r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7796
Expires: Fri, 02 Dec 2022 11:45:09 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 207
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:35:13 GMT
Last-Modified: Fri, 02 Dec 2022 09:31:46 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12873
Expires: Fri, 02 Dec 2022 13:09:46 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 09:19:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 919
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Wi2uzNK3QXMIxisfE7resMjMtkuqPifLSKiXxwwi0ZZ/4GcvUQ3uMEh1rP5GMV/Wfhc7JOxAXnc=
x-amz-request-id: KJDP7NMTCV4DDPW1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 08:46:03 GMT
age: 2950
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 09:35:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
54.230.111.35200 OK 32 kB URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
IP 54.230.111.35:0
File type ASCII text, with very long lines (594)
Hash 61123b2865b71f2625a4d0c8056f3ceb
b1f90f08ff182c355179703809d8bae5674bf55b
f1afbe14528a3ae3b360e9e0c47a414207266c56935aa6e98c9cd24031973d3f
GET /citizensbank/olbprod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 30 Nov 2022 15:57:24 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:22 GMT
ETag: W/"39bf7a3a8df0e7cc7aac36800368843a"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=300
x-amz-version-id: n.3u3tglJzlUidakqrAu0WJ9p85U4QzX
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: f31jfOOH8P2pov2SRmu4b5Y8TwsdP4d4nLTF3qeo1iyXo_EcGpAJmQ==
Age: 149870
secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
20.11.65.188200 OK 26 kB URL HTTP/1.1 secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672), with CRLF line terminators
Hash b27bd01402693bedb7107dec85a3f2df
0129e5275b6bbdd6355d291eaebc22e6da532c41
bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /login.php?online_id=cfd88968056c9308f4773943c&country=&iso= HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:13 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 08f8b31772a191a3dc4e7049ad02779a
5e9545e9468b52dbcfc49769365a5ede61370daf
ca6a486a0d4896630ec90dfbf08295de0f58a455a9764fef9df8ab09c3b8469c
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CA6A486A0D4896630EC90DFBF08295DE0F58A455A9764FEF9DF8AB09C3B8469C"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2501
Expires: Fri, 02 Dec 2022 10:16:54 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 08f8b31772a191a3dc4e7049ad02779a
5e9545e9468b52dbcfc49769365a5ede61370daf
ca6a486a0d4896630ec90dfbf08295de0f58a455a9764fef9df8ab09c3b8469c
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CA6A486A0D4896630EC90DFBF08295DE0F58A455A9764FEF9DF8AB09C3B8469C"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2559
Expires: Fri, 02 Dec 2022 10:17:52 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 08f8b31772a191a3dc4e7049ad02779a
5e9545e9468b52dbcfc49769365a5ede61370daf
ca6a486a0d4896630ec90dfbf08295de0f58a455a9764fef9df8ab09c3b8469c
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CA6A486A0D4896630EC90DFBF08295DE0F58A455A9764FEF9DF8AB09C3B8469C"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2559
Expires: Fri, 02 Dec 2022 10:17:52 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 08f8b31772a191a3dc4e7049ad02779a
5e9545e9468b52dbcfc49769365a5ede61370daf
ca6a486a0d4896630ec90dfbf08295de0f58a455a9764fef9df8ab09c3b8469c
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CA6A486A0D4896630EC90DFBF08295DE0F58A455A9764FEF9DF8AB09C3B8469C"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2559
Expires: Fri, 02 Dec 2022 10:17:52 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 08f8b31772a191a3dc4e7049ad02779a
5e9545e9468b52dbcfc49769365a5ede61370daf
ca6a486a0d4896630ec90dfbf08295de0f58a455a9764fef9df8ab09c3b8469c
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CA6A486A0D4896630EC90DFBF08295DE0F58A455A9764FEF9DF8AB09C3B8469C"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2501
Expires: Fri, 02 Dec 2022 10:16:54 GMT
Date: Fri, 02 Dec 2022 09:35:13 GMT
Connection: keep-alive
secure03citizen.myvnc.com/efs/efs/jsp-ns/pm_fp.js
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/efs/efs/jsp-ns/pm_fp.js
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:13 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www4.citizensbankonline.com/akam/11/7c3ed55c
104.110.3.220404 Not Found 9 B URL HTTP/2 www4.citizensbankonline.com/akam/11/7c3ed55c
IP 104.110.3.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Fri, 02 Dec 2022 09:35:13 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=C445BA0412BACFEAC08CC2B61AF40A41~000000000000000000000000000000~YAAQnE8kFxJ/aoSEAQAAi6Mw0hFaTtaMS8O8cd2hRuG4IVMRoJYcNYgFwxf+jNTa/vgi/7TfsdR83BSJoAcMcbwaMR1KmQf1rGo/pVWCRtEj5BcdOOk8ASicJq7mi/mSacKvHyldrT4b9lLC6o5EW6u6BInPx3wtTUpGfVL+AX+1fAY2al5sty7bX50eS4D/kkLZYaqU4NGI6+do6MMeoE6QqUpWIjjCxfjtx5VvdwiWGVcamN5FLAzr+FjQL0F1yjJJe3OOseXvIfNxp1JPKXdCrXnKNmdGcKd68OlYWj+mrFTsgLyS8jKg+q5bqiW3CffNEiprSQPT9KQorQDXQ1tffTV3l+8/gOtBPpKiLpx0gcnd69R3r8ogjofPKmjk0tmjXQqmk4k3FnscIMEPeTo6aClw; Domain=.citizensbankonline.com; Path=/; Expires=Fri, 02 Dec 2022 11:35:13 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
104.110.3.220200 OK 10 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
IP 104.110.3.220:0
Hash e8a5a242bcaea8c7314ccbb04612d922
101e2286a81e108dd00c618032d793b2dc5366b3
8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7
GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5edc9641aad15"
last-modified: Sun, 27 Nov 2022 07:08:21 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2288
x-olb-req-received: t=1669530644191012
content-length: 10382
cache-control: max-age=75574
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
104.110.3.220200 OK 4.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
IP 104.110.3.220:0
Hash cc2102df58511c9a2653b1dff48ca8d7
64790e6adff6768178ab7d0ad9a4fbc2849b81f2
b9abbff7d9e75763790fd3b291f21525fe85583b397fe5f4b260bc99ff48aab7
GET /efs/efs/jsp-ns/scripts/main.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4c03-5edc964dedd7d"
last-modified: Sun, 27 Nov 2022 15:55:38 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=879
x-olb-req-received: t=1669530653809909
content-length: 3967
cache-control: max-age=52481
expires: Sat, 03 Dec 2022 00:09:54 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
104.110.3.220200 OK 39 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
IP 104.110.3.220:0
Hash 2940c843ff15ab8e9f02511625f33e57
98ccd0fb1d60770a1aadf90d41daa49cab543cb3
4aed3165815cc1806999483e40a47863accf1cead25769de0162921f2f590298
GET /efs/efs/jsp-ns/scripts/plugins.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "31d24-5edc964dee165"
last-modified: Sun, 27 Nov 2022 06:35:06 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=8343
x-olb-req-received: t=1669530653813612
content-length: 38875
cache-control: max-age=75574
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
104.110.3.220200 OK 1.4 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
IP 104.110.3.220:0
File type ASCII text, with very long lines (4237)
Hash f42064b9d324029ba5cb5afccc50b641
3993f47a728f00ee410a143361ab33b0339455f7
b02a1a4d60ab1f5c740784e9a27a7f0a85178466573fb29fb0bd7afdccf7b5f0
GET /efs/efs/jsp-ns/scripts/placeholders.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "10aa-5edc96484685d"
last-modified: Sun, 27 Nov 2022 06:37:08 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=384
x-olb-req-received: t=1669530653872351
content-length: 1394
cache-control: max-age=75574
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
104.110.3.220200 OK 3.1 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP 104.110.3.220:0
File type ASCII text, with very long lines (17412)
Hash ac9a70a6f100c02749dfadb709b6eadf
69906e55ace36c217a52d428029a3c71dc16a7e4
466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a
GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5edc964deba56"
last-modified: Wed, 30 Nov 2022 02:33:28 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=789
x-olb-req-received: t=1669617192139638
content-length: 3118
cache-control: max-age=30436
expires: Fri, 02 Dec 2022 18:02:29 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
104.110.3.220200 OK 5.5 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
IP 104.110.3.220:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 088d590db53a3ede82a998537283c75d
87ed57fd5e2a623f35f80a3684c2de916ce4e2f8
d45c62a7108121887dc8866d445dde985d96b82143b3da2c9068e32caf316db4
GET /efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "3c36-5edc9641ad03d"
last-modified: Sun, 27 Nov 2022 06:37:37 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=762
x-olb-req-received: t=1669530644064943
content-length: 5535
cache-control: max-age=75574
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
104.110.3.220200 OK 2.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
IP 104.110.3.220:0
Hash 07507f946ee4b2b9d4affc283b431119
00218cebeb305b00ae4ef74e4a67957d3c43e6f2
44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830
GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5edc964de6466"
last-modified: Wed, 30 Nov 2022 02:15:03 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=581
x-olb-req-received: t=1669530667838138
content-length: 1975
cache-control: max-age=15684
expires: Fri, 02 Dec 2022 13:56:37 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
104.110.3.220200 OK 1.2 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
IP 104.110.3.220:0
Hash e9404d7ddc1ef0b93851879620bfea8a
69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772
GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5edc964de6466"
last-modified: Sun, 27 Nov 2022 06:40:33 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=507
x-olb-req-received: t=1669530653662549
content-length: 1227
cache-control: max-age=75574
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
104.110.3.220200 OK 2.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
IP 104.110.3.220:0
Hash 0a445a15e0f09a7738952731fdf3fe9d
3d4cef20189303cc4f24c27da1b8d2043e700cea
173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54
GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5edc96484414d"
last-modified: Sun, 27 Nov 2022 06:32:58 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=517
x-olb-req-received: t=1669530653750963
content-length: 2300
cache-control: max-age=75574
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:13 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19329%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:13 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
104.110.3.220200 OK 32 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Hash d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "7ce0-5edc964deb286"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1669530644781082
x-olb-req-duration: D=188
access-control-allow-origin: *
cache-control: max-age=161893
expires: Sun, 04 Dec 2022 06:33:27 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19329%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:13 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
104.110.3.220200 OK 29 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
IP 104.110.3.220:0
File type ASCII text, with very long lines (32089)
Hash 82481a92ac472d179954d66e38f72d07
ea65071dbc1ab11ed29e76bdd30eabbe6cdbc3ec
c8e2e6f9e0e01dcfec7f2633efdd7f8f9d78ba3920e86a0d1231f487928b5fe4
GET /efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "169d6-5edc964844d05"
last-modified: Sun, 27 Nov 2022 06:32:48 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=4738
x-olb-req-received: t=1669530714227106
content-length: 29409
cache-control: max-age=75573
expires: Sat, 03 Dec 2022 06:34:47 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:23:40 GMT
etag: "26ce-5c06907e37700"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669973713999719
x-olb-req-duration: D=193
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=823
expires: Fri, 02 Dec 2022 09:48:57 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=174, origin; dur=69
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=0C9F7404672C58E70EE68A918E2FBCB6~000000000000000000000000000000~YAAQnE8kFxl/aoSEAQAArqQw0hH3oH5HYbEp2+tGf2QgdvDSQ7aVYYSOIiU7oeP5fGtcFrikNclsAUB3pMO8GPY7bivosBWL+UbEVXzHjrdTpfXeSQSbm/9kntjwVxllzX6g5fRbH6MCsfKcIvUyUXYv/hdAlxXL9vOLSynU9yCOWglwQdXQzo3BnwWgwq1lSC8PVIsQOHLUX1/qxWrUzRv3OjIFRt1Wm5GmCuxlJH1Xgw1nAiG4qbrg2DdT8/uVRG2m9eznqd5cxZ+qx4EZxYZSSMoeuQK+0t0so+ZF0ekk6XV8cYkkAPrONx5lW0BByeDi6XDdJkHbElPbXiIp+KQ8w+K0dxU/Z5E/OHQgC8sN5s7cLjXr9ooo9glXT8Cb052DaG1y79U8mSWFNSZdJL5dTxdX; Domain=.citizensbankonline.com; Path=/; Expires=Fri, 02 Dec 2022 11:35:13 GMT; Max-Age=7199; HttpOnly
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 09:08:57 GMT
cache-control: public,max-age=3600
age: 1577
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www4.citizensbankonline.com/akam/11/7c3ed55c
104.110.3.220404 Not Found 9 B URL HTTP/2 www4.citizensbankonline.com/akam/11/7c3ed55c
IP 104.110.3.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Fri, 02 Dec 2022 09:35:14 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=431F40212619D501EC57C26E2F63B036~000000000000000000000000000000~YAAQnE8kFxx/aoSEAQAA26Qw0hF/d9KiHOePX2mwss4/94PWvAIzXUpROnYLq2Snj53S312Ajc06OmS11JmDMj9D+e1R8o+i0aKBoHTlQJ63LNpiqRRgXRpMm2N3TLuPhm0U0uTFwbM/4KgniPrq5WcNKoxc8yIUnWuoFI1PGkVb6FluNNpoZVJeiVpjLBX4n86sRBh6nVlakFNNKryCqsMQPhj7Hal7YTCGToAXEUgCofxcJDTvRzTGByCPyc8OZHbESWLhvdNUJZBvm3J/aDkNilvO2FeS7t437Ef1YqnIp/5lesKTsrtyZFs8aJHY8P2b0Bxdg8c1a+c+SWK6j16PLlUU6VuLt4fsEaRgGl7J95tWl5SmXwP8Q8qSbr5CArf1HiXFhQA6zwjcH9+zC1vmiNR7; Domain=.citizensbankonline.com; Path=/; Expires=Fri, 02 Dec 2022 11:35:14 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 190
Cache-Control: max-age=171290
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:35:14 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:10:04 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19329%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:14 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:23:40 GMT
etag: "26ce-5c06907e37700"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669973713999719
x-olb-req-duration: D=193
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=869
expires: Fri, 02 Dec 2022 09:49:43 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=95, origin; dur=69
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=7815877D4FADD69AFEDD567392E7439A~000000000000000000000000000000~YAAQnE8kFyJ/aoSEAQAAgqUw0hEoHUBC+Jr6dFHRoqNuKPUwl1fmiJGPKBuZ8q1X7nfLKz5JBgGSI5IQnaCfkjwd9cFdTIYE9IYOU8Xtva7o50pvEdlvypOM9wEBhf44z+i7ghrkjn6VT9/5JMJfBjcKMwi4JSSuR62JhWGno5K0BHdFDtqf4R/BpxHi5EBTutaEr2GFcw7AatC5IYoKh4ryU+1W0NsTR+f5T5LijtUPhBo7GS1pWZFw9/Wa3TCD2HgCNcQYgfnFPawBROflDenAu1rsp9BgjmwhxrzM1Mmm6Fq6hQEYZ2bGcj5OuNaEs8sFg12HAf7FjsnQOFj0lzjGnHzChc+kHWVzXsQt00jRqB9UIf+tKCOwcyYqlH14n+8Ic4BxJ9QlYab5BvlXo2Fq04HC; Domain=.citizensbankonline.com; Path=/; Expires=Fri, 02 Dec 2022 11:35:14 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
104.110.3.220200 OK 292 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
IP 104.110.3.220:0
File type PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cc1227"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1669530653636884
x-olb-req-duration: D=177
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161665
expires: Sun, 04 Dec 2022 06:29:39 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
104.110.3.220200 OK 364 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
IP 104.110.3.220:0
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbab17"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1669530644027005
x-olb-req-duration: D=101
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161779
expires: Sun, 04 Dec 2022 06:31:33 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
104.110.3.220200 OK 1.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
IP 104.110.3.220:0
File type PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4d20"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1669530644861876
x-olb-req-duration: D=147
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161683
expires: Sun, 04 Dec 2022 06:29:57 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
104.110.3.220200 OK 1.1 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
IP 104.110.3.220:0
File type PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1669530644127915
x-olb-req-duration: D=108
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161734
expires: Sun, 04 Dec 2022 06:30:48 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
104.110.3.220200 OK 165 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
IP 104.110.3.220:0
File type PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5357"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1669530644111962
x-olb-req-duration: D=95
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161773
expires: Sun, 04 Dec 2022 06:31:27 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
104.110.3.220200 OK 18 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Hash 022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
GET /efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "485c-5edc9641a5b0d"
accept-ranges: bytes
content-length: 18524
x-olb-req-received: t=1669530644749296
x-olb-req-duration: D=159
access-control-allow-origin: *
cache-control: max-age=161805
expires: Sun, 04 Dec 2022 06:31:59 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
104.110.3.220200 OK 32 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Hash 0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
GET /efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "7c78-5edc9641a7a4d"
accept-ranges: bytes
content-length: 31864
x-olb-req-received: t=1669530644788071
x-olb-req-duration: D=167
access-control-allow-origin: *
cache-control: max-age=161840
expires: Sun, 04 Dec 2022 06:32:34 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
104.110.3.220200 OK 28 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Hash 76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "6ccc-5edc964de9b16"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1669530644378190
x-olb-req-duration: D=138
access-control-allow-origin: *
cache-control: max-age=161737
expires: Sun, 04 Dec 2022 06:30:51 GMT
date: Fri, 02 Dec 2022 09:35:14 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zc2q104f5W4qybwyzV3NdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6J75wtuafmBsymtrFKS2/Xs0yXc=
secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19329%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:14 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19329%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:14 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js
20.11.65.188404 Not Found 315 B URL HTTP/1.1 secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js
IP 20.11.65.188:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery Phishing - Citizens Bank
urlquery DynDNS domain detected
GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=cfd88968056c9308f4773943c&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19329%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:35:15 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
104.110.3.220200 OK 14 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
IP 104.110.3.220:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e
GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "3653-5edc9641b8005"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1669530689268693
x-olb-req-duration: D=154
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161823
expires: Sun, 04 Dec 2022 06:32:18 GMT
date: Fri, 02 Dec 2022 09:35:15 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
104.110.3.220200 OK 11 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
IP 104.110.3.220:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f
GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "2a77-5edc9641b83ed"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1669530651482186
x-olb-req-duration: D=168
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=161756
expires: Sun, 04 Dec 2022 06:31:11 GMT
date: Fri, 02 Dec 2022 09:35:15 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3Dcfd88968056c9308f4773943c%26country%3D%26iso%3D
54.230.111.35200 OK 397 B URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3Dcfd88968056c9308f4773943c%26country%3D%26iso%3D
IP 54.230.111.35:0
File type ASCII text, with very long lines (396)
Hash ad2242d69b8464f88930f112c3197f79
6fd3e8ab50fa81fa1c99cef26b0d967452aa1fe2
60ccfbf940bb38dbeecb06c9a7bb55453f427aa88e37f63ab49a475f79a7374c
GET /citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3Dcfd88968056c9308f4773943c%26country%3D%26iso%3D HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 397
Connection: keep-alive
Server: nginx
Date: Fri, 02 Dec 2022 09:35:15 GMT
Expires: Fri, 02 Dec 2022 09:35:14 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JA0LKaUg3GxmvytORiUyRRof3nk0xNVN1XN8ULRP854OdTgbu63qxA==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a38fe499fbc9d7b6560e992b497afb28
a3e542e6ca157422916ed33bb58e756e31381ac2
f7a4731734b5145ca3fc3d39b043e8c0fd75fab059f8bb24151438e06dfa7658
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 111
Cache-Control: max-age=160411
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:35:15 GMT
Etag: "638995ff-1d7"
Expires: Sun, 04 Dec 2022 06:08:46 GMT
Last-Modified: Fri, 02 Dec 2022 06:06:55 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
54.230.111.35200 OK 31 kB URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
IP 54.230.111.35:0
File type ASCII text, with very long lines (1970)
Hash a0dba5dbfa16042bda087c6083552e9a
cc89e54e8e3270b77981a7432eab61216566d142
591fc45eb6acfef9e3b2135060c5aa24a0a1d2e16ee8212bbce4707a28904428
GET /citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 15 Nov 2022 01:44:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 04:24:01 GMT
ETag: W/"7f943d1386ac8d666a04c5f7c1aca6a2"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: 7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aXRzJ35gPHcH22jjXRZoQSp0KG48NAKWU778TPHqWCZDgdoa6sCJhg==
Age: 1497049
nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
54.230.111.35200 OK 4.5 kB URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
IP 54.230.111.35:0
File type ASCII text, with very long lines (564)
Hash 4eee113a2cbdf5637739f6a81b76e867
ca348fd2104cca87655b1b8e628cedf28ab602c7
4f07acd76593e8e79d3b728d040920b09dd91517601cfd7b082694db3ba4a450
GET /citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 01:28:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:21 GMT
ETag: W/"83105033d3f7f9905b026d4c409b655e"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: UC6_GkBHShiJU9saRInmbngEX7lPiXpp
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AhnzAqwJ0sNGX0cpTE0DyjTWyYkLLwa2Y0wKQGFzF37asv9Lm-Vmmw==
Age: 2448409
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954
52.30.42.211302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954
IP 52.30.42.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure03citizen.myvnc.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-02cc342ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=35494007404966871692926027356474599895; Max-Age=15552000; Expires=Wed, 31 May 2023 09:35:15 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: vNs+bkUlTag=
Content-Length: 0
Connection: keep-alive
cdn.appdynamics.com/adrum/adrum-latest.js?
143.204.55.107200 OK 40 kB URL HTTP/1.1 cdn.appdynamics.com/adrum/adrum-latest.js?
IP 143.204.55.107:0
File type ASCII text, with very long lines (644)
Hash cd86db0f552897dc33e8433d0cf9bad2
676df314ca85d1418ffb110f3979c31281da027d
fd30f76d2b4bebd4b4bd680793a8a993b46a15808c0cea0533e629fc2990889f
GET /adrum/adrum-latest.js? HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 06:21:09 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:13 GMT
ETag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dRorCyYHQWpAQxaQETVFSBHYwI7PkUa6bh0pzizZ-iSk8afQqCL_8w==
Age: 2430846
dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954
52.30.42.211200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954
IP 52.30.42.211:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669973711954 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure03citizen.myvnc.com
Content-Type: application/x-www-form-urlencoded
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure03citizen.myvnc.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0a4852727.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: EIougQaEReY=
Content-Length: 124
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash f17527290734860e18b0442bd91d3bff
eac39bf60d4d4208287e5696fb9030032ffc6309
ae89cb31845e03f6c810e65f50ef692d67b0c0e55140fbfb73d0b7b1ce5edc6c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 03:43:24 GMT
Expires: Wed, 07 Dec 2022 03:43:23 GMT
Etag: "eac39bf60d4d4208287e5696fb9030032ffc6309"
Cache-Control: max-age=410287,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773312485a251c0a-OSL
lptag.liveperson.net/tag/tag.js?site=89632304
178.249.97.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=89632304
IP 178.249.97.23:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd
GET /tag/tag.js?site=89632304 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:15 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
143.204.55.107200 OK 20 kB URL HTTP/1.1 cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP 143.204.55.107:0
File type ASCII text, with very long lines (574)
Hash cca1b9c013b93bd73bf4f55b122ba8db
ed011720d910a5b69db06ebaabcd95d013255752
d5ef573c9770681c3a75ec78445d0c785ca6659a0cf25f145ddfbae414b0b77a
GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 16 Nov 2022 01:06:39 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:12 GMT
ETag: W/"6317b608-d132"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pefSrAHluJwoebxg21_fxJ6J7-rwk7NS9lKUJx9O66GsF9fcKs80XA==
Age: 1412916
nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
151.101.193.175200 OK 516 B URL HTTP/2 nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
IP 151.101.193.175:0
File type ASCII text, with very long lines (573)
Hash 0949250dbf9dfbf5a4b558745f9c2777
501ab60bb5a0f1febd09ff9335c897391f8fb8e4
25ca704d115ceeb422832620edfaf6425e94e31b10ecb420644a967e20105943
GET /wu/356861/onsite/embed.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7q4E+xJya3JQN02XYVcawmxqX7Vp8BBOuEH782L5SG5wU1Ky5WmN4+xTgd0GSFqBZygzHz92MKg=
x-amz-request-id: T3YET0YCYQ48Q1VS
last-modified: Thu, 17 Nov 2022 01:43:28 GMT
etag: "d702a2b9ebe4f8826d0a3b100f1e7b3d"
x-amz-version-id: mptjfWx1ykDRDnf_B8nj8XXvWUEoGBBU
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:35:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1678-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669973716.598668,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 516
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
151.101.193.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP 151.101.193.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 09:35:15 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1661-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669973716.624684,VS0,VE0
Strict-Transport-Security: max-age=31557600
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
151.101.193.175200 OK 115 kB URL HTTP/2 nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP 151.101.193.175:0
File type Unicode text, UTF-8 text, with very long lines (53474)
Size 115 kB (115133 bytes)
Hash 7ed0576023d7e4cdb6411897ed856328
38ea0ed2a3b78b8ad6b474be67c5922124342c11
fbfdcefb6749b742b55a9d6c2d2e294772d67cf51a3ef7b1929ee75107ea1f7c
GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: R245FGFYgLzgm6CjhZXX391x+/nrm8EsevbjLVXUitRuMOvvg1EDEb/G66Uls1eoe7HL3lmQCiY=
x-amz-request-id: T3Y691PWPTBXF4W3
last-modified: Thu, 17 Nov 2022 01:43:27 GMT
etag: "7dd7a0cbfa04919de4a6dd07c7075dbc"
x-amz-version-id: 9Qu9pUDBqhBI0WezIkmyLK82GWZf1Oui
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:35:15 GMT
via: 1.1 varnish
x-served-by: cache-bma1678-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669973716.640431,VS0,VE3
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 115133
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ce37079d5e37f82faf5760f5fc20817
0f62b29be71d1bb0acb227ca3837a5306c66de6e
4b4de7e71f57c10f21b03ad49afcb469d26f4b480bb80e5d7c58fdc6dd46befa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=139807
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:35:15 GMT
Etag: "638945f2-1d7"
Expires: Sun, 04 Dec 2022 00:25:22 GMT
Last-Modified: Fri, 02 Dec 2022 00:25:22 GMT
Server: nginx
Content-Length: 471
smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669973713695
13.36.218.177200 OK 48 B URL HTTP/2 smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669973713695
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 94cb6307a699bb57721da05ba381a310
b78bb5486b0c7fc68b481aadae47f2f264ba1e42
f9ca4de1e5069a54fea19656ab8aaf545b894ec575287bdb71993f79457048a9
GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669973713695 HTTP/1.1
Host: smetrics.citizensbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://secure03citizen.myvnc.com
access-control-allow-credentials: true
date: Fri, 02 Dec 2022 09:35:15 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=0%7CMCMID%7C48683407693083619850113673392192057574; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Sun, 01 Dec 2024 09:35:35 GMT;
s_ecid=MCMID%7C48683407693083619850113673392192057574; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Sun, 01 Dec 2024 09:35:35 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
104.18.14.22301 Moved Permanently 167 B URL HTTP/1.1 cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP 104.18.14.22:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 09:35:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
X-Cache: Redirect from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q_fPq-2gKAL197l98mf5Ms0yn5ms2vfpV4yQxBYdEt7BPZ6vZQb9qw==
CF-Cache-Status: EXPIRED
Expires: Fri, 02 Dec 2022 13:35:15 GMT
Cache-Control: public, max-age=14400
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7733124a3bfdb4eb-OSL
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=48683407693083619850113673392192057574&ts=1669973714052
52.30.42.211200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=48683407693083619850113673392192057574&ts=1669973714052
IP 52.30.42.211:0
File type JSON data\012- , ASCII text, with very long lines (3749), with no line terminators
Hash 9747b88a2337330f71e3d33d1ff828d3
3f95ac672cb942f8e83ea5d9fec058fd1e6587c4
2babcc2e7b25867eaea59b9611a7cab7ffca412db001268a48a45e454ea92fc0
GET /id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=48683407693083619850113673392192057574&ts=1669973714052 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure03citizen.myvnc.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-02fc48b13.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=48641359294801990140116225665699253889; Max-Age=15552000; Expires=Wed, 31 May 2023 09:35:16 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ngZE1gl3RNQ=
Content-Length: 1314
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e2b6ccb9f5d8fee37abd8748412c034a
9d31a7515ded7a85745d97fb078e8f367f491463
ffda755188b8f9dc60bbb6723c873db7862ceaf0f1a031f1ea709f434265b54f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 562
Cache-Control: max-age=122345
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:35:15 GMT
Etag: "6388ff8a-117"
Expires: Sat, 03 Dec 2022 19:34:20 GMT
Last-Modified: Thu, 01 Dec 2022 19:24:58 GMT
Server: ECS (amb/6BA5)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14257
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 09:35:15 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14257
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 09:35:15 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14257
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 09:35:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 31221
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 43228
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:08:56 GMT
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
age: 41179
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 17nFm7AQdmRYS_af-EJ4XBVw8l3YudcphlpcZMveuVjvjhhYdkAQsw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:33:10 GMT
age: 39725
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ea44d6cb116fb1f5752ce9bb87e345
f799dfd89a4f5a452dc837b8616549f578fb4184
e9087e7fce332289d67d4d5646d0233c2f2d871cc88dc1c51d5ea1e9f2fb5abd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15495
x-amzn-requestid: 977cdbce-3a9c-4006-a5a1-5c4c82bd4a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDIFxzIAMFzEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-4b2cb3a16ca745537a8caf8c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nwKxQKsw8g5zCzfMFu_XpOac5rhImez29TKrycGJzozZyHTzoCHASw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:20:06 GMT
age: 40509
etag: "f799dfd89a4f5a452dc837b8616549f578fb4184"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1250c1e7-37f4-4697-8233-d05f398cb066.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1250c1e7-37f4-4697-8233-d05f398cb066.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0fc684e61682c4078a82ee3d901ae52
ea65ad98933ec58afa3fa5c7642491d77db7e6c2
5e953012dba2b85cfda5befe2448ab87fbc2432a071e11a33b44be4f5148a4a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1250c1e7-37f4-4697-8233-d05f398cb066.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6752
x-amzn-requestid: f398ce98-353e-4783-aa42-dbf1ad036ab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepE6roAMF4zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0753d209291e197e7c6422a6;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JZAFwGz7kAWplsA1qeraQTjirrZb29JTnUPii5BcPg5tzxcBLtt0WA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:24:25 GMT
etag: "ea65ad98933ec58afa3fa5c7642491d77db7e6c2"
content-type: image/jpeg
age: 40250
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash a5f8d67ea4c986f9d11317ffa33545f9
7610a6ff4fd79449e0b25a85217eeb1b61958db2
8a98966001f4b39e69430ab98d799e5981d19a8276cadd946b6aae6a51adc120
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 09:35:15 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 08 Dec 2022 15:31:00 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "7610a6ff4fd79449e0b25a85217eeb1b61958db2"
Last-Modified: Thu, 01 Dec 2022 15:31:01 GMT
X-Proxy-Cache: HIT
citizensbank.demdex.net/dest5.html?d_nsid=0
54.154.29.158200 OK 2.8 kB URL HTTP/1.1 citizensbank.demdex.net/dest5.html?d_nsid=0
IP 54.154.29.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: citizensbank.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 2 Dec 2022 09:35:16 GMT
DCS: dcs-prod-irl1-1-v045-05e780d2b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: G5OJFZwbQ8o=
transfer-encoding: chunked
Connection: keep-alive
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vc2VjdXJlMDNjaXRpemVuLm15dm5jLmNvbS9sb2dpbi5waHA/b25saW5lX2lkPWNmZDg4OTY4MDU2YzkzMDhmNDc3Mzk0M2MmY291bnRyeT0maXNvPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTczNzE0MDM5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjMwYTQ2NDMzYi0wYTM2ZWVmZThkMWIzMDgtYzUwNTQyNS0xNDAwMDAtMTg0ZDIzMGE0NjUzYzkiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9zZWN1cmUwM2NpdGl6ZW4ubXl2bmMuY29tL2xvZ2luLnBocD9vbmxpbmVfaWQ9Y2ZkODg5NjgwNTZjOTMwOGY0NzczOTQzYyZjb3VudHJ5PSZpc289Iiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4NWIyLTFhZTUtMjk3NS1hMzdiLTIyZmEtNWFlYi0xNjVlLWZmZDMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk3MzcxNDAzNyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMDgsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ4LjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ4LjAiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5NzM3MTQwMzksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vc2VjdXJlMDNjaXRpemVuLm15dm5jLmNvbS9sb2dpbi5waHA/b25saW5lX2lkPWNmZDg4OTY4MDU2YzkzMDhmNDc3Mzk0M2MmY291bnRyeT0maXNvPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTczNzE0MDM5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjMwYTQ2NDMzYi0wYTM2ZWVmZThkMWIzMDgtYzUwNTQyNS0xNDAwMDAtMTg0ZDIzMGE0NjUzYzkiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9zZWN1cmUwM2NpdGl6ZW4ubXl2bmMuY29tL2xvZ2luLnBocD9vbmxpbmVfaWQ9Y2ZkODg5NjgwNTZjOTMwOGY0NzczOTQzYyZjb3VudHJ5PSZpc289Iiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4NWIyLTFhZTUtMjk3NS1hMzdiLTIyZmEtNWFlYi0xNjVlLWZmZDMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk3MzcxNDAzNyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMDgsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ4LjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ4LjAiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5NzM3MTQwMzksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vc2VjdXJlMDNjaXRpemVuLm15dm5jLmNvbS9sb2dpbi5waHA/b25saW5lX2lkPWNmZDg4OTY4MDU2YzkzMDhmNDc3Mzk0M2MmY291bnRyeT0maXNvPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTczNzE0MDM5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjMwYTQ2NDMzYi0wYTM2ZWVmZThkMWIzMDgtYzUwNTQyNS0xNDAwMDAtMTg0ZDIzMGE0NjUzYzkiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9zZWN1cmUwM2NpdGl6ZW4ubXl2bmMuY29tL2xvZ2luLnBocD9vbmxpbmVfaWQ9Y2ZkODg5NjgwNTZjOTMwOGY0NzczOTQzYyZjb3VudHJ5PSZpc289Iiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4NWIyLTFhZTUtMjk3NS1hMzdiLTIyZmEtNWFlYi0xNjVlLWZmZDMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTk3MzcxNDAzNyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMDgsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ4LjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ4LjAiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5NzM3MTQwMzksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:16 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-1rnj
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 619d859dd49c68a2227ec6a949cc2b21
6e6989f52c60242ca2b1b3a7f96d54f3030e4567
9f0f14a595fcb4f0ed570186ee1ce0f0b0598fe56a34532002d3cbb00de0af3b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=148381
Date: Fri, 02 Dec 2022 09:35:16 GMT
Etag: "63896650-1d7"
Expires: Sun, 04 Dec 2022 02:48:17 GMT
Last-Modified: Fri, 02 Dec 2022 02:43:28 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MneW0IcAz3ea0jO8eRimQv5IOZker5c2FZSAxbnbpMhW3rFY2OQv3w==
Age: 289
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d%3A0&_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c&pv=2&f_cls_s=true
3.87.234.62200 OK 429 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d%3A0&_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c&pv=2&f_cls_s=true
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Hash 2e7a9d6190f8208c5d98dc8f52b9cb0f
805114c2118cd2e1c5bf460c8a46adfd14c299a1
b8efdd30decf4f4da8538aa0daa8355bb7af7d8f116b87b54f903af057c514cc
GET /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d%3A0&_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c&pv=2&f_cls_s=true HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:16 GMT
Content-Type: application/json
Content-Length: 429
Connection: keep-alive
Set-Cookie: AWSALB=Z2GM2EPc+8ld4RhCI670cOk3+nMk9s5kujH+2ImsLSO6YK1Dd6En55HqD+ygBqEc3BYmbYrHyamVsv63q5fEBsymK5Pg9EFL5eLzY7pNbEO2ZfZCrCe9KZ714StG; Expires=Fri, 09 Dec 2022 09:35:16 GMT; Path=/
AWSALBCORS=Z2GM2EPc+8ld4RhCI670cOk3+nMk9s5kujH+2ImsLSO6YK1Dd6En55HqD+ygBqEc3BYmbYrHyamVsv63q5fEBsymK5Pg9EFL5eLzY7pNbEO2ZfZCrCe9KZ714StG; Expires=Fri, 09 Dec 2022 09:35:16 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d:0; Secure; SameSite=None
_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://secure03citizen.myvnc.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5035
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash b40e46c36a76b63011dd0b0e054773a1
754ff815bb8e94423cd4b5016d0bc4ea7c457ef9
fe0cc26a447d9c46e21cbe67832fbaa1abf29c7a4b51d56def0a485067eb2a13
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=152994
Date: Fri, 02 Dec 2022 09:35:16 GMT
Etag: "63896095-1d7"
Expires: Sun, 04 Dec 2022 04:05:10 GMT
Last-Modified: Fri, 02 Dec 2022 02:19:01 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dNpwUEqsYc-nS6x85aR54OSRfaORwfZDEiPQGzulhVaUuedGl2bcGg==
Age: 6369
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e7de49da8836d1221462d949e6d9c902
f7bfa20592de96814622531d659c742de0c50edf
4e8405233bb5e4b03a04b6045987670a6e6cd651eafbe3af8378811113f68541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 04:31:52 GMT
Expires: Tue, 06 Dec 2022 04:31:51 GMT
Etag: "f7bfa20592de96814622531d659c742de0c50edf"
Cache-Control: max-age=326794,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77331251a91bb517-OSL
cm.everesttech.net/cm/dd?d_uuid=48641359294801990140116225665699253889
52.27.64.66302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=48641359294801990140116225665699253889
IP 52.27.64.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=48641359294801990140116225665699253889 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 02 Dec 2022 09:35:16 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4nG1AAAAGP3ZQN2; Domain=.everesttech.net; Expires=Sat, 02-Dec-2023 09:35:16 GMT; Path=/
everest_session_v2=Y4nG1AAAAGP3ZgN2; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4nG1AAAAGP3ZQN2
Server: AMO-cookiemap/1.1
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e7de49da8836d1221462d949e6d9c902
f7bfa20592de96814622531d659c742de0c50edf
4e8405233bb5e4b03a04b6045987670a6e6cd651eafbe3af8378811113f68541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 04:31:52 GMT
Expires: Tue, 06 Dec 2022 04:31:51 GMT
Etag: "f7bfa20592de96814622531d659c742de0c50edf"
Cache-Control: max-age=326794,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773312519b910b55-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e7de49da8836d1221462d949e6d9c902
f7bfa20592de96814622531d659c742de0c50edf
4e8405233bb5e4b03a04b6045987670a6e6cd651eafbe3af8378811113f68541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 04:31:52 GMT
Expires: Tue, 06 Dec 2022 04:31:51 GMT
Etag: "f7bfa20592de96814622531d659c742de0c50edf"
Cache-Control: max-age=326794,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77331251de0fb503-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e7de49da8836d1221462d949e6d9c902
f7bfa20592de96814622531d659c742de0c50edf
4e8405233bb5e4b03a04b6045987670a6e6cd651eafbe3af8378811113f68541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 04:31:52 GMT
Expires: Tue, 06 Dec 2022 04:31:51 GMT
Etag: "f7bfa20592de96814622531d659c742de0c50edf"
Cache-Control: max-age=326794,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77331251d9550afe-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e7de49da8836d1221462d949e6d9c902
f7bfa20592de96814622531d659c742de0c50edf
4e8405233bb5e4b03a04b6045987670a6e6cd651eafbe3af8378811113f68541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 04:31:52 GMT
Expires: Tue, 06 Dec 2022 04:31:51 GMT
Etag: "f7bfa20592de96814622531d659c742de0c50edf"
Cache-Control: max-age=326793,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773312519a701c0a-OSL
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 14 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
File type ASCII text, with very long lines (32006)
Hash 9e4c683787d49bbaa091deaf240aaf8b
0f82eb717dd78040777812ba5a7bd80328ff7f0c
391401db6985f076c374abe210de4a776c05ba8e7a5ea15a497e36f9d91043a3
GET /le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:16 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 02 Dec 2023 09:35:16 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4nG1AAAAGP3ZQN2
52.30.42.211200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4nG1AAAAGP3ZQN2
IP 52.30.42.211:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4nG1AAAAGP3ZQN2 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0480615af.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: RRMq1FwRT6o=
Content-Length: 59
Connection: keep-alive
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&env=prod&isCrossDomain=true
178.249.97.98200 OK 16 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&env=prod&isCrossDomain=true
IP 178.249.97.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32175)
Hash 4347101193232c97c6b26a2f4b768cdc
2b52c5abb4f77057ccd63f8e77f4ad1442c3f676
a2817a5f4e45812edf9d9f60141d3a58f2a3add3ded2c6f941efd1d55e95a1c8
GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:17 GMT
content-type: text/html
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 02 Dec 2023 09:35:17 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d:0&_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c&pid=2fbd1cdc-7886-4b53-bee4-2e4758b6fb7f&sn=2&cfg&pv=2&aid=
3.87.234.62200 OK 429 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d:0&_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c&pid=2fbd1cdc-7886-4b53-bee4-2e4758b6fb7f&sn=2&cfg&pv=2&aid=
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Hash 2e7a9d6190f8208c5d98dc8f52b9cb0f
805114c2118cd2e1c5bf460c8a46adfd14c299a1
b8efdd30decf4f4da8538aa0daa8355bb7af7d8f116b87b54f903af057c514cc
POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d:0&_cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c&pid=2fbd1cdc-7886-4b53-bee4-2e4758b6fb7f&sn=2&cfg&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 7917
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Cookie: _cls_cfgver=27baeec; _cls_s=9167c95f-7cea-4e77-b982-5f9f4dc1eb5d:0; _cls_v=fbc6744d-8371-4fca-bd0c-854d05e0106c; AWSALBCORS=Z2GM2EPc+8ld4RhCI670cOk3+nMk9s5kujH+2ImsLSO6YK1Dd6En55HqD+ygBqEc3BYmbYrHyamVsv63q5fEBsymK5Pg9EFL5eLzY7pNbEO2ZfZCrCe9KZ714StG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:17 GMT
Content-Type: application/json
Content-Length: 429
Connection: keep-alive
Set-Cookie: AWSALB=nNrVplIXDV/98ZxuWNduj9rwfuNh/TkMalcMNspq+XBCIASM38wrNQJHgKT5IN4uhtFuXHp6E4LiypuH7h5OdtnvfouC4PngM4QY78i+ZT5gwpXuMZBksFUQZNN8; Expires=Fri, 09 Dec 2022 09:35:17 GMT; Path=/
AWSALBCORS=nNrVplIXDV/98ZxuWNduj9rwfuNh/TkMalcMNspq+XBCIASM38wrNQJHgKT5IN4uhtFuXHp6E4LiypuH7h5OdtnvfouC4PngM4QY78i+ZT5gwpXuMZBksFUQZNN8; Expires=Fri, 09 Dec 2022 09:35:17 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://secure03citizen.myvnc.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5035
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.97.23200 OK 455 kB URL HTTP/2 lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.97.23:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 455 kB (454615 bytes)
Hash 31623a76c49cb7ec812156a2544c99c9
92d5db150de7792edd8999c2d44d2d8540bb3ba4
281ee188a5aedfc82e9cb820640cda534feeeff7dba1430152aa41f10f06ac30
GET /lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:16 GMT
content-type: application/x-javascript
set-cookie: ADRUM_BTa=R:33|g:aada93c9-71f5-44cb-b3c8-a5a50b98c198; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
ADRUM_BTa=R:33|g:aada93c9-71f5-44cb-b3c8-a5a50b98c198|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:1758181; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
ADRUM_BT1=R:33|i:1758181|e:1; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
ADRUM_BT1=R:33|i:1758181|e:1|d:2; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18f6a1223c311fb7ade7ce3d349ba0d5
49bea51b8ed8c83ddd7bcf8b3e1933fa6e497815
d26447171e2e74ed97cbebde001f77b981d2af8c48d218be83d062c19460062e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:47 GMT
Expires: Wed, 07 Dec 2022 13:42:46 GMT
Etag: "49bea51b8ed8c83ddd7bcf8b3e1933fa6e497815"
Cache-Control: max-age=446247,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77331258b9c31c0a-OSL
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
178.249.101.99200 OK 2.1 kB URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
IP 178.249.101.99:0
Hash 176130b41f6e475d8ad0376e210697ff
34fdb25ec590db1912f24a99b78cc930d332a117
4e8a6948a0a383f66337d689ea89afe3eb2858937d5a21b9239a66ccb564aee9
GET /api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:17 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:33|g:28cfaf3e-e39f-47c6-9c50-0ae49274d536; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:47 GMT; Path=/
ADRUM_BTa=R:33|g:28cfaf3e-e39f-47c6-9c50-0ae49274d536|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:47 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:47 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:2241585; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:47 GMT; Path=/
ADRUM_BT1=R:33|i:2241585|e:3; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:47 GMT; Path=/
vary: Accept
expires: Fri, 02 Dec 2022 09:36:17 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b64c8a7f1e9d4cb019ee4ea089710921
6e298681df130e8720f09168528040e4165434d6
0d8c8eeb26713f8f158b0602f67a06b7baa452936cf8af5b98ca0f02cd815eec
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:35:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 23:37:43 GMT
Expires: Mon, 05 Dec 2022 23:37:42 GMT
Etag: "6e298681df130e8720f09168528040e4165434d6"
Cache-Control: max-age=309142,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7733126139b81c0a-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 835bf6db1211429b2e333f2b042e20ba
c3d19ba0db0418f0b0f95a293a94ee475d043b6b
6a862fbd8e1aad72e0bee70f0641250705885fe653d7e6fe7f9f1394cce870bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1992
Cache-Control: max-age=112955
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:35:20 GMT
Etag: "6388d54b-1d7"
Expires: Sat, 03 Dec 2022 16:57:55 GMT
Last-Modified: Thu, 01 Dec 2022 16:24:43 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP 178.249.101.99:0
GET /api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:16 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:33|g:d5fac086-3d61-4dc4-b33c-efbe5aaed828; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
ADRUM_BTa=R:33|g:d5fac086-3d61-4dc4-b33c-efbe5aaed828|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:2241585; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
ADRUM_BT1=R:33|i:2241585|e:6; Max-Age=30; Expires=Fri, 02-Dec-2022 09:35:46 GMT; Path=/
vary: Accept
expires: Fri, 02 Dec 2022 09:36:16 GMT
x-envoy-upstream-service-time: 2
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:17 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 02 Dec 2023 09:35:17 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
104.18.14.22200 OK 0 B URL HTTP/2 cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP 104.18.14.22:0
GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:15 GMT
content-type: application/javascript
last-modified: Thu, 13 May 2021 10:48:21 GMT
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding: gzip
etag: W/"845173368b011e7fa14658b57426fe09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TjES7ym4ShstKtpj1GLznZjl8VeU-G2N0yGQlAXn4IB-OQXucq9_RQ==
cf-cache-status: HIT
age: 3063
expires: Fri, 02 Dec 2022 13:35:15 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 7733124c0ed3b4fd-OSL
X-Firefox-Spdy: h2
va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669973715770&loc=http%3A%2F%2Fsecure03citizen.myvnc.com
208.89.15.170200 OK 0 B URL HTTP/2 va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669973715770&loc=http%3A%2F%2Fsecure03citizen.myvnc.com
IP 208.89.15.170:0
GET /postmessage/postmessage.min.html?bust=1669973715770&loc=http%3A%2F%2Fsecure03citizen.myvnc.com HTTP/1.1
Host: va.idp.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 09:35:18 GMT
content-type: text/html
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
etag: W/"5f2ff440-2a51"
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2