Report - mail.coprwanda.com/login.php?p=

Report Overview

Submitted URL
mail.coprwanda.com/login.php?p=
IP
192.185.105.9
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-12-01 19:23:59
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citi

Detections

urlquery
43
Network Intrusion Detection
0
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.39.57.61
stags.bluekai.com	471	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	426 B	23.38.201.22
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.8 kB	172.64.155.188
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	666 B	1.1 kB	216.58.211.2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com	75111	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.57
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
mail.coprwanda.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	36 kB	146 kB	192.185.105.9
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
www.googleadservices.com	107	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	16 kB	142.250.74.66
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	902 B	67 kB	151.101.129.230
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	970 B	444 B	35.190.60.146
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	58 kB	34.120.237.76
contents2.00110.citi.com	32534	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.6 kB	52.154.174.214
1.b406929acabac9b095f124c81bdfcf57f.com	75277	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.103
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	6.3 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	25 kB	142.250.74.132
di.rlcdn.com	2196	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	192 B	35.244.174.68
cse.google.com	2642	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	318 B	4.2 kB	142.250.74.174
contents1.00110.citi.com	34217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	216 B	13.89.105.232
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.3 kB	142.250.74.131
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	6.3 kB	151.101.129.175
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	485 B	35.241.45.82
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.77.32
online.citi.com	23902	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	28 kB	1.9 MB	104.110.15.25
1.c81358859121583b7adf2ace89cb39f44.com	75217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.64

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	mail.coprwanda.com/login.php?p=	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=06bdaa7c54aedbf51d80757d4	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6b10c1d87c87573ba0c8bda3d	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ded76f4587f94ed0af333ebce	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=44eaa4677e455474cd65485f4	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df8b1316d491ec63acdb832f1	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=de1e08deb2771926448446859	Phishing
2022-12-01	medium	mail.coprwanda.com/login.php?primarymember_id=2b96241ba0d42aea83beecca4	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2d2e13c8dce8dc9651769d6f	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=bf44b19b8dbea999388a9e93f	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4d0bbf8dffad6cb1c911b34a	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f77b55dd9f9bfd64b4f131c2f	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a8dac291c5dc24cec12c2534	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1864ef9641920299415a90f7c	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d402ef5a4db2e5195a0b1e6f3	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=89162412def3359be5c029168	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=28068d716fea12ffdc0bd2f91	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a6a3d23ad4e9b93fd49e8aedc	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ad8631786d1e576ad40787a42	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3987b4f882d1e899d5f5608f7	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d69c8cb5e954b9393ef529894	Phishing
2022-12-01	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c994a0bcd8fccc6f6127d0af2	Phishing
2022-12-01	medium	mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (51)

	URL	Size	First Seen	Last Seen
	mail.coprwanda.com/login.php?p=	124 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a19f3867a2e4f194d61def3b27607ba6 70c9c6e28e1cadc1f6b5323e27193805d4eae52b 027658d5326a774db4e4a4980c91809057d23cfc74657a7afbab30f232f53862 Loading...

	mail.coprwanda.com/login.php?p=	494 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 0d581029ec07c06226cdb87413887e8c b43ebbb551358c7d2ffaced6599b09a4f471d635 68eb0c8baed5acd7a6f96d01c70ab092f24705d05f6ac63906e03281c8648da4 Loading...

	unknown	0 B	2023-03-07	2024-04-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 05:15:46 Times Seen36969731 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js	9.1 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen23 Hash 828b253bebc00cf5985f885442fa5ea8 9f02b35e1acd3be7f6063693fd6e31d4fe010109 eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb Loading...

	mail.coprwanda.com/login.php?p=	1.4 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bd392e918e0e8f71f814f5a4553a6ead 2eb7f3a1108af3e041fbb338376a313c73611026 c8deb517a69abf7d437eba4b4e4915f30afd61faf052449f014e8cafc7129e15 Loading...

	mail.coprwanda.com/login.php?p=	1.7 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d6d17a43da3e8376e35530332e97ca5a b4d7317b19925744db8006d3607847291b8c2d11 89d52e9a2628894ca01a5df1ae1e1837d8d1845687c97f70626835be863ef80f Loading...

	online.citi.com/GFC/branding/olab/js/oo_engine.min.js	43 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/olab/js/oo_engine.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 9cf707489677b29ec6136aa27089ba09 5b37eb42f3a40a12670240452ee73f62f92b2fb2 1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2 Loading...

	www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D	310 kB	2023-03-08	2023-03-12
Pretty URL www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:46 Last Seen2023-03-12 17:38:18 Times Seen1 Hash cd4dcf60325693e64ff3fe71cfb84a58 e724160941156849e66b5cec3d0fd0dbfeefd266 535b8af88e270a20f4ae2174218d6b90ffd7fb780215a2f911629455d6c8201e Loading...

	nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js	14 kB	2023-03-07	2024-04-03
Pretty URL nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js IP 151.101.129.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:04 Last Seen2024-04-03 19:28:22 Times Seen175 Hash 80dd5e3be5152c5c72d552c6a26ef6ff a019565ce06f5b1c129af9ac0e9cfa82f52dcdea 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1 Loading...

	mail.coprwanda.com/login.php?p=	8.8 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash 90f96fe21a87fad1db5e9400e1dd4992 04bf5396b008ed5c09f975a0ac4439daeb0a7c10 7281fd5f764158ae3ddd8d3745d09c71f32c8459ed2cb07cc9098279f06e9f5d Loading...

	mail.coprwanda.com/login.php?p=	169 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 41f78ec36c8e88fbf2baaf7035a8f84f 1545242efbd33a18adf2b0645decdc0c20d31e5d f22d5a40edfbfba3e5a6197f9eb94801f8402801e2ef2822dfd24ebb4022c49b Loading...

	mail.coprwanda.com/login.php?p=	1.2 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 36aa1dfcdce2b986fd9f0db34c4fa706 d08814a707dec3e918bab14f17667fbd9d97d252 899f1b5bb146380ef5919bbc7e765fad6ee9ef236df7dff4db370dfb19e70f98 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.129.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.129.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	mail.coprwanda.com/login.php?p=	712 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash 71382f8e6ef9bf2ed5d915ae803c5c7f 0c64d7a89e77aa6b2325ca12b8fe87548d6b2850 2c2cdc3431ed006f6ec8457b9c0718d0e1ca18839e87b9de7fb3b3f1661b4329 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-08	2023-03-11
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:43 Last Seen2023-03-11 23:52:27 Times Seen1 Hash aa380446f88c1288203b55faad15a0df 6724fbaffe1828ffd0ffaa56769630709b2fdfad 4f0fa35c5a44677cc0a678f03795032aa862275dc29e978a84a2ee41ef267c10 Loading...

	online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js	6.2 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen33 Hash 42dcf708ed86de23deaaea0446fd9c38 1d25fe5aea16f13a83452f02be95bec22af3b5ac 629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38 Loading...

	online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js	260 kB	2023-03-08	2023-03-13
Pretty URL online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:28 Last Seen2023-03-13 01:45:53 Times Seen1 Hash a4480ac450444291903fbfe14607a32b bcac1a02358305aa8a774ae0294015374f7e7501 df84ce005289bcce6214398b32cb00d31baadb68d6f1a681ce01bed998705759 Loading...

	online.citi.com/GFC/branding/responsivebranding/js/main.js	34 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/responsivebranding/js/main.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash c0ddec2b38e31940c334f2484005e156 6400269d39b45e4a70747dc53dee46a4847c5de3 9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda Loading...

	mail.coprwanda.com/login.php?p=	169 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 66ca5e714ab1f2abc641e1a7d48f8718 9c1e2c0ba39d05d105c37bf884bc1a3f2bc9cbc3 76dd133f3a42824740d3c84f9420ac45c4626dc34ae2fde827bc48c63361ee46 Loading...

	mail.coprwanda.com/login.php?p=	60 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bc7247cf39fab48b4350f02e88aeb96f 4d23a7bf9ac7b5e035ae05b03ec4d332fc8feaf3 f44ae2b913df243a9f434e4843f12c6fbd219bafe09e404ee33c2099fd5a8d2f Loading...

	mail.coprwanda.com/login.php?p=	1.4 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 523300c546ce8ca360e71c0fb0dd814e 02f79ba80ee8c0382712f839f96bc756d26ccf00 aed2528851ae42ae6d46422c6ea1f1a4f80f5a12d8da6ba4faf47ba31d535f00 Loading...

	mail.coprwanda.com/login.php?p=	487 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash eae83f0684e7579652eb0933e38369e9 12d00f19d6d36c928c9d2b70b4c6f7b2e6846e0a 2d71826129cbe83e37a07a4d9c204830f4973e601adcaa8683a741d992e96a24 Loading...

	mail.coprwanda.com/login.php?p=	1.5 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 80225a3b19dfe27804d23ede3e982551 48bc3baa82a3339b937f30c04a30296654a1e998 ca689295a05fa095b9c7805118d78203b18020fcba72a0b84b819eaf52e042b1 Loading...

	online.citi.com/JSO/js/fp.min.js	15 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JSO/js/fp.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen40 Hash e0bd1cc6312c34c2d4a57142ef0a7b08 02ce3ece5c0f0a50f473c46380aee484467453d0 c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61 Loading...

	online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js	13 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 67fd9bb7be1fea04c09753fcdab15974 207b8cec60851c99ebdda47a19cd8a032acc0c47 b95fb980f8f91f1c113d3411d3fbf608e143bf4d10fe0706bb6d2231f13bd228 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js	183 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:33 Last Seen2024-03-02 02:18:11 Times Seen29 Hash a497892176b1cbcfd5db73c7735fb9ef 76972967db9fd2e8276eafb00b04899b8f9bb6db d57c8034f9c12aa3ce626c9ed1d61a4bb0941c3ef320bb59346f20496fb0096a Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js	135 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen29 Hash a8808b09fb0becb59791f0dca3b44d36 a68ca6466427c153b077bd2d8028270b157f0a1a 0ed28149098ff4c10fe73564f0808527cc9ab60e4abcab1f05a5d02588e6a9ad Loading...

	online.citi.com/TMX/TMXProfiling.js	1.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/TMX/TMXProfiling.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen34 Hash 0ff04f7aa700fb377b4a1a7f9f431b21 32f63ce9172fad37c97fe3d680373a5247c2bd54 157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa Loading...

	online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js	1.0 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash e60f5e310d559ee60d3247be9d5ca100 34e78dc5b40ce2a94567389bfd6e04abf43b90b9 9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead Loading...

	1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js	3.2 kB	2023-03-07	2024-04-12
Pretty URL 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2024-04-12 17:43:01 Times Seen5046 Hash 9ee48a4da9c402e8a23ad085fb71f28f f0c59306d6313f9bee02b53ca8903991bd24bfd7 9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622 Loading...

	1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html	87 B	2023-03-07	2023-04-05
Pretty URL 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2023-04-05 01:48:21 Times Seen54 Hash 2e4d7d52e5909922bf021f1cc09b8932 dc20df92c388423464243e53c7a378f0016effc9 0242c236e7c83d9c9d5281fc2614b82c4bf516e7e2552c4e042ecbf9fcf45027 Loading...

	mail.coprwanda.com/login.php?p=	2.2 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8eedca5e0fcb1a64188322773e36df8f e432b6c6b69b3cacfb651c47ae491e0639ff451b 68c52647c1464b6ed288e2f0599fc247410d6f1aa1ef55f2f38a5b97b86cc704 Loading...

	mail.coprwanda.com/login.php?p=	435 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8c44d43f489e4df9faf23c5f7c082749 587508ee3c25156acd49c1c5381183cf28cde15d 4516f2146b415294de73a3cfdb656e831c1f768ed83e02e0523ab0e3b62ead7c Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js	3.0 kB	2023-03-07	2024-02-11
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-02-11 09:44:08 Times Seen1 Hash 1130041570009de4132935c54abacb7d 767afd3e881378ae9eee4c9f6e705022c17a358e 694c74b00db3aae929ade1622b456591187454fd61f06daef7fca081b01adc07 Loading...

	mail.coprwanda.com/login.php?p=	55 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d5f6a35c544a7ddd317d05e7269f2d91 261918e10ca6bcdb237e0721f18f9ff7bb17c661 c2cc4fb4f8c58dc26361fa9861e3f0a8c37f575e9a01ca6ab41918933a45f73c Loading...

	mail.coprwanda.com/login.php?p=	5.4 kB	2023-03-07	2023-03-26
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2023-03-26 11:20:09 Times Seen3 Hash ccc559ecd3592536380cada140c43a86 6c31ba55d693e0327c8be6aab39264045dfc89d0 9fadbb54ce0d3d5250f3a6e96ea0dbb5bc729f7936c56bdb606bb2310ede0b57 Loading...

	cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu	10 kB	2023-03-11	2023-03-11
Pretty URL cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:46:28 Last Seen2023-03-11 23:46:28 Times Seen1 Hash 20a92001aa6ef9b391b254e0fd646768 61e53471bf7fbd2b9acd590b4c8c7b8261bdb4e0 260c7170dbeac1aca13e33a09537ac061342ab6945e8a43b39198720833c0eed Loading...

	online.citi.com/personalization/peworkflow.min.js	5.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/personalization/peworkflow.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash 95e4214ba481e0482f80ba7f16966e5b 59a2c377906e189d7f4a962f76f427eb6f1edc79 690146b8ff7699810daa66f43ce7d006f74a143dea4a27bb0cb9c054dddadeee Loading...

	mail.coprwanda.com/login.php?p=	51 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a3b9a45219bb8e76e0b6428a3c2252a7 f3acae083611bddf944dd5b99ffc9401ecb29411 d0a5a93cb1f2f7daefdf72c4da8680aab2c242b9cf555052afa9c0cd56917f07 Loading...

	mail.coprwanda.com/login.php?p=	5.7 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 372c44408865733816a82d39409c0b30 85316d59e1d674e0dd03a7f0feb5d8c2b611001f 4f56b58340bbcff64bcbd1d6705293f8f68fdc68ae08c4d47f56522444cc7dd9 Loading...

	mail.coprwanda.com/login.php?p=	684 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b380284e2b4750a3f8510c3f26e3b560 2283ef2ae152c81fb1a5d606562708d09ed4d19a 8d91289c12695cf4e74f0a67724c8d857f5dff3e39dbe51b9c7b7d1389c7814e Loading...

	mail.coprwanda.com/login.php?p=	6.5 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash f15ea50d63999ebf748246ffa6809deb 3ab1fd500e2c2ebaa7b6cacd40558f72b3db819a 145cd772b8f26c7980cc0e655ae0d338eba3e2c9312f98682c20fd5d52aa0a55 Loading...

	mail.coprwanda.com/login.php?p=	55 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fe2b22226d89eba331c98169afbe248 5d6863f5b3b2ead7cda62892a357f54453f32e9b 7f06045984d0bd219b82b6f040069ed2e2e1c06209db06ba3573a146628970b6 Loading...

	mail.coprwanda.com/login.php?p=	861 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 3b39fb878bb8cc0ef702b00f28ce06a2 1800f2414e094aafbc22d21f887e2c2ae0936c39 1a26e59588d3cb2703eca3a097a8ea943076219db045142fdaa1079f5077326c Loading...

	mail.coprwanda.com/login.php?p=	359 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b12406eac48ade2690f28ac5c9f718dc 57c0461b4deb5149b8f0e858f5f5229458fc8b0c 142489ac6853636288983970739a610112ef91ac6043a389995fe55af272902f Loading...

	online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js	65 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash ffa4ec65e36a6626d9494401fe52ad0c 50fde09885fdb9f1814b950fa25992e4d9a04ba6 f1821b3865a1008ba0c088f7dc5c7eeb6b81e414461885c40b8d0f48fcbc9341 Loading...

	mail.coprwanda.com/login.php?p=	357 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fbf9db9d94876430883163dc4daf526 750066ce478bbe33c8549eba66f1b5d904887cdd a48f476e46cb1bf35c51fd3d0e2bd13934be3d651578dfd92d58031a604f3ab9 Loading...

	online.citi.com/passivebio/bcsid.js	947 B	2023-03-07	2024-03-02
Pretty URL online.citi.com/passivebio/bcsid.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen22 Hash 502011c839f5e3bbbdf1003b724e06be d038be2dc3b9e0472222e530a6939f7ebe1f474b 7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16 Loading...

	mail.coprwanda.com/login.php?p=	78 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 349e88b7caa0dff4eaf84621885aa4f3 4d887106cc4facf29b36c387a6804f1cc9248654 9db261bd1461cfc312dd6f9c4bc524a49091d299e4391c63877032b55f2596a0 Loading...

	mail.coprwanda.com/login.php?p=	3.8 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?p= IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash b7c621311d20eb07f9505c83f2e93a78 7e88e8057e7ff83e4debfc93f9003ec7b6057de7 3e8e3a7b51aa3cb440686ef7fa0309f2bb8e348f89e37819481dc7629f7868c9 Loading...

HTTP Transactions (170)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8115
Expires: Thu, 01 Dec 2022 21:39:03 GMT
Date: Thu, 01 Dec 2022 19:23:48 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1958
Cache-Control: max-age=142802
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:03:50 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 19:19:48 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 240
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14744
Expires: Thu, 01 Dec 2022 23:29:32 GMT
Date: Thu, 01 Dec 2022 19:23:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: P0NitgNKC8/ybjS0JEZ+GZwYsh1EdlpKn7X1jGFFOZu3CgQ7LenkHr0HdYCOxsvla+8BQLMal4Q=
x-amz-request-id: EG8QZ2T7JF0DT8TV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 18:46:23 GMT
age: 2245
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

mail.coprwanda.com/login.php?p=

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
mail.coprwanda.com/login.php?p=
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?p= HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922613646; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 19:23:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1684
Cache-Control: max-age=109423
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:47:31 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1684
Cache-Control: max-age=109423
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:47:31 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css

104.110.15.25

200 OK

3.7 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.7 kB (3733 bytes)
Hash
912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=48BDBEC63EF298DDEAECBDFBEEF5291F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1684
Cache-Control: max-age=109423
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:47:31 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1684
Cache-Control: max-age=109423
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:47:31 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

104.110.15.25

200 OK

70 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (53390)
Size
70 kB (69731 bytes)
Hash
1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=F6D586D29AA1D37A39EB9583AE9BA6C0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=8C00EDD3220A8EE02623998C2A995279; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/loginpage/styles/homePage.min.css

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/loginpage/styles/homePage.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (24793), with no line terminators
Size
5.0 kB (5046 bytes)
Hash
8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506

HTTP Headers

GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=464E526AD0BA02C06BF53544C7222520; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1684
Cache-Control: max-age=109423
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:47:31 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

www.google.com/cse/static/style/look/v4/default.css

142.250.74.132

200 OK

1.3 kB

URL HTTP/2
www.google.com/cse/static/style/look/v4/default.css
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.3 kB (1345 bytes)
Hash
b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132

HTTP Headers

GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 19:13:10 GMT
expires: Thu, 01 Dec 2022 20:03:10 GMT
cache-control: public, max-age=3000
age: 638
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

104.110.15.25

200 OK

2.9 kB

URL HTTP/2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5928)
Size
2.9 kB (2905 bytes)
Hash
f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05

HTTP Headers

GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=52952547A4EE5472E9C7559A39472C5D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

104.110.15.25

200 OK

65 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (65509)
Size
65 kB (64910 bytes)
Hash
68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=6B826FAD0A7ACAFEB782396E32779C00; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css

9.0 kB

URL
www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
IP
:0
ASN
#0

File type
gzip compressed data, max compression\012- data
Size
9.0 kB (9032 bytes)
Hash
c7cbebedd348978dba3901d8cc83e90d
da9da15b749bbbea07de2147b1c09ff9cf6ee05b
8d6777b76a124d852a680f4d5e42f9b6abfefbc70253b120ed7f3a44aec9e1c2

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

online.citi.com/JSO/js/fp.min.js

104.110.15.25

200 OK

4.3 kB

URL HTTP/2
online.citi.com/JSO/js/fp.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (13962)
Size
4.3 kB (4322 bytes)
Hash
37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982

HTTP Headers

GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=2D9485F247E9B04C80692CB25FD594A2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png

151.101.129.230

200 OK

2.2 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP
151.101.129.230:0
ASN
#54113 FASTLY

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2219 bytes)
Hash
f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068

HTTP Headers

GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 19:23:48 GMT
via: 1.1 varnish
age: 827595
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669922628.438297,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css

104.110.15.25

200 OK

337 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1265), with no line terminators
Size
337 B (337 bytes)
Hash
7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=008DDFD03921E59B6A0CC23395F64A09; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js

151.101.129.230

200 OK

63 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP
151.101.129.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (44679)
Size
63 kB (63129 bytes)
Hash
2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3

HTTP Headers

GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 19:23:48 GMT
via: 1.1 varnish
age: 16230
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669922628.438002,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

104.110.15.25

200 OK

899 B

URL HTTP/2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
899 B (899 bytes)
Hash
1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3

HTTP Headers

GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=2B655E7B07259E83D3F34DD0BCB95728; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/personalization/peworkflow.min.js

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/personalization/peworkflow.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5321), with no line terminators
Size
1.8 kB (1806 bytes)
Hash
1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78

HTTP Headers

GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=66DA5C0138EE4CB7B25F616F0BAC02DA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js

104.110.15.25

200 OK

31 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (368)
Size
31 kB (30559 bytes)
Hash
51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538

HTTP Headers

GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=F56BF64E7E530514D010259338D5B2AB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/BiocatchATO.js

104.110.15.25

200 OK

114 kB

URL HTTP/2
online.citi.com/passivebio/BiocatchATO.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (63756)
Size
114 kB (114417 bytes)
Hash
9248242d277a48e0e26b2b6aef3ce590
54c170a425a237fff13a351380d3ebc13eecb7fe
dffd94cd4d4979a7844ab3e348357a918ba4d92a07e1e20ce583295c136b6d88

HTTP Headers

GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=33D07CD130D5F81F55DA5BD027E30D94; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js

104.110.15.25

200 OK

18 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (65331), with no line terminators
Size
18 kB (17670 bytes)
Hash
2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=5A1D786AFC1FB1A08456CEF7ABF51554; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/main.js

104.110.15.25

200 OK

8.0 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/main.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Size
8.0 kB (7957 bytes)
Hash
6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee

HTTP Headers

GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=4E6F2DE25E1407D5BE217AA25BDD4B17; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js

104.110.15.25

200 OK

1.0 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3018), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=F3BEED87ABECC8BF6E10A3EC6879DDFC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js

104.110.15.25

200 OK

3.0 kB

URL HTTP/2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
3.0 kB (3030 bytes)
Hash
cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0

HTTP Headers

GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=A3CF9A6CE9F8BA4D4E123DC4DDDFCEB3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/bcsid.js

104.110.15.25

200 OK

427 B

URL HTTP/2
online.citi.com/passivebio/bcsid.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
427 B (427 bytes)
Hash
62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd

HTTP Headers

GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
content-length: 427
set-cookie: AKMTLTSID=2F7DA8D7ABCD67953FE8B9599B307423; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js

104.110.15.25

200 OK

2.4 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
C source, ASCII text, with very long lines (7615)
Size
2.4 kB (2415 bytes)
Hash
e1577cfb2e8936a3c801851fff429693
1e861beca6b15a5f3d2ae277a95d7fd53e6256ec
95b8e61a19f61148c98e111e451ba37b8f27f55a415318e3fd49b56115c000a9

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2415
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=63A5F0664E9F4FED07375955DEFC5B43; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/pl-profile.png

104.110.15.25

200 OK

678 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
678 B (678 bytes)
Hash
47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d

HTTP Headers

GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=37235869FA6191C11BBEC8DBAF44C74E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg

104.110.15.25

200 OK

758 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
758 B (758 bytes)
Hash
2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=DF763B75FC44B051C66B8E0AD8842D8C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/lang.svg

104.110.15.25

200 OK

1.4 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/lang.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1434 bytes)
Hash
c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784

HTTP Headers

GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=31B3456F64A9DF05EFE49AAD1321540D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-know.png

104.110.15.25

200 OK

547 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
547 B (547 bytes)
Hash
7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb

HTTP Headers

GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=ED4CE04E9AEA326C93C43C94E0BCB4A6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-mail.png

104.110.15.25

200 OK

713 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
713 B (713 bytes)
Hash
d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799

HTTP Headers

GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=4679FEB31CF1AD727D68D9A41C218FC7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/banking-savings.png

104.110.15.25

200 OK

917 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
917 B (917 bytes)
Hash
d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902

HTTP Headers

GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=5D93D6FD0D4FE23BF10C6AEE895FF6B5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js

104.110.15.25

200 OK

26 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (8207)
Size
26 kB (25945 bytes)
Hash
4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 18 Apr 2021 07:56:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=C6068300A83880EA709F5F8B1A972AD8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-calculator.png

104.110.15.25

200 OK

374 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
374 B (374 bytes)
Hash
2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2

HTTP Headers

GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=DC87C9B163EB3C020EFBBEF8589AA88A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-home.png

104.110.15.25

200 OK

515 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
515 B (515 bytes)
Hash
d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3

HTTP Headers

GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=439277DC133E7C063FFAFC2B1B83BED4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-FP.png

104.110.15.25

200 OK

399 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
399 B (399 bytes)
Hash
4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=A29AEA54FEDFE40D6B959AFBFFAACDEE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-MI.png

104.110.15.25

200 OK

822 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
822 B (822 bytes)
Hash
9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=053E704CE8A190768F0FF584E27B2375; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-II.png

104.110.15.25

200 OK

894 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
894 B (894 bytes)
Hash
ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=8B0ACEE5490D9E25F6EAC70EA6EE501E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranch.png

104.110.15.25

200 OK

697 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
697 B (697 bytes)
Hash
5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=822DD6E6CBF9E95C80B13A87E96DDF7C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/WM-conce.png

104.110.15.25

200 OK

819 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
819 B (819 bytes)
Hash
e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38

HTTP Headers

GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=F5015F43687D377F6618E81019BA1619; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/search.png

104.110.15.25

200 OK

540 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/search.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
540 B (540 bytes)
Hash
2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae

HTTP Headers

GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=E7E371E53E33445DDE82C8F76A999034; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/navigationMobile.png

104.110.15.25

200 OK

137 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
137 B (137 bytes)
Hash
895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d

HTTP Headers

GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=1E6423581AAD3091D353FC3FC9854153; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/closeMobile.png

104.110.15.25

200 OK

327 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
327 B (327 bytes)
Hash
e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0

HTTP Headers

GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=8559562224A191438F324C5680F3650D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png

104.110.15.25

200 OK

888 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
888 B (888 bytes)
Hash
2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=1E8470F0C03DDF1FCA26778996A572BB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png

104.110.15.25

200 OK

1.3 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1300 bytes)
Hash
e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a

HTTP Headers

GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=949CD4FB6D726A5FDB190B7217B2B3B4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

104.110.15.25

200 OK

21 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
21 kB (21180 bytes)
Hash
a7a9a73a978e579f64235bf7ce768235
fc2af74ed45ab50faf2c2e9393ff7218171c59e2
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

HTTP Headers

GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=A07EF520D544CDCF5E6796962C910E81; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 19:11:15 GMT
cache-control: public,max-age=3600
age: 753
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/card_art/8150_cardArt.png

104.110.15.25

200 OK

45 kB

URL HTTP/2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Size
45 kB (45386 bytes)
Hash
d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0

HTTP Headers

GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=1C6438A2AE558B7F9CE93E72ED8A7C15; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg

104.110.15.25

200 OK

53 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Size
53 kB (52559 bytes)
Hash
ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d

HTTP Headers

GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=673131BD10FBEEBC217A34C3B1318F20; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/8763_M1-M7.jpg

104.110.15.25

200 OK

46 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
46 kB (45996 bytes)
Hash
d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4

HTTP Headers

GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=87C023CBE8CF81D748598095F38F3BB8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1951
Cache-Control: max-age=137731
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:49 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:39:20 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png

104.110.15.25

200 OK

329 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
329 B (329 bytes)
Hash
15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=2C2A0960918E9DE978E5F7758B9B7F10; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png

104.110.15.25

200 OK

840 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
840 B (840 bytes)
Hash
766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=CC383E8864FBD66669729DAAD94FE0FB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png

104.110.15.25

200 OK

808 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
808 B (808 bytes)
Hash
89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=D17CCFBEDFEB374414D303C3BF4C9F6C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=DF3C71C4C790E0381237F70B18EA82A5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg

104.110.15.25

200 OK

110 kB

URL HTTP/2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], comment: "Optimized by JPEGmini 3.12.0.2 0x8e6e2aa3", baseline, precision 8, 2160x600, components 3\012- data
Size
110 kB (110256 bytes)
Hash
adc640f5c974f259332776179906a9ba
88aa97730f84a70b8f3ec0df9763797293f6fef9
73bda4635bfa51c64ab47b1fba9a7cb20b6ab3ae44f7c1d2abf78041a9da0fee

HTTP Headers

GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=DD8ABC1702C74FEBFECD30301522ED2B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg

104.110.15.25

200 OK

35 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
35 kB (35239 bytes)
Hash
5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63

HTTP Headers

GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=571F7F6558FC47DBA3BA230A60F8148D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png

104.110.15.25

200 OK

28 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=59C64F257184318EA872519F16B4B192; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/errorLogo.svg

104.110.15.25

200 OK

584 B

URL HTTP/2
online.citi.com/GFC/branding/img/errorLogo.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Size
584 B (584 bytes)
Hash
3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341

HTTP Headers

GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=3492C072762A2ED93B14EF1626983555; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css

104.110.15.25

200 OK

15 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (342)
Size
15 kB (15298 bytes)
Hash
7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:49 GMT
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=7A353B6D28D415DC42DC697AB59DC6AE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js

104.110.15.25

200 OK

748 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (57530)
Size
748 kB (747501 bytes)
Hash
9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:48 GMT
date: Thu, 01 Dec 2022 19:23:48 GMT
content-length: 747501
set-cookie: AKMTLTSID=35F723EB1247EDA5F3A31D71D34A6B07; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg

104.110.15.25

200 OK

50 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
50 kB (50031 bytes)
Hash
1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80

HTTP Headers

GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 19:23:48 GMT
set-cookie: AKMTLTSID=8FD99A24E51FF3995DEB367CDC32A515; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

104.110.15.25

200 OK

344 B

URL HTTP/2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1035), with no line terminators
Size
344 B (344 bytes)
Hash
ee56ceb81a2c453ad35d592085dc1030
93465f3d60e2561772ade8cf8cbccccb8038ab74
b1282d6ce2f019a78ac693026f2d21cf72b63e5203594be911f894531a142b4b

HTTP Headers

GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 01:23:49 GMT
date: Thu, 01 Dec 2022 19:23:49 GMT
content-length: 344
set-cookie: AKMTLTSID=EF4EB5E53BE0EBD54C1C1363096127D5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.39.57.61

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.57.61:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s1+bMKTRUTfDgjRDPeQUCQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xMnPKSkJGLPinLsXxM0KBHTHkiQ=

online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=2189CD50639E65D25DF31693C7D41CE0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=97F9863231832C51F6E2CE8DA6E05F4B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=DBB2B85D25CEA284F56D72B53CF700A5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/fonts/Interstate-Regular.ttf

104.110.15.25

200 OK

80 kB

URL HTTP/2
online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright (c) 2007 by The Font Bureau, Inc.. All rights reserved.RegularTheFontBureau,Inc:Inters\012- data
Size
80 kB (79753 bytes)
Hash
092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09

HTTP Headers

GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=A4E904121377C48ABBDF9E384373DCEA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/loginpage/images/icons/svgs/close.svg

104.110.15.25

200 OK

641 B

URL HTTP/2
online.citi.com/loginpage/images/icons/svgs/close.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Size
641 B (641 bytes)
Hash
dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8

HTTP Headers

GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=B0EE3E34472FBE610488295A2A5838B1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

104.110.15.25

200 OK

148 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
148 kB (148436 bytes)
Hash
a9054b5be97affe8455c95515d6cc85b
5021d9785e3819c4ad4a2b78f387f0ec9f3a6bae
187395fde923214a57b5de0a691ca784ef64b2e06e3ff4117391821d9b9c7222

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=B272E8E632F51057778E664374402EAC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg

104.110.15.25

200 OK

499 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
499 B (499 bytes)
Hash
d0d6851fdc21e63eb57af3709578a0dd
2140b733bc5e6a17cdb8537fa8759e06861cbaed
4145e83a3ccffc44dd543b258d3b9ce64e55ac66c56b8f3c8d15a36875a8fc67

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 499
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=FC59533E5DF98E418E595C95044253A0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

104.110.15.25

200 OK

77 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
77 kB (76826 bytes)
Hash
7315dfab0a68efb7fb22012551203817
5d9d65a25fd0833b1d5d02abfe71b3d3f16bf594
7803725fc747aedbcc37628f973b7bb115943951967117d4700e7d494942802f

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Thu, 01 Dec 2022 19:23:49 GMT
set-cookie: AKMTLTSID=0C8250D9ABDC09DE0D857F2206C5BCA3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png

104.110.15.25

200 OK

9.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
9.3 kB (9255 bytes)
Hash
c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a

HTTP Headers

GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:50 GMT
set-cookie: AKMTLTSID=7C05F37048980BAB826A3FF34A061E0F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png

104.110.15.25

200 OK

8.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
8.3 kB (8272 bytes)
Hash
e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47

HTTP Headers

GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 19:23:50 GMT
set-cookie: AKMTLTSID=0BAB2D59C6A4E9A6DA1293F343C59EBE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

104.110.15.25

200 OK

496 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
496 B (496 bytes)
Hash
28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Thu, 01 Dec 2022 19:23:50 GMT
set-cookie: AKMTLTSID=24F4B5CCC39785C8BCBE491DED482602; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?p=
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922613646; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=1; cdContextId=1

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=8b03c25c997f382cd07ac149236b03f0; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=06bdaa7c54aedbf51d80757d4
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

301 Moved Permanently

0 B

URL HTTP/1.1
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Thu, 01 Dec 2022 19:23:50 GMT
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.129.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.129.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Thu, 01 Dec 2022 19:23:50 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1659-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669922630.248006,VS0,VE0
Strict-Transport-Security: max-age=31557600

stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064

23.38.201.22

200 OK

71 B

URL HTTP/2
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP
23.38.201.22:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
71 B (71 bytes)
Hash
988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

HTTP Headers

GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: 96bb
date: Thu, 01 Dec 2022 19:23:50 GMT
X-Firefox-Spdy: h2

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.129.175

200 OK

5.2 kB

URL HTTP/2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.129.175:0
ASN
#54113 FASTLY

File type
C source, ASCII text, with very long lines (585)
Size
5.2 kB (5197 bytes)
Hash
a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 19:23:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1669922630.355102,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=497343,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3316ccddb515-OSL

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=06bdaa7c54aedbf51d80757d4

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=06bdaa7c54aedbf51d80757d4
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=06bdaa7c54aedbf51d80757d4 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=1; cdContextId=1; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6b10c1d87c87573ba0c8bda3d
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 12
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Etag: "63878525-1d7"
Last-Modified: Thu, 01 Dec 2022 19:23:38 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTIyNjI4ODM2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZjI0ZWExNmEtMGQ4OWRjNzQ0YjMwN2E4LWM1MDU0MjUtMTQwMDAwLTE4NGNmMjRlYTE3NTAyIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9tYWlsLmNvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3A9Iiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0ZDQ3LWU3YTEtNWU4NC1iYmMwLWIxYzYtNjg4Yi1lMmY0LTYwMjMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkyMjYyODY5NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1MDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MjI2Mjg2OTgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTIyNjI4ODM2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZjI0ZWExNmEtMGQ4OWRjNzQ0YjMwN2E4LWM1MDU0MjUtMTQwMDAwLTE4NGNmMjRlYTE3NTAyIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9tYWlsLmNvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3A9Iiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0ZDQ3LWU3YTEtNWU4NC1iYmMwLWIxYzYtNjg4Yi1lMmY0LTYwMjMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkyMjYyODY5NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1MDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MjI2Mjg2OTgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTIyNjI4ODM2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZjI0ZWExNmEtMGQ4OWRjNzQ0YjMwN2E4LWM1MDU0MjUtMTQwMDAwLTE4NGNmMjRlYTE3NTAyIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9tYWlsLmNvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3A9Iiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0ZDQ3LWU3YTEtNWU4NC1iYmMwLWIxYzYtNjg4Yi1lMmY0LTYwMjMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkyMjYyODY5NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1MDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MjI2Mjg2OTgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-kdtj
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 01 Dec 2022 19:23:50 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6b10c1d87c87573ba0c8bda3d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6b10c1d87c87573ba0c8bda3d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6b10c1d87c87573ba0c8bda3d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ded76f4587f94ed0af333ebce
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2250
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 19:23:50 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2250
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 19:23:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2250
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 19:23:50 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=497343,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3319093db515-OSL

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9459 bytes)
Hash
e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: c08f55b2-7ac6-4dec-b53c-fd3f4533f9c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpBiGoHIAMFR2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bba3-69c2c2d05e55fd745caf1dce;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:09:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_Mb-0pBwp-pUyU2bdJ8MhrGHkk6VQgJmcGV9MfHwj_yGUMIYZkyrg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 17:08:13 GMT
age: 8137
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 49114
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 77510
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13411 bytes)
Hash
328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 71f8798f-93e9-4649-8822-7ad3fadeec34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz6vH05oAMF_qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd11-1849aa08463e5c1f3d9b15b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QVGFEOePBybOeNxG6eWBffm8Ha_fmBnT8vMIGcI8zv9C7yiBeSncDw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
age: 77510
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D

142.250.74.132

200 OK

13 kB

URL HTTP/2
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
data
Size
13 kB (12898 bytes)
Hash
820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 10:27:45 GMT
expires: Thu, 30 Nov 2023 10:27:45 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 118563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 18:58:06 GMT
age: 1544
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

1.3 kB

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (1330), with no line terminators
Size
1.3 kB (1330 bytes)
Hash
e9ea0a186fb88e163a647ac0b354f560
d1f6221e15a0aa5a5c375dfb4b2c843ba1a4dbb4
5cafd5cb2fa0745db6e5414d5352318aa76e97bfc0beefd6301ee686d270e970

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 743
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 1330
date: Thu, 01 Dec 2022 19:23:49 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: c58128fd-088e-448e-8224-cdf40bc8ae73
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ded76f4587f94ed0af333ebce

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ded76f4587f94ed0af333ebce
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ded76f4587f94ed0af333ebce HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=44eaa4677e455474cd65485f4
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
2197fee59ea5700058818dc8b088f41c
a4956b51eaf71475265b0f43ccb329abd7be7f5c
4afa48feda5eef3deeae794f77b2553a3aba1651bbb635a07f8ce30cd5d4f22b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 11:15:46 GMT
Expires: Mon, 05 Dec 2022 11:15:45 GMT
Etag: "a4956b51eaf71475265b0f43ccb329abd7be7f5c"
Cache-Control: max-age=315714,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3319ad7fb511-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=383177,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3319bc45b529-OSL

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html

54.230.111.64

200 OK

221 B

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:37:34 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M2tD-KTvAH1Z0M2mC-u_jHpiwvp93a7DT0UarmSlpA159Vam0rMPwg==
age: 38777
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

216.58.211.2

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
216.58.211.2:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 19:23:50 GMT
expires: Thu, 01 Dec 2022 19:23:50 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html

54.230.111.103

200 OK

221 B

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP
54.230.111.103:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 07:42:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hgRxpE7V00v4dVQ_xwi1qClBU-c2GnLs5BRS364vcMkpk-_kz4lr-Q==
age: 42068
X-Firefox-Spdy: h2

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.64

200 OK

3.2 kB

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 23:00:06 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ybN05phyyCkcu5RvgbAk1Ksb4n1jx4DW1okHszFYbEqswOl_LVIIkQ==
age: 73425
X-Firefox-Spdy: h2

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.103

200 OK

3.2 kB

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.103:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cgsTrZueCAgJX5LAR2CNpZ9TmO7WvUGUWKqnUI46yNj5zYZnXGEYog==
age: 12623
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=44eaa4677e455474cd65485f4

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=44eaa4677e455474cd65485f4
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=44eaa4677e455474cd65485f4 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=df8b1316d491ec63acdb832f1
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8d42dbe45d28e98140b7b8e7337916c2
702722d1219f8037f75a0dc9e24936bf7d454533
987efb6ca64818d45978d4bb1ea0557f9531f57f757922ddecad760c854fc0ae

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

142.250.74.174

200 OK

3.7 kB

URL HTTP/1.1
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3328)
Size
3.7 kB (3706 bytes)
Hash
3c24c82aa224553b1119108d20435713
75c3d1f9db89aa84e8eed23cb614717592594817
fb37f52d5432d95c4b28bcd32ee4fd0bb03fd728819788604242383e65b75eab

HTTP Headers

GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: gws
Cache-Control: private
Content-Length: 3706
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=492212,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772e3319aa5cb515-OSL

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html

54.230.111.57

200 OK

221 B

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 09:33:10 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tQYEINLjP4MtWzeOpbUj-aoPTeF8Q3fsM3StqONp0Y10pJQmlRaekQ==
age: 35441
X-Firefox-Spdy: h2

di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38

35.244.174.68

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP
35.244.174.68:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 01 Dec 2022 19:23:50 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googleadservices.com/pagead/conversion_async.js

142.250.74.66

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15190 bytes)
Hash
f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 01 Dec 2022 19:23:50 GMT
expires: Thu, 01 Dec 2022 19:23:50 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.57

200 OK

3.2 kB

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:56:21 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VlafwRQ7YdmlwQ2JUltO3_Tgx6flBlrcaMAxh__Ox4-VEJRPI78F3g==
age: 37650
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2127bde04ad44ce578c974ce17014430
0671da7ac6281e7666378aec875006158b784931
e7353f4f5fdb557bbc3ed7b6c74c9a79d1bb7ef966f5bd471382feb82234bd93

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 19:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mail.coprwanda.com/favicon.ico

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/favicon.ico
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?p=
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2b96241ba0d42aea83beecca4
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df8b1316d491ec63acdb832f1

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df8b1316d491ec63acdb832f1
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=df8b1316d491ec63acdb832f1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=de1e08deb2771926448446859
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=de1e08deb2771926448446859

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=de1e08deb2771926448446859
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=de1e08deb2771926448446859 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f2d2e13c8dce8dc9651769d6f
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/login.php?primarymember_id=2b96241ba0d42aea83beecca4

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
mail.coprwanda.com/login.php?primarymember_id=2b96241ba0d42aea83beecca4
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?primarymember_id=2b96241ba0d42aea83beecca4 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2d2e13c8dce8dc9651769d6f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2d2e13c8dce8dc9651769d6f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2d2e13c8dce8dc9651769d6f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bf44b19b8dbea999388a9e93f
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=bf44b19b8dbea999388a9e93f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=bf44b19b8dbea999388a9e93f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=bf44b19b8dbea999388a9e93f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e4d0bbf8dffad6cb1c911b34a
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4d0bbf8dffad6cb1c911b34a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4d0bbf8dffad6cb1c911b34a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e4d0bbf8dffad6cb1c911b34a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f77b55dd9f9bfd64b4f131c2f
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f77b55dd9f9bfd64b4f131c2f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f77b55dd9f9bfd64b4f131c2f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f77b55dd9f9bfd64b4f131c2f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0a8dac291c5dc24cec12c2534
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
6b0733cb66c212b7bbb8a0a94c75ce90
4817fa266a713018db1a38319a838ae6b67fe4d6
74d188f54a65fe59bb3e23b25267811dd5ec83548b1098b083cb7e3eeab01426

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3188
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Thu, 01 Dec 2022 19:23:49 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 44c9676f-5ecb-42bd-9023-4062fe44b561
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a8dac291c5dc24cec12c2534

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a8dac291c5dc24cec12c2534
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a8dac291c5dc24cec12c2534 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1864ef9641920299415a90f7c
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1864ef9641920299415a90f7c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1864ef9641920299415a90f7c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1864ef9641920299415a90f7c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d402ef5a4db2e5195a0b1e6f3
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d402ef5a4db2e5195a0b1e6f3

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d402ef5a4db2e5195a0b1e6f3
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d402ef5a4db2e5195a0b1e6f3 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=89162412def3359be5c029168
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=89162412def3359be5c029168

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=89162412def3359be5c029168
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=89162412def3359be5c029168 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=28068d716fea12ffdc0bd2f91
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=28068d716fea12ffdc0bd2f91

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=28068d716fea12ffdc0bd2f91
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=28068d716fea12ffdc0bd2f91 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a6a3d23ad4e9b93fd49e8aedc
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a6a3d23ad4e9b93fd49e8aedc

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a6a3d23ad4e9b93fd49e8aedc
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a6a3d23ad4e9b93fd49e8aedc HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ad8631786d1e576ad40787a42
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ad8631786d1e576ad40787a42

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ad8631786d1e576ad40787a42
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ad8631786d1e576ad40787a42 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=3987b4f882d1e899d5f5608f7
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
0119350efeff2b759c92b41e290df7e6
1b3d2fed2dea6caac314c45a647c23555fdb7e07
1cbb1bf4885e180f58c076d679ec8fc7398485384647d7974f8e97d561c20261

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 928
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Thu, 01 Dec 2022 19:23:49 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: ef2d745b-bfbf-424e-a47d-f4c62b26af29
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3987b4f882d1e899d5f5608f7

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3987b4f882d1e899d5f5608f7
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3987b4f882d1e899d5f5608f7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d69c8cb5e954b9393ef529894
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d69c8cb5e954b9393ef529894

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d69c8cb5e954b9393ef529894
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d69c8cb5e954b9393ef529894 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c994a0bcd8fccc6f6127d0af2
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c994a0bcd8fccc6f6127d0af2

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c994a0bcd8fccc6f6127d0af2
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c994a0bcd8fccc6f6127d0af2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7e12f67e86be6790f306f4b3d
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57

13.89.105.232

204 No Content

0 B

URL HTTP/2
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP
13.89.105.232:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/sendLogs?cid=cedric&cdsnum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 856
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Thu, 01 Dec 2022 19:23:53 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?p=
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0
Content-Length: 0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=44a5b6829a8ec9aa8ab8da93e
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=44a5b6829a8ec9aa8ab8da93e

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=44a5b6829a8ec9aa8ab8da93e
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=44a5b6829a8ec9aa8ab8da93e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a2eb9c726cee66a461ce45ee1
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a2eb9c726cee66a461ce45ee1

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a2eb9c726cee66a461ce45ee1
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a2eb9c726cee66a461ce45ee1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=76016b8193ba13dc44d12785c
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76016b8193ba13dc44d12785c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76016b8193ba13dc44d12785c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=76016b8193ba13dc44d12785c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=76e40dbd97c6f254fcb780749
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76e40dbd97c6f254fcb780749

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76e40dbd97c6f254fcb780749
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=76e40dbd97c6f254fcb780749 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=aa054a24d918399937bc634da
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=aa054a24d918399937bc634da

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=aa054a24d918399937bc634da
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=aa054a24d918399937bc634da HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=380d324bf07f492b8af7744fb
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=380d324bf07f492b8af7744fb

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=380d324bf07f492b8af7744fb
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=380d324bf07f492b8af7744fb HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=258a01ca3ea608fbfb0ff736f
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=258a01ca3ea608fbfb0ff736f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=258a01ca3ea608fbfb0ff736f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=258a01ca3ea608fbfb0ff736f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5bf33bdefd241b2547f74a58c
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5bf33bdefd241b2547f74a58c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5bf33bdefd241b2547f74a58c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=5bf33bdefd241b2547f74a58c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=242ec45685de7881b7f9adbc5
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=242ec45685de7881b7f9adbc5

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=242ec45685de7881b7f9adbc5
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=242ec45685de7881b7f9adbc5 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d7ea5fdb5a9df71735199adbc
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=d7ea5fdb5a9df71735199adbc

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=d7ea5fdb5a9df71735199adbc
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=d7ea5fdb5a9df71735199adbc HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b7b96003ac6dfe256d8cb948d
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b7b96003ac6dfe256d8cb948d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b7b96003ac6dfe256d8cb948d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b7b96003ac6dfe256d8cb948d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=15c6d703a292f701ee13e584b
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=15c6d703a292f701ee13e584b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=15c6d703a292f701ee13e584b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=15c6d703a292f701ee13e584b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b76ebb05a7e473621e81a8bf6
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b76ebb05a7e473621e81a8bf6

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b76ebb05a7e473621e81a8bf6
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b76ebb05a7e473621e81a8bf6 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=cc76910ad780175b2053bdf07
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cc76910ad780175b2053bdf07

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cc76910ad780175b2053bdf07
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=cc76910ad780175b2053bdf07 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=921b81aaf023580c132b1b5b9
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=921b81aaf023580c132b1b5b9

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=921b81aaf023580c132b1b5b9
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=921b81aaf023580c132b1b5b9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a15bd0000339b1a0aaea9ad64
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a15bd0000339b1a0aaea9ad64

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a15bd0000339b1a0aaea9ad64
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a15bd0000339b1a0aaea9ad64 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=48204c4379f51d1bf62dac2df
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=48204c4379f51d1bf62dac2df

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=48204c4379f51d1bf62dac2df
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=48204c4379f51d1bf62dac2df HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ced8048a41adebeff67b96161
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ced8048a41adebeff67b96161

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ced8048a41adebeff67b96161
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ced8048a41adebeff67b96161 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=77157869b3ed3b151445d033b
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=77157869b3ed3b151445d033b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=77157869b3ed3b151445d033b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=77157869b3ed3b151445d033b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?p=
Connection: keep-alive
Cookie: bmuid=1669922613213-B9DA0913-A0C0-4E0A-BBFA-5606FFBDBD64; count=0; kampyle_userid=4d47-e7a1-5e84-bbc0-b1c6-688b-e2f4-6023; kampyleUserSession=1669922628697; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184cf24ea16a-0d89dc744b307a8-c505425-140000-184cf24ea17502; cdSNum=1669922615510-sjn0000276-ac480d57-2a9f-4c1e-acba-84ed85add533; cdContextId=2; cdContextId=2; PHPSESSID=8b03c25c997f382cd07ac149236b03f0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 19:23:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7f3c494e51168b7706788962b
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (51)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP