r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16112
Expires: Fri, 02 Dec 2022 13:51:58 GMT
Date: Fri, 02 Dec 2022 09:23:26 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6082
Cache-Control: max-age=96548
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:26 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:12:34 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13077
Expires: Fri, 02 Dec 2022 13:01:23 GMT
Date: Fri, 02 Dec 2022 09:23:26 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 09:19:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 212
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +vfdhDeiwrdz9OsSjtejUoWQZM4Or2bxUhT8iV/vpXUOeVPdUgdXH8wAQ7YZX1fgrOGRRZUVA8H2jMyYSwtDGA==
x-amz-request-id: G9TPNSYFXFVRH5J8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 08:46:38 GMT
age: 2208
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 09:23:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
192.185.105.9200 OK 65 kB URL HTTP/1.1 mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
Analyzer Verdict Alert fortinet Phishing
GET /login.php?primarymember_id=6913ad9b92bfde1ce0076de3c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:26 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5812
Cache-Control: max-age=149576
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:56:23 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
216.58.207.228200 OK 92 kB URL HTTP/2 www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP 216.58.207.228:0
File type ASCII text, with very long lines (1560)
Hash 9aeb1c4b79656b106c74f75f0659e55e
fa088f735b11435c1898df5d8de153e32973ad4b
860254f9f9946d31e68a5864324badfd3bbb8dc8e8b95f7569cd911af2db602d
GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:11:22 GMT
expires: Wed, 29 Nov 2023 15:11:22 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 238325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
216.58.207.228200 OK 9.0 kB URL HTTP/2 www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
IP 216.58.207.228:0
Hash c7cbebedd348978dba3901d8cc83e90d
da9da15b749bbbea07de2147b1c09ff9cf6ee05b
8d6777b76a124d852a680f4d5e42f9b6abfefbc70253b120ed7f3a44aec9e1c2
GET /cse/static/element/a57bc5975bc720b0/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 16:53:54 GMT
expires: Thu, 30 Nov 2023 16:53:54 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/css
age: 145773
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/cse/static/style/look/v4/default.css
216.58.207.228200 OK 1.3 kB URL HTTP/2 www.google.com/cse/static/style/look/v4/default.css
IP 216.58.207.228:0
Hash b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132
GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 08:51:50 GMT
expires: Fri, 02 Dec 2022 09:41:50 GMT
cache-control: public, max-age=3000
age: 1897
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5812
Cache-Control: max-age=149576
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:56:23 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5775
Cache-Control: max-age=149539
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:55:46 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5812
Cache-Control: max-age=149576
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:56:23 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
104.110.15.25200 OK 3.7 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP 104.110.15.25:0
Hash 912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069
GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=3AE90739A6D1B857F8DAD27945BCAF9B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
151.101.1.230200 OK 63 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP 151.101.1.230:0
File type Unicode text, UTF-8 text, with very long lines (44679)
Hash 2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3
GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:23:27 GMT
via: 1.1 varnish
age: 66608
x-served-by: cache-bma1649-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669973007.483646,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
151.101.1.230200 OK 2.2 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP 151.101.1.230:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068
GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:23:27 GMT
via: 1.1 varnish
age: 877974
x-served-by: cache-bma1649-BMA
x-cache: HIT
x-cache-hits: 77
x-timer: S1669973007.483593,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 09:11:15 GMT
cache-control: public,max-age=3600
age: 732
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
online.citi.com/loginpage/styles/homePage.min.css
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/loginpage/styles/homePage.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (24793), with no line terminators
Hash 8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506
GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=D5C692BC608FA038CE44B514C525F092; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
104.110.15.25200 OK 2.9 kB URL HTTP/2 online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5928)
Hash f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05
GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=F95459A87930B37B3105EF648C596E82; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
104.110.15.25200 OK 337 B URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (1265), with no line terminators
Hash 7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b
GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=0DD90BEE4544DACF55425C0619D33981; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
104.110.15.25200 OK 899 B URL HTTP/2 online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP 104.110.15.25:0
Hash 1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3
GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=A17E7DC30BF49F95E76A56F1DE30BAAB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main.css
104.110.15.25200 OK 7.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (47574), with no line terminators
Hash 3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682
GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=67C05E2BB8365683C0CF1D9F88B2861B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
104.110.15.25200 OK 1.6 kB URL HTTP/2 online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP 104.110.15.25:0
Hash 48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449
GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=A1FC4E9D774A5EF1FCF17934B5650714; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
104.110.15.25200 OK 65 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP 104.110.15.25:0
File type Unicode text, UTF-8 text, with very long lines (65509)
Hash 68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d
GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=49714E62136C29232FD90096CB9AAC8C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
104.110.15.25200 OK 15 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (342)
Hash 7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae
GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=1E2E1D9B8D1C18B8624621AE7FAFF9A5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JSO/js/fp.min.js
104.110.15.25200 OK 4.3 kB URL HTTP/2 online.citi.com/JSO/js/fp.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (13962)
Hash 37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982
GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=D97B264EC90FA48B11FC7134CE383A8A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/passivebio/bcsid.js
104.110.15.25200 OK 427 B URL HTTP/2 online.citi.com/passivebio/bcsid.js
IP 104.110.15.25:0
Hash 62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd
GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
content-length: 427
set-cookie: AKMTLTSID=181BD4DDEB7F8F0C22A0137A00B1C00B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/personalization/peworkflow.min.js
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/personalization/peworkflow.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5321), with no line terminators
Hash 1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78
GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=6034E1FCE29B813C4518282C0903F78A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (32021)
Hash 4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090
GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=84BC4C82D6308C7F865918E7E3425F8B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
104.110.15.25200 OK 18 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (65331), with no line terminators
Hash 2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439
GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=FC123F0A32E846052BA0B481EEBA546F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/main.js
104.110.15.25200 OK 8.0 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/main.js
IP 104.110.15.25:0
File type HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Hash 6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee
GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=1E18861BE9326AE5BE1D63CEC3365713; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
104.110.15.25200 OK 1.0 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (3018), with no line terminators
Hash fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5
GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=AC9954DD4B53351492D655FDC98459E7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
104.110.15.25200 OK 3.0 kB URL HTTP/2 online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP 104.110.15.25:0
Hash cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0
GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=5A0874846344D1BC3720B2E5CF3563B7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/TMX/TMXProfiling.js
104.110.15.25200 OK 546 B URL HTTP/2 online.citi.com/TMX/TMXProfiling.js
IP 104.110.15.25:0
Hash 8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2
GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=CBA1C61734859C15BC19430FD5DDA3E6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
104.110.15.25200 OK 70 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (53390)
Hash 1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851
GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=0160759C4218BA7072F569D6A6771AD8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
104.110.15.25200 OK 47 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (900)
Hash c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd
GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=7997824431CB8B9E2A1D2572DA25F2A4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
104.110.15.25200 OK 31 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (368)
Hash 51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538
GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=DC790F4C986909A7ED9B3EED78BC3DEE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
104.110.15.25200 OK 2.4 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP 104.110.15.25:0
File type C source, ASCII text, with very long lines (7615)
Hash e1577cfb2e8936a3c801851fff429693
1e861beca6b15a5f3d2ae277a95d7fd53e6256ec
95b8e61a19f61148c98e111e451ba37b8f27f55a415318e3fd49b56115c000a9
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2415
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=ECDB3980923E8653973B2D143605FE00; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
104.110.15.25200 OK 344 B URL HTTP/2 online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (1035), with no line terminators
Hash 833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c
GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 344
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=9C62417174F138307C4469D33252792D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
104.110.15.25200 OK 678 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d
GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=6AE940AF7F571934002A6BF80D2A0BDD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
104.110.15.25200 OK 758 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f
GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=23D79AC2AB0FA9FFB5926FCEED47F9A5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/lang.svg
104.110.15.25200 OK 1.4 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/lang.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784
GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=650FEF6A0FF1F03B3ABCB18574F346D0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
104.110.15.25200 OK 547 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb
GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=CA19FC8C660094DEF0DA2F1642785774; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
104.110.15.25200 OK 713 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799
GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=021E3CD5FFBDEFC4A2F0AAAEEDB1F93D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
104.110.15.25200 OK 917 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP 104.110.15.25:0
File type PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902
GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=D48BDF866C19B7F03585C57112F2D4BE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
104.110.15.25200 OK 374 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2
GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=EEA99344000E6C308FFB80116B436BA9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
104.110.15.25200 OK 515 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3
GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=9EFAC22C78D9B37B585D15F733C8AE41; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
104.110.15.25200 OK 399 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP 104.110.15.25:0
File type PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c
GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=79EAC3F811918B48E969D02CE0E7DE5D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
104.110.15.25200 OK 822 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP 104.110.15.25:0
File type PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b
GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=86B2B300046C1C5EE287A3B79019D501; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
104.110.15.25200 OK 894 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0
GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=F6CDA2F4D4F16440AF9E1DCEB685AD41; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
104.110.15.25200 OK 697 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP 104.110.15.25:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987
GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=7AAA10C36CC546CEE87904F34B55EDED; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
104.110.15.25200 OK 819 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38
GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=6791414D95BB54CBA15690B9958D4684; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/search.png
104.110.15.25200 OK 540 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/search.png
IP 104.110.15.25:0
File type PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae
GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=0FD566297B30939139634AF8E4B9BF58; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
104.110.15.25200 OK 137 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d
GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=87CC5B0FB0A3FE53686C6F8B8C2F495D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
104.110.15.25200 OK 327 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0
GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=0201DD6CF4175C4308D01D9BC8502DB9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
104.110.15.25200 OK 888 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58
GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=8F7A223A9A9E429C8A51F5C97F7FE353; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
104.110.15.25200 OK 1.3 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a
GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=636D7F95499BAE7B67DF2A4946599B06; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
104.110.15.25200 OK 45 kB URL HTTP/2 online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP 104.110.15.25:0
File type PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Hash d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0
GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=578DA8E51522C7EE6CBD32312F8B5DAB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
104.110.15.25200 OK 46 kB URL HTTP/2 online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4
GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=7F9D789098DD2DCA3CAEDE01A52C1A24; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
104.110.15.25200 OK 35 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63
GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=48CF8F8B2EF5553C896864E4B4B16142; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
104.110.15.25200 OK 329 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP 104.110.15.25:0
File type PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b
GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=E4DF637ECC3C980A7E8803D020E0BDA9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
104.110.15.25200 OK 840 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP 104.110.15.25:0
File type PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5
GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=ACE9386D819283ED0821655E7F753B08; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
104.110.15.25200 OK 808 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP 104.110.15.25:0
File type PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b
GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=B7383DEB2E127D7C81894012A0069FE8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP 104.110.15.25:0
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=F1E2DD6CFBE0DDA54625036776F18C71; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/errorLogo.svg
104.110.15.25200 OK 584 B URL HTTP/2 online.citi.com/GFC/branding/img/errorLogo.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Hash 3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341
GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=8A6D7CD77F31960712E105A956D55C40; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6093
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:27 GMT
Last-Modified: Fri, 02 Dec 2022 07:41:54 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
104.110.15.25200 OK 53 kB URL HTTP/2 online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Hash ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d
GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=1B1E3B6F98DD2DBDBDC243408EFEDCFB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
104.110.15.25200 OK 28 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP 104.110.15.25:0
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=466B1BA4DDA0448D2FDE6CE4B99B74BB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
104.110.15.25200 OK 110 kB URL HTTP/2 online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], comment: "Optimized by JPEGmini 3.12.0.2 0x8e6e2aa3", baseline, precision 8, 2160x600, components 3\012- data
Size 110 kB (110256 bytes)
Hash adc640f5c974f259332776179906a9ba
88aa97730f84a70b8f3ec0df9763797293f6fef9
73bda4635bfa51c64ab47b1fba9a7cb20b6ab3ae44f7c1d2abf78041a9da0fee
GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=D953AA7D31E39D939BF0F1C63120444D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
104.110.15.25200 OK 50 kB URL HTTP/2 online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80
GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=2FF6A44F81244CBDFECE6F13C58963F9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
104.110.15.25200 OK 748 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (57530)
Size 748 kB (747501 bytes)
Hash 9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92
GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
content-length: 747501
set-cookie: AKMTLTSID=0E71A3E39C5A923537C3E482736D38DB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.215.94.42101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.94.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iAj0FQckWW9a1mx1kE7JFw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: p642MimbpSywsp11p3+Nputbsdw=
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 09:23:28 GMT
set-cookie: AKMTLTSID=B565D7DF4A2ECBF151E7F25606EE061F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 09:23:28 GMT
set-cookie: AKMTLTSID=75DB31AE418C1C7804FB863B31674D45; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=0AE43A0707148B68A25F5777AEA15CD3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP 104.110.15.25:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=884DF0923950989C88D52AD649C6361A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
104.110.15.25200 OK 80 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP 104.110.15.25:0
File type TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright (c) 2007 by The Font Bureau, Inc.. All rights reserved.RegularTheFontBureau,Inc:Inters\012- data
Hash 092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=39ADB96972FD3CCC1DB0BDA49B4A66B3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
104.110.15.25200 OK 76 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP 104.110.15.25:0
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 09:23:29 GMT
content-length: 75538
set-cookie: AKMTLTSID=1955EDDB338BC74B46E5B7642BC8A80C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/loginpage/images/icons/svgs/close.svg
104.110.15.25200 OK 641 B URL HTTP/2 online.citi.com/loginpage/images/icons/svgs/close.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Hash dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8
GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=3BCBB5F924985BCF7FF43B9813C4EDFA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/HP8564_M.jpg
104.110.15.25200 OK 73 kB URL HTTP/2 online.citi.com/JRS/banners/modules/HP8564_M.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash ca6fda0b33ffcd4733ba669c8d52c784
0232c5afd2b6fc6c079d1f15b046bb6a9cff07a9
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
GET /JRS/banners/modules/HP8564_M.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
accept-ranges: bytes
content-length: 72898
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=061C467D0EE9C2461AC19E4D69917755; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
104.110.15.25200 OK 499 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d0d6851fdc21e63eb57af3709578a0dd
2140b733bc5e6a17cdb8537fa8759e06861cbaed
4145e83a3ccffc44dd543b258d3b9ce64e55ac66c56b8f3c8d15a36875a8fc67
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 499
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=EFB748D2B13B8D94D21ACD2F15E58B0D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:23:29 GMT
Connection: keep-alive
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP 104.110.15.25:0
File type PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Hash eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=8144ED0C25025747118D692B5754C675; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
104.110.15.25200 OK 9.3 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP 104.110.15.25:0
File type PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a
GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=22E4BFF8DE449646926BFF4AF2501387; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
104.110.15.25200 OK 8.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP 104.110.15.25:0
File type PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47
GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=642D311CA013F3260C15B24795584429; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 42522
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
104.110.15.25200 OK 496 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=B055DB7E5538C29C0C3F24EF562BFA0B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 30515
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:23:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:23:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NQ21d2_5JO2Ym-LEnDecub9bK6wUyvM2zUf_XpfMGag83fVWlMjT8w==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:09 GMT
age: 41600
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:08:56 GMT
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
age: 40473
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ea44d6cb116fb1f5752ce9bb87e345
f799dfd89a4f5a452dc837b8616549f578fb4184
e9087e7fce332289d67d4d5646d0233c2f2d871cc88dc1c51d5ea1e9f2fb5abd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15495
x-amzn-requestid: 977cdbce-3a9c-4006-a5a1-5c4c82bd4a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDIFxzIAMFzEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-4b2cb3a16ca745537a8caf8c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nwKxQKsw8g5zCzfMFu_XpOac5rhImez29TKrycGJzozZyHTzoCHASw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:20:06 GMT
age: 39803
etag: "f799dfd89a4f5a452dc837b8616549f578fb4184"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 17nFm7AQdmRYS_af-EJ4XBVw8l3YudcphlpcZMveuVjvjhhYdkAQsw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:33:10 GMT
age: 39019
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Cookie: cdContextId=1; cdContextId=1; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=0e3f7c983a0b67995008bc55103004f7; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=2a76226d5fc7167cd4ecca5e6
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?
142.250.74.38200 OK 265 B URL HTTP/2 6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Hash 779b9f3c315255d0d62a1113bfcd7573
152c5e4fe3ab7191b5f2696c9dacaa12bbe33493
03c89c3c2b73e5cd1107d16c408edbd3abb6cecff1b2e78d41ea853cf46c32bb
GET /activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB? HTTP/1.1
Host: 6260004.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 09:23:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 265
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 09:38:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
35.190.60.146301 Moved Permanently 0 B URL HTTP/1.1 sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP 35.190.60.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Fri, 02 Dec 2022 09:23:29 GMT
Content-Type: text/html; charset=UTF-8
bid.g.doubleclick.net/xbbe/pixel?d=KAE
142.250.150.157200 OK 0 B URL HTTP/2 bid.g.doubleclick.net/xbbe/pixel?d=KAE
IP 142.250.150.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=KAE HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 09:23:29 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 09:38:29 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 09:23:29 GMT
cache-control: private
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.1.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.1.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 09:23:29 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1662-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669973010.611202,VS0,VE0
Strict-Transport-Security: max-age=31557600
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.1.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.1.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:23:29 GMT
via: 1.1 varnish
x-served-by: cache-bma1666-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1669973010.690500,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
142.250.74.2200 OK 267 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (497), with no line terminators
Hash 3d0723e9b30991791d953c41256c98e3
62f93130c92c0141280617c746ec9ef54d69c7e1
7f566075b3d057193f85088cd5992b41d6cab6b96e20e07273fc2e6f99f0d14e
GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6260004.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 09:23:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2a76226d5fc7167cd4ecca5e6
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2a76226d5fc7167cd4ecca5e6
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2a76226d5fc7167cd4ecca5e6 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=1; cdContextId=1; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a7cf2ef62bd50c8db03dcbfeb
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
23.38.201.22200 OK 71 B URL HTTP/2 stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP 23.38.201.22:0
File type HTML document text\012- HTML document, ASCII text
Hash 988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: c3e7
date: Fri, 02 Dec 2022 09:23:29 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
142.250.74.34200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 09:23:29 GMT
expires: Fri, 02 Dec 2022 09:23:29 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTczMDA3OTkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjI1ZGU3NzQ3Zi0wOGRhMzgzZmQ4ZTA4NTgtYzUwNTQyNS0xNDAwMDAtMTg0ZDIyNWRlNzg0ZjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL21haWwuY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD02OTEzYWQ5YjkyYmZkZTFjZTAwNzZkZTNjIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIzMjc0LTVhMTctNjVhMC0xZmI5LWNiMTktNTc4YS02NTRiLWRmOGMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk3MzAwNzg3OCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMDMsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5NzMwMDc4ODAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTczMDA3OTkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjI1ZGU3NzQ3Zi0wOGRhMzgzZmQ4ZTA4NTgtYzUwNTQyNS0xNDAwMDAtMTg0ZDIyNWRlNzg0ZjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL21haWwuY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD02OTEzYWQ5YjkyYmZkZTFjZTAwNzZkZTNjIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIzMjc0LTVhMTctNjVhMC0xZmI5LWNiMTktNTc4YS02NTRiLWRmOGMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk3MzAwNzg3OCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMDMsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5NzMwMDc4ODAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTczMDA3OTkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjI1ZGU3NzQ3Zi0wOGRhMzgzZmQ4ZTA4NTgtYzUwNTQyNS0xNDAwMDAtMTg0ZDIyNWRlNzg0ZjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL21haWwuY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD02OTEzYWQ5YjkyYmZkZTFjZTAwNzZkZTNjIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIzMjc0LTVhMTctNjVhMC0xZmI5LWNiMTktNTc4YS02NTRiLWRmOGMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk3MzAwNzg3OCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMDMsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5NzMwMDc4ODAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:29 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-bpg7
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a7cf2ef62bd50c8db03dcbfeb
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a7cf2ef62bd50c8db03dcbfeb
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a7cf2ef62bd50c8db03dcbfeb HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=67cc7c4721476948d6dc46535
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1553
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:29 GMT
Etag: "6388d6a7-1d7"
Last-Modified: Fri, 02 Dec 2022 08:57:37 GMT
Server: ECS (amb/6B74)
X-Cache: HIT
Content-Length: 471
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=67cc7c4721476948d6dc46535
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=67cc7c4721476948d6dc46535
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=67cc7c4721476948d6dc46535 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5609aa3dba96f44d67a259ff2
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 1.3 kB URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1317), with no line terminators
Hash 41dcfa41b70ccae1658cb77d029ca994
bd60955708b074687ddde9be221c6924103f01cf
929f0c155d48e8d40bb7020a8fbe78f9c2005642bffec872c7265fbf0951c167
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 1317
date: Fri, 02 Dec 2022 09:23:29 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 00d3028d-4fac-4bb5-815b-27fd23955001
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5609aa3dba96f44d67a259ff2
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5609aa3dba96f44d67a259ff2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5609aa3dba96f44d67a259ff2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2dd3bd65c3c298d26560ec6d7
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 488ae2d5dfe09e6e60f015a2aee68e2c
b4e89be8882463d4415ff42b7f2bd66e4e43597e
fc07c95ad31735a244ec7a2f5e5a304b09051d5986190158597405230e65d792
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
142.250.74.174200 OK 3.7 kB URL HTTP/1.1 cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP 142.250.74.174:0
File type ASCII text, with very long lines (3328)
Hash a0e521182543dd8ca988b1c04c25def2
ded53df19d1435ba5fd88179410c1191533aecc2
1f443ecc29b10b722d2548cf991fa979db437668c9a4d3a614e9b7a310b07d6b
GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: gws
Cache-Control: private
Content-Length: 3706
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
54.230.111.39200 OK 221 B URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP 54.230.111.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Fri, 02 Dec 2022 08:40:32 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: utsNhz6HY0r2XaPVnYnnAUxuN4BSi-Sjgz5prqXXsSOWrqzC30EjlQ==
age: 2579
X-Firefox-Spdy: h2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.39200 OK 3.2 kB URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.39:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 23:01:12 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WfA-We33Ny2dIyvYUJaG1_HBNj-n4mDjl96oZQP2DM8ANcfy0XuOAA==
age: 37339
X-Firefox-Spdy: h2
www.googleadservices.com/pagead/conversion_async.js
142.250.74.98200 OK 15 kB URL HTTP/2 www.googleadservices.com/pagead/conversion_async.js
IP 142.250.74.98:0
File type ASCII text, with very long lines (1654)
Hash f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921
GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 02 Dec 2022 09:23:30 GMT
expires: Fri, 02 Dec 2022 09:23:30 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a9bdfccd1df3e323e28d92aea1077409
4625fbbbbb614755a86dabddfaf40e99b3934ba6
8020fb77bd7e1b8cc3e2fed030e59d004e720c61162046fc93285c1ca07c0e66
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:23:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mail.coprwanda.com/favicon.ico
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/favicon.ico
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /favicon.ico HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=901419b6372947da39aeca021
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2dd3bd65c3c298d26560ec6d7
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2dd3bd65c3c298d26560ec6d7
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2dd3bd65c3c298d26560ec6d7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=3268d05cbb04f189adbc7714e
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=446964,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7733010e5c9db4fd-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f07d466e5636137d87db67fc37a6cea2
a93119333ee5d23a2478b0ee8de00ccd3c2a4566
e23351d29471681b4d657f516dc2cde485ae17dccefb3d60747025e022efccd8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 23:15:46 GMT
Expires: Thu, 08 Dec 2022 23:15:45 GMT
Etag: "a93119333ee5d23a2478b0ee8de00ccd3c2a4566"
Cache-Control: max-age=567734,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773301121b2bb4ff-OSL
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
54.230.111.127200 OK 221 B URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP 54.230.111.127:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Thu, 01 Dec 2022 13:13:14 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YAnovvv15XIUGvFXVSxV0HpwDekW0QvlLBT7Xwb-eF_BhsC1V474uQ==
age: 72617
X-Firefox-Spdy: h2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.127200 OK 3.2 kB URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.127:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ruLaflCE2Exx9bUyBCH4Ncmy8yTkrkLPpm3bDSb2mP9VgtvlPHK9jA==
age: 63003
X-Firefox-Spdy: h2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
35.190.60.146451 Unavailable For Legal Reasons 0 B URL HTTP/2 sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP 35.190.60.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 09:23:30 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3268d05cbb04f189adbc7714e
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3268d05cbb04f189adbc7714e
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3268d05cbb04f189adbc7714e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=dd721f729b95f0d266ad94e4d
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dd721f729b95f0d266ad94e4d
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dd721f729b95f0d266ad94e4d
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dd721f729b95f0d266ad94e4d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=34ac3467af639188cb38a4c74
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=446963,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773301146becb4fd-OSL
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=34ac3467af639188cb38a4c74
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=34ac3467af639188cb38a4c74
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=34ac3467af639188cb38a4c74 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7cbe29698170b350a751620dd
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
54.230.111.22200 OK 221 B URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP 54.230.111.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 09:33:10 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h36c7NYZMW48R_WlWY3bagRut_LMLGC54QYVYvyFFMSPbIjawUaqtA==
age: 85822
X-Firefox-Spdy: h2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.22200 OK 3.2 kB URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.22:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l_l-4u-wVg9th3iA5GCP7ZonimXRLlqL5_b6lpPT1vnep5Nupa6yyQ==
age: 63985
X-Firefox-Spdy: h2
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
35.244.174.68451 Unavailable For Legal Reasons 0 B URL HTTP/2 di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 09:23:31 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash b192f936586ef8774e7459453e6bc185
8c18e3272cb9b627a1e39fc9e882efac878b9833
6d4620f18e731401b1bfa2c6dd02531ca27d7b4df0b78ba3f558e9523531c0b6
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3300
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 09:23:30 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 06170510-f7bc-4fc8-9ad8-777e4450094a
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/login.php?primarymember_id=901419b6372947da39aeca021
192.185.105.9200 OK 65 kB URL HTTP/1.1 mail.coprwanda.com/login.php?primarymember_id=901419b6372947da39aeca021
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
Analyzer Verdict Alert fortinet Phishing
GET /login.php?primarymember_id=901419b6372947da39aeca021 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:31 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=441831,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773301121e7d1c0e-OSL
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cbe29698170b350a751620dd
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cbe29698170b350a751620dd
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cbe29698170b350a751620dd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d9d1fa19490dd966020e80474
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:23:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=446962,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773301121d66b509-OSL
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d9d1fa19490dd966020e80474
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d9d1fa19490dd966020e80474
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d9d1fa19490dd966020e80474 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=cb057549b6ddf40641b64fa03
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=cb057549b6ddf40641b64fa03
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=cb057549b6ddf40641b64fa03
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=cb057549b6ddf40641b64fa03 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2ecc19bd06a9223f799d0c9dd
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2ecc19bd06a9223f799d0c9dd
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2ecc19bd06a9223f799d0c9dd
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2ecc19bd06a9223f799d0c9dd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6e73e4c5271e2404673b47746
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6e73e4c5271e2404673b47746
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6e73e4c5271e2404673b47746
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6e73e4c5271e2404673b47746 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e42e6cbe276a06a68273c3a81
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e42e6cbe276a06a68273c3a81
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e42e6cbe276a06a68273c3a81
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e42e6cbe276a06a68273c3a81 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=02d292bb07ca2e93762b74581
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=02d292bb07ca2e93762b74581
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=02d292bb07ca2e93762b74581
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=02d292bb07ca2e93762b74581 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c1eaa444f3c5fe7f6d1a209ee
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash e2069ec695725c2a8ea78c96a4944e1a
b3d4ee036a9dc99e66caa6c1b61882c2b0a4dfa8
bd58e810d15917b443e0cfdc41b53e6023924c1915d937fec792c2d8c4c511c4
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1448
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 09:23:30 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 6389715b-e084-44c1-a49c-7f346c5baaed
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c1eaa444f3c5fe7f6d1a209ee
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c1eaa444f3c5fe7f6d1a209ee
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c1eaa444f3c5fe7f6d1a209ee HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b049086ea5009a5756ff21970
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b049086ea5009a5756ff21970
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b049086ea5009a5756ff21970
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b049086ea5009a5756ff21970 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5b1120e666889a6d0bd8f732d
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5b1120e666889a6d0bd8f732d
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5b1120e666889a6d0bd8f732d
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5b1120e666889a6d0bd8f732d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=90873dbd1f6c32c3efe7647d7
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=90873dbd1f6c32c3efe7647d7
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=90873dbd1f6c32c3efe7647d7
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=90873dbd1f6c32c3efe7647d7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7a1c1f4b57e9ee184dff636e1
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 17e8b57e2ed803f201575cbf9698c46d
8e1ed4174e47647af89ddbc05e8435fcca63b783
3c7f4d3402133ea425f971977cddca84554c81e1113aa92388d89a6a64f7b5b9
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 09:23:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 20:34:38 GMT
Expires: Fri, 02 Dec 2022 20:34:38 GMT
ETag: "8e1ed4174e47647af89ddbc05e8435fcca63b783"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a1c1f4b57e9ee184dff636e1
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a1c1f4b57e9ee184dff636e1
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a1c1f4b57e9ee184dff636e1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a46c715e0f1f0ef181e0e1bdd
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
13.89.105.232204 No Content 0 B URL HTTP/2 contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP 13.89.105.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/sendLogs?cid=cedric&cdsnum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 912
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 09:23:33 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
Content-Length: 0
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a9b098d012b6644fb94a25e3c
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a9b098d012b6644fb94a25e3c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a9b098d012b6644fb94a25e3c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a9b098d012b6644fb94a25e3c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a0b1f263a6d449cdb51c53081
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a0b1f263a6d449cdb51c53081
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a0b1f263a6d449cdb51c53081
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a0b1f263a6d449cdb51c53081 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=582df6dbcee2ef8397c5eaa77
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=582df6dbcee2ef8397c5eaa77
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=582df6dbcee2ef8397c5eaa77
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=582df6dbcee2ef8397c5eaa77 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ea773550edcda60249637d641
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ea773550edcda60249637d641
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ea773550edcda60249637d641
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ea773550edcda60249637d641 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=49b7ad8837a803bf7ee78a6e8
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=49b7ad8837a803bf7ee78a6e8
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=49b7ad8837a803bf7ee78a6e8
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=49b7ad8837a803bf7ee78a6e8 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d3edaea9611a04e4fabbc322b
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=d3edaea9611a04e4fabbc322b
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=d3edaea9611a04e4fabbc322b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=d3edaea9611a04e4fabbc322b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a0853305ddc23b81371591725
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a0853305ddc23b81371591725
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a0853305ddc23b81371591725
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a0853305ddc23b81371591725 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b9d64fdede5ca9833e5354eb9
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b9d64fdede5ca9833e5354eb9
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b9d64fdede5ca9833e5354eb9
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b9d64fdede5ca9833e5354eb9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c71a44629f69ff7a903fe67b3
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c71a44629f69ff7a903fe67b3
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c71a44629f69ff7a903fe67b3
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c71a44629f69ff7a903fe67b3 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=dffe1a7e706052d04d77f2492
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=dffe1a7e706052d04d77f2492
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=dffe1a7e706052d04d77f2492
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=dffe1a7e706052d04d77f2492 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c6ebc555011f1cbe91e6f4a86
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c6ebc555011f1cbe91e6f4a86
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c6ebc555011f1cbe91e6f4a86
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c6ebc555011f1cbe91e6f4a86 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=04879e2b98bf82e9d7e78b99a
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=04879e2b98bf82e9d7e78b99a
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=04879e2b98bf82e9d7e78b99a
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=04879e2b98bf82e9d7e78b99a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=376487767d80624ed3c2d8457
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=376487767d80624ed3c2d8457
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=376487767d80624ed3c2d8457
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=376487767d80624ed3c2d8457 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=cfd1b2152817e8b5bdd34b518
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cfd1b2152817e8b5bdd34b518
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cfd1b2152817e8b5bdd34b518
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=cfd1b2152817e8b5bdd34b518 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f0725916c96693f4a8152cc83
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f0725916c96693f4a8152cc83
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f0725916c96693f4a8152cc83
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=f0725916c96693f4a8152cc83 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=6913ad9b92bfde1ce0076de3c
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669973007504-14696534-21F5-4EB8-B8D6-62D22C721657; PHPSESSID=0e3f7c983a0b67995008bc55103004f7; count=0; kampyle_userid=3274-5a17-65a0-1fb9-cb19-578a-654b-df8c; kampyleUserSession=1669973007878; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d225de7747f-08da383fd8e0858-c505425-140000-184d225de784f3; cdSNum=1669973010040-sjn0000158-789104e6-4a18-4097-99ce-7ba55c2896b6
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:23:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0df8ed0e22cd5cdcd8ea3156f
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
online.citi.com/passivebio/BiocatchATO.js
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/passivebio/BiocatchATO.js
IP 104.110.15.25:0
GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:23:27 GMT
date: Fri, 02 Dec 2022 09:23:27 GMT
set-cookie: AKMTLTSID=8CAB7B5FC02DBC0F759E3C777075DC1C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP 104.110.15.25:0
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 09:23:29 GMT
set-cookie: AKMTLTSID=5CE536F44C508CE8BD87712E3D7AB67C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2