMjdjNjkwMGM2NDc4NTgtYzUwNTQyNS0xNDAwMDAtMTg0Y2YyNGUwMTgyMjYiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL21haWwuY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD0wNzljMjkzZjI5MjQ1ZmVmODdhZDUwZWJmIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIwYjY2LWFlODMtMDI1My0yNDVlLTE5NTAtZDI4OC0wNzM0LTM4YjAiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkyMjYyNzI4MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1MDgsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MjI2MjcyODUsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTIyNjI3NDk5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZjI0ZTAxNzQ2Zi0wMjdjNjkwMGM2NDc4NTgtYzUwNTQyNS0xNDAwMDAtMTg0Y2YyNGUwMTgyMjYiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL21haWwuY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD0wNzljMjkzZjI5MjQ1ZmVmODdhZDUwZWJmIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIwYjY2LWFlODMtMDI1My0yNDVlLTE5NTAtZDI4OC0wNzM0LTM4YjAiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkyMjYyNzI4MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1MDgsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MjI2MjcyODUsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:49 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-0lxb
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a166ecf0aaa312106469ab65
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a166ecf0aaa312106469ab65
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a166ecf0aaa312106469ab65 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=12ae1549f6d689ca44f1e5d74
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=492213,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3310a9f3fac0-OSL
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
54.230.111.21200 OK 221 B URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP 54.230.111.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 09:33:10 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HgwFYkd7ODUJsRCo6MZKog_SGWOvDZCgX8GKnnPN-Jf9HNMWkAHSBA==
age: 35440
X-Firefox-Spdy: h2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.21200 OK 3.2 kB URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.21:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:56:21 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JL46Yq4EJLZILkHMEujmJz4m_p7EH5-lvSSYb-V0x3LXngeFM7aTJQ==
age: 37649
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=12ae1549f6d689ca44f1e5d74
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=12ae1549f6d689ca44f1e5d74
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=12ae1549f6d689ca44f1e5d74 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e4cd2c21d5bbbd1112785267c
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2127bde04ad44ce578c974ce17014430
0671da7ac6281e7666378aec875006158b784931
e7353f4f5fdb557bbc3ed7b6c74c9a79d1bb7ef966f5bd471382feb82234bd93
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
142.250.74.174200 OK 3.7 kB URL HTTP/1.1 cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP 142.250.74.174:0
File type ASCII text, with very long lines (3328)
Hash 2dd1323fcb43e51aa4b0d47f1990d350
36b674f09906c2de257472fbcc1033bc07b410cc
bf05c0636d9730940396cabafaa942f23020ee2ca61043fb10d76086f080cd41
GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: gws
Cache-Control: private
Content-Length: 3715
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4cd2c21d5bbbd1112785267c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4cd2c21d5bbbd1112785267c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4cd2c21d5bbbd1112785267c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=df78abbde835a71bca1d604d4
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/favicon.ico
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/favicon.ico
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /favicon.ico HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=189525ae2260bf02d3b6934a2
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df78abbde835a71bca1d604d4
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df78abbde835a71bca1d604d4
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df78abbde835a71bca1d604d4 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a2755c5a150c9d9b775c76689
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a2755c5a150c9d9b775c76689
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a2755c5a150c9d9b775c76689
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a2755c5a150c9d9b775c76689 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:49 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6945727fd7bfeb3cf361b9e6c
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6945727fd7bfeb3cf361b9e6c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6945727fd7bfeb3cf361b9e6c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6945727fd7bfeb3cf361b9e6c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4d88c9c9e406a6020d557e1a0
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/login.php?primarymember_id=189525ae2260bf02d3b6934a2
192.185.105.9200 OK 65 kB URL HTTP/1.1 mail.coprwanda.com/login.php?primarymember_id=189525ae2260bf02d3b6934a2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
Analyzer Verdict Alert fortinet Phishing
GET /login.php?primarymember_id=189525ae2260bf02d3b6934a2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d88c9c9e406a6020d557e1a0
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d88c9c9e406a6020d557e1a0
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d88c9c9e406a6020d557e1a0 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d78b76f296beed4eb573edf6d
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash 7aca45901a39c2cf51048d83965d11aa
a0fa6f6ba534d4830f98d798184d231eb5b009ac
c3f668ebf37f9c61cb944dc5d7928a270fc392a315d9d663b39d72af017e98e5
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3112
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Thu, 01 Dec 2022 19:23:46 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 318c0269-dce9-4923-bf21-e049ab71793d
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d78b76f296beed4eb573edf6d
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d78b76f296beed4eb573edf6d
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d78b76f296beed4eb573edf6d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b7a1c7f87d97ff9db59f0c7ee
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b7a1c7f87d97ff9db59f0c7ee
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b7a1c7f87d97ff9db59f0c7ee
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b7a1c7f87d97ff9db59f0c7ee HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d12c976775d14876bcc9aaa41
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d12c976775d14876bcc9aaa41
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d12c976775d14876bcc9aaa41
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d12c976775d14876bcc9aaa41 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=29bbae0859e659139d9b15ea5
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=29bbae0859e659139d9b15ea5
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=29bbae0859e659139d9b15ea5
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=29bbae0859e659139d9b15ea5 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7266aba82da4deb5d182638fd
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7266aba82da4deb5d182638fd
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7266aba82da4deb5d182638fd
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7266aba82da4deb5d182638fd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=74929e6ea91670b2114fe7c3d
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=74929e6ea91670b2114fe7c3d
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=74929e6ea91670b2114fe7c3d
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=74929e6ea91670b2114fe7c3d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=45aa0e049540ac5fcdb96a9e0
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=45aa0e049540ac5fcdb96a9e0
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=45aa0e049540ac5fcdb96a9e0
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=45aa0e049540ac5fcdb96a9e0 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d3fce86c9374312274e4182b9
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash 6d2385e8e6fa2cdffc35c7cf5f516ab6
44825be1246fc2b7b81698eee085c0de74ef1d40
66899f8e18d884939f2363b99bc12c219cbbcaf89bc3ae8505dcdcab58c8af43
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1072
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Thu, 01 Dec 2022 19:23:50 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 431676bb-ad4c-45db-af4c-d0912eaaacef
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d3fce86c9374312274e4182b9
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d3fce86c9374312274e4182b9
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d3fce86c9374312274e4182b9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=65f1b5f0900800915ff779741
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=65f1b5f0900800915ff779741
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=65f1b5f0900800915ff779741
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=65f1b5f0900800915ff779741 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4c0cac72f6db7a8c9b95ae8e3
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4c0cac72f6db7a8c9b95ae8e3
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4c0cac72f6db7a8c9b95ae8e3
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4c0cac72f6db7a8c9b95ae8e3 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=3d907ae605582f6e881c7a852
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3d907ae605582f6e881c7a852
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3d907ae605582f6e881c7a852
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3d907ae605582f6e881c7a852 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d303a536a00d38118e69cb87e
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
13.89.105.232204 No Content 0 B URL HTTP/2 contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP 13.89.105.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/sendLogs?cid=cedric&cdsnum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 908
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 01 Dec 2022 19:23:52 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Content-Length: 0
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ad2c250393d9daaf0a25a00f1
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ad2c250393d9daaf0a25a00f1
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ad2c250393d9daaf0a25a00f1
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ad2c250393d9daaf0a25a00f1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9bc3bf1364dca4b2312e32aad
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9bc3bf1364dca4b2312e32aad
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9bc3bf1364dca4b2312e32aad
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=9bc3bf1364dca4b2312e32aad HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bcdd37b2b28ab76dc151c9681
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bcdd37b2b28ab76dc151c9681
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bcdd37b2b28ab76dc151c9681
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=bcdd37b2b28ab76dc151c9681 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=fa0922c77af604673d15bb2d5
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=fa0922c77af604673d15bb2d5
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=fa0922c77af604673d15bb2d5
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=fa0922c77af604673d15bb2d5 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=38bd991165f7df7d31e1f6e14
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=38bd991165f7df7d31e1f6e14
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=38bd991165f7df7d31e1f6e14
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=38bd991165f7df7d31e1f6e14 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=248a78c72bf5650ade1b27202
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=248a78c72bf5650ade1b27202
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=248a78c72bf5650ade1b27202
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=248a78c72bf5650ade1b27202 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e34249b2092ca04a219fc7de9
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e34249b2092ca04a219fc7de9
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e34249b2092ca04a219fc7de9
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=e34249b2092ca04a219fc7de9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=642b781abb0e9477093966733
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=642b781abb0e9477093966733
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=642b781abb0e9477093966733
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=642b781abb0e9477093966733 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=024d38f010685a99656507886
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=024d38f010685a99656507886
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=024d38f010685a99656507886
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=024d38f010685a99656507886 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=87cd58dfea77b9ebceaad2957
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=87cd58dfea77b9ebceaad2957
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=87cd58dfea77b9ebceaad2957
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=87cd58dfea77b9ebceaad2957 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=47ba8158a448fe6bb54e8d548
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=47ba8158a448fe6bb54e8d548
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=47ba8158a448fe6bb54e8d548
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=47ba8158a448fe6bb54e8d548 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=71a06204c4f165957034dd6f3
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=71a06204c4f165957034dd6f3
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=71a06204c4f165957034dd6f3
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=71a06204c4f165957034dd6f3 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5bddcd441d4f5e225b49ae2c1
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5bddcd441d4f5e225b49ae2c1
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5bddcd441d4f5e225b49ae2c1
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=5bddcd441d4f5e225b49ae2c1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=318632308321d973f46bd0d9d
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=318632308321d973f46bd0d9d
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=318632308321d973f46bd0d9d
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=318632308321d973f46bd0d9d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0147565896a83b9c222cae299
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0147565896a83b9c222cae299
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0147565896a83b9c222cae299
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0147565896a83b9c222cae299 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=81bb505fce680261f23fa7437
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=81bb505fce680261f23fa7437
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=81bb505fce680261f23fa7437
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=81bb505fce680261f23fa7437 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=079c293f29245fef87ad50ebf
Connection: keep-alive
Cookie: bmuid=1669922610625-66F1204F-B69E-4901-994E-0C5C13070D5E; cd_user_id=184cf24e01746f-027c6900c647858-c505425-140000-184cf24e018226; cdSNum=1669922612994-sjn0000858-e3875bae-cbd5-4038-8647-ff4a1bd551e3; cdContextId=2; cdContextId=2; PHPSESSID=ddab80233c274543c6966650c5d569e4; count=0; kampyle_userid=0b66-ae83-0253-245e-1950-d288-0734-38b0; kampyleUserSession=1669922627283; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2e005d83b527e53495ad10c8c
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
online.citi.com/passivebio/BiocatchATO.js
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/passivebio/BiocatchATO.js
IP 104.110.15.25:0
GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:46 GMT
date: Thu, 01 Dec 2022 19:23:46 GMT
set-cookie: AKMTLTSID=36B0E07B830DAEC46B1371EACA176128; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2