Report - my-citi-upd.bwtmumo.workers.dev/

Report Overview

Submitted URL
my-citi-upd.bwtmumo.workers.dev/
IP
104.21.52.76
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-15 20:23:59
Access
public
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-17T05:10:35Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-17T10:42:19Z	987 B	2.2 kB	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-17T05:10:36Z	594 B	127 B	34.210.107.213
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-17T05:09:02Z	1.6 kB	4.4 kB	23.36.76.242
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-17T05:09:22Z	662 B	1.4 kB	142.250.74.3
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-17T05:09:51Z	356 B	1.9 kB	104.18.20.226
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-17T09:53:07Z	328 B	964 B	104.18.32.68
www.citi.com	26692	2012-06-25T16:23:07Z	2023-03-16T18:22:29Z	415 B	2.7 kB	104.110.29.32
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-17T11:31:19Z	394 B	32 kB	142.250.74.106
api.ipify.org	3267	2014-10-06T14:38:43Z	2023-03-16T18:12:58Z	380 B	211 B	52.20.78.240
dl.dropboxusercontent.com	12831	2019-02-11T02:24:40Z	2019-03-28T09:18:21Z	5.1 kB	219 kB	162.125.71.15
files.catbox.moe	174913	2015-06-30T01:27:11Z	2023-03-17T05:50:25Z	779 B	9.8 kB	107.160.74.131
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-17T05:09:04Z	325 B	1.6 kB	143.204.55.27
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-17T05:10:36Z	401 B	5.8 kB	143.204.55.25
my-citi-upd.bwtmumo.workers.dev	unknown			2.3 kB	567 kB	172.67.196.231
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-17T05:35:55Z	444 B	11 kB	151.101.85.229
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-17T05:09:15Z	2.6 kB	46 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Citigroup Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-15	medium	my-citi-upd.bwtmumo.workers.dev/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-05-07
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-07 12:23:54 Times Seen267191 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	my-citi-upd.bwtmumo.workers.dev/	1.3 kB	2023-03-07	2023-03-17
Pretty URL my-citi-upd.bwtmumo.workers.dev/ IP 172.67.196.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:45:27 Last Seen2023-03-17 12:26:20 Times Seen1 Hash 78a0bb3fc5e80913d4d3a4101ce9b889 43614cc0db7c8f5c1c72633b8ee83e38a75ace88 af4854795f888efcae559af155e036d1154036a9f660122c4daf0f793febbf26 Loading...

	api.ipify.org/?format=jsonp&callback=getIP	29 B	2023-03-07	2024-05-07
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 52.20.78.240 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2024-05-07 08:32:15 Times Seen16668 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	my-citi-upd.bwtmumo.workers.dev/	1.2 MB	2023-03-07	2023-03-17
Pretty URL my-citi-upd.bwtmumo.workers.dev/ IP 172.67.196.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:01:34 Last Seen2023-03-17 12:26:20 Times Seen1 Hash 0b9789cd9794512e0d53494e788146fd 32d0bbebd49e28c8e2d8a80a96bfdd8d9563b730 836274a8711069d3fdd0dae7fa319163c0364a378f64d68f9616aa11817f3f7e Loading...

	cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js	37 kB	2023-03-07	2024-05-07
Pretty URL cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-05-07 10:46:23 Times Seen55327 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	my-citi-upd.bwtmumo.workers.dev/	1.0 kB	2023-03-07	2023-03-17
Pretty URL my-citi-upd.bwtmumo.workers.dev/ IP 172.67.196.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:27:45 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 1b6bc9e9bf63ad6995ead9dcefa6364b ae1c91f79fcfc7cdbf962893c96f57e5743666b8 ec0d481955908000e6e9f2e96896c6d4977dbaec6ecc6b09d80eef919068dfeb Loading...

	my-citi-upd.bwtmumo.workers.dev/	84 B	2023-03-07	2023-04-03
Pretty URL my-citi-upd.bwtmumo.workers.dev/ IP 172.67.196.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2023-04-03 23:57:57 Times Seen28 Hash 520412486dba0be8f6db00ab2199a5cc 8917078de42620486e711423f6bbb93de7a6e2f7 1530c97a0e87b9f70cc67a64306f6e9025698fb60a278af437f31b5ad7908621 Loading...

	unknown	0 B	2023-03-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 12:30:32 Times Seen37401426 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	my-citi-upd.bwtmumo.workers.dev/	2.1 kB	2023-03-07	2024-05-04
Pretty URL my-citi-upd.bwtmumo.workers.dev/ IP 172.67.196.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:55 Last Seen2024-05-04 07:38:09 Times Seen168 Hash f614f20afbf576b484daff8f1cd754e9 1638b3a4fd33b596e4f2c0b34fb4dfda7ea5b419 b706e7f259717a7f26145ad3877f817c14b281f2fb6698998dd967cfe45304ef Loading...

		Size	First Seen	Last Seen
	#1 Write - e9a698f02c9d3a1ca03a955e74c673ea	1.2 MB	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 18:18:24 Last Seen2023-03-17 12:26:20 Times Seen1 Hash e9a698f02c9d3a1ca03a955e74c673ea 0eb2e49139090a2e0973970b042c8deab623dedf f5389f730431cea83d78418083ec15513446268ac8eab44328e69f572267a2ae Loading...

	#2 Write - 37702bd678d6f5f5e683ba4dbb6377a0	402 kB	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 18:18:24 Last Seen2023-03-17 12:26:20 Times Seen1 Hash 37702bd678d6f5f5e683ba4dbb6377a0 2a24847d3f071cdac66609f49bbb1b012ff3a5aa 6cdcb858d17845e9b42756f7aeec2f931eafce3596a074e83b407800a1cc216f Loading...

	#3 Write - 39db2257a163f22d1ec702bc018b505a	3.6 MB	2023-03-17	2023-03-17
Pretty Observations First Seen2023-03-17 12:26:20 Last Seen2023-03-17 12:26:20 Times Seen1 Hash 39db2257a163f22d1ec702bc018b505a e0f571a52a0c8ec0789e4bedc56fddb2f8a243d4 0dce0ddea1e3dddd09f8dede81cfc55451c05793b75cbbe26f4534d61edef654 Loading...

HTTP Transactions (44)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 20:10:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eujUTOhlXMT2wxduIFs_NCm9te_zkB1fkhdJl70X9CcF71UnrEZsgQ==
Age: 794

r3.o.lencr.org/

23.36.76.242

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.242:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5749
Expires: Thu, 15 Sep 2022 21:59:36 GMT
Date: Thu, 15 Sep 2022 20:23:47 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bwxYjGUr-Y6jIu-c-m8A6g-nLEA0DMUeZYPiY7FZ_XMIaiIO9dU1gA==
age: 56912
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 20:23:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

my-citi-upd.bwtmumo.workers.dev/

172.67.196.231

200 OK

188 kB

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65534)
Size
188 kB (187523 bytes)
Hash
4bb789e5e395489bfa9bb6a0a751126a
e88030f9d7e8e6f81bf87c4ff51927f992dff27d
503ef34e9f8bd98a379cec073474a346182e1dd68571b23860af0e6456d48836

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XhHGd3WhWp82UwgbMKWO%2F6cJJGOeMmLYaHrBEUjGJIhHWVzladi%2FJ%2BpZxsqdCLtQ%2BFymRaIJtC2Am0hQ90RjEtUUV2E15Q2vYh1ZWT7Ke1wQCYHUc%2FqbjxNGsupdikn1722qs2jMoc3I41fitxJDJfpX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4150b5ff5b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
62c4df88fc2f69e10d2d54c660fe2c99
a032bfd92c236fe0091a69584b379d9a79f37df5
d2c5f5dc986c5890515f14942563bea72cd106b66d2f01bc7c2432378272075a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2695
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 20:23:49 GMT
Last-Modified: Thu, 15 Sep 2022 19:38:54 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2e8e3b8dcfc70035468cee19fa0ce164
8abd549de54a56c4d8866642803817e1d411ad88
9f8702221570464be855f0cf42d77a90b745fbf6c60d5d437218d45f9603fd19

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 20:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
62c4df88fc2f69e10d2d54c660fe2c99
a032bfd92c236fe0091a69584b379d9a79f37df5
d2c5f5dc986c5890515f14942563bea72cd106b66d2f01bc7c2432378272075a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2695
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 20:23:49 GMT
Last-Modified: Thu, 15 Sep 2022 19:38:54 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js

151.101.85.229

200 OK

9.8 kB

URL HTTP/2
cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9832 bytes)
Hash
8f5516e2deb83c4c97ffcde6c908c118
769c171c51d77b3973ca33a5e9c065edb2dd33b9
2e1f2da05943fa83b074b3dbd377303f3c074b3cfe618875931fbad5542c0e0c

HTTP Headers

GET /npm/bootstrap@3.3.7/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://my-citi-upd.bwtmumo.workers.dev
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.7
x-jsd-version-type: version
etag: W/"90b5-QwpEPXSDD+m+Ju/KQx9EjBs3QPk"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 15 Sep 2022 20:23:49 GMT
age: 12343064
x-served-by: cache-fra19170-FRA, cache-bma1654-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9832
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 09:42:03 GMT
expires: Tue, 12 Sep 2023 09:42:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 297706
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
365488d9f520a9c886633aebb6d87f2d
408bc440bb79c3bd72cd5df2bb474e3d2778e2e5
345560bec20efe94b8e38ad296e0c2f80394080db73de3e4b7a55ec35ceebe97

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:49 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9833DE741156D9D167398A72F140B7DF14136681"
Expires: Fri, 16 Sep 2022 07:00:00 GMT
Last-Modified: Thu, 15 Sep 2022 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3223
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b41513fd50b4ff-OSL

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
01721134027b8087fcaea01ae7470149
e3d82b3dd35d846d3bd662a0f9b7a51cba2ba864
a7aa0a8736af71aee8a545362876a784954dbb37cda1a2c184c7ef99e14f2b56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 20:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

34.210.107.213

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.210.107.213:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9T/7/bXiSR4xCP2EQRpdVg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fMjYiVSB5CiR3bX2gwNjK/ugNOQ=

my-citi-upd.bwtmumo.workers.dev/css/all.min.css

172.67.196.231

200 OK

188 kB

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/css/all.min.css
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65534)
Size
188 kB (187523 bytes)
Hash
4bb789e5e395489bfa9bb6a0a751126a
e88030f9d7e8e6f81bf87c4ff51927f992dff27d
503ef34e9f8bd98a379cec073474a346182e1dd68571b23860af0e6456d48836

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/all.min.css HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:49 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tph4iA1mXIpsG7X7EFGOJxidEdQ490nuQ27LGizbuiCCLq7YpNWBd5QHcIBC1Sp%2BiCxzN2Yt8jhcDtIBg8hL3v%2BlWBUDHEyzQ9YVw%2BgUzgAAmQoe7yjPQC9IAX4ENaR5gg%2FLDVa6AltK6DoXItyofJay"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b415137aa4b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5a0890f76de28b917f5f437d663e6fa9
4eb47d1b9b8dce30048faa2200bcbcd5ee5317c3
99fbdd65a167b2fd9e82af4898db202e5edb109a7a36b33414660390c7f9aa65

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1070
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 20:23:49 GMT
Last-Modified: Thu, 15 Sep 2022 20:05:59 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

my-citi-upd.bwtmumo.workers.dev/css/style.css

172.67.196.231

200 OK

188 kB

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/css/style.css
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65534)
Size
188 kB (187523 bytes)
Hash
4bb789e5e395489bfa9bb6a0a751126a
e88030f9d7e8e6f81bf87c4ff51927f992dff27d
503ef34e9f8bd98a379cec073474a346182e1dd68571b23860af0e6456d48836

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/style.css HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:49 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQ%2F8i1KJW2BTBbdOnND19XoS0To9gdZ%2BPyk7RboAbeCL7DiLEDgw%2Byhl3DQBFeMnI9nKfJFVUG3Kj6ELrGpZjq%2BjslpGmaYYfze4Pl7zX12UPIu8DsYRKFJRr3av8uOf98qhxG69j7MiHG2oVuEDjYIY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b415137a03b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
817ae2f84d770515905ee2e9857639f6
067cb1dc3cbded220443d51bd30bfb92bbd35ecd
7bb9ed5d0a8878fd885c47e5e914331e65d92d29323d352dde418a2da82ad08d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 21:46:09 GMT
Expires: Wed, 21 Sep 2022 21:46:08 GMT
Etag: "067cb1dc3cbded220443d51bd30bfb92bbd35ecd"
Cache-Control: max-age=522738,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b415156d5ab51e-OSL

api.ipify.org/?format=jsonp&callback=getIP

52.20.78.240

200 OK

29 B

URL HTTP/1.1
api.ipify.org/?format=jsonp&callback=getIP
IP
52.20.78.240:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: application/javascript
Vary: Origin
Date: Thu, 15 Sep 2022 20:23:49 GMT
Content-Length: 29
Via: 1.1 vegur

r3.o.lencr.org/

23.36.76.242

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.242:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6137
Expires: Thu, 15 Sep 2022 22:06:07 GMT
Date: Thu, 15 Sep 2022 20:23:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.242

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.242:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6137
Expires: Thu, 15 Sep 2022 22:06:07 GMT
Date: Thu, 15 Sep 2022 20:23:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.242

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.242:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6137
Expires: Thu, 15 Sep 2022 22:06:07 GMT
Date: Thu, 15 Sep 2022 20:23:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.242

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.242:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6137
Expires: Thu, 15 Sep 2022 22:06:07 GMT
Date: Thu, 15 Sep 2022 20:23:50 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6770 bytes)
Hash
2e5f57ba37fac4e6047a9a321a8ec084
f6b742549ea35a4b1345cffb937a8bbcceee08ef
f8c67c54806e47089b9ba297599e3e4cde1fd2e2e38b76acc9e8de0e99d7b77e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6770
x-amzn-requestid: b7c9513c-b8ba-41c7-9f9a-0a9d2266172d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEVRIAMFygA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7a4408363cdc46c9355a9f47;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fqj5PljprRruE1jwYAVwKoHkjys-RakUjzuV67_Ued6T4et99JPxPg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:45:05 GMT
age: 81525
etag: "f6b742549ea35a4b1345cffb937a8bbcceee08ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9922 bytes)
Hash
3ef9865421a37eae9a4df04083d27485
c7cf1f6a259cece60a34261ec83ee00736e1d72b
723b65ba660f22281f85d6caceea23e9cd932ee9084dc905a08a585746c4c4cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9922
x-amzn-requestid: de1e3e45-74ff-41b2-986f-e78473cb6d98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YVc1SGM7IAMFw0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631edb54-2099524d6f2c338b41eea101;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 07:10:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MtgQUzYMa3mT0lxPhQ5ZCp9XVVyBH8T0dlx_0wSLMZlaFEiCikTXMw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:25:51 GMT
age: 79079
etag: "c7cf1f6a259cece60a34261ec83ee00736e1d72b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg

162.125.71.15

200 OK

7.5 kB

URL HTTP/2
dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
7.5 kB (7504 bytes)
Hash
ce5c8d41c4931109a2c65ef4d3ea75ea
24a82edd88b19a608c78c5e9c8368c382301f527
b805412f93b15221bcb5f8eb25e98471f81a8581dd72dee8740fbca1427fb3d2

HTTP Headers

GET /s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=icon_globe_med-grey%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=gfvL4O5bKA4Vsp3p7wA5qc0EeJj4zTKuWAjnwGu1zRlUDBzNjxvG8NdbnMTDAy5K; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 155
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Thu, 15 Sep 2022 20:23:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 926151a9db6e419e9dcd58eb0f280f09
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5078 bytes)
Hash
f50c34bc30a732593e8fe465055a44ff
af100925cba1be716fd2200715d6136bd7f0c5bc
703049736ccc8815945d69634059c4cd39533417e0969107d460c36a6787c761

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5078
x-amzn-requestid: 6f825856-ec1a-464c-b8ef-f15de0d4017f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeINiGs6IAMFk7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632253f0-647208bf01fe44904b3352f0;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:21:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SJGy4ZhoAlHiv-yUCAnGWG9o2qnl8xhdHhxiwmSvaSP9fdDYOVu_-g==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 20:22:02 GMT
age: 108
etag: "af100925cba1be716fd2200715d6136bd7f0c5bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9071 bytes)
Hash
1633672fad0b564108cf81ad711dc881
d37ad0f40bc1f3f0022467dd0af2478980bd858a
cc7176a297f6009f07074fb9af796132b4452833be675bf378cc950fe81a582a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9071
x-amzn-requestid: b450f7cf-6cc7-4d1f-aef3-4496f0971727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeIxuEq6oAMF9jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632254d7-6912ef8731d81fa43b805e5b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:25:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6LDUuDX1W8-Q88pDJma0xCAd5QuJ0YV-VpJ_8LVyDHX9YN1k0fQZ8Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:36:39 GMT
etag: "d37ad0f40bc1f3f0022467dd0af2478980bd858a"
content-type: image/jpeg
age: 78431
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9400 bytes)
Hash
4833535b1650b0ac875704023b650e66
96ab8cd8e14350f730d26731f3445710324e24e2
d2b5a51e39a4890ba56e819d4d5d1d57d4d3cfc50dde42efdf23b8e9be17d1c7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9400
x-amzn-requestid: 8cf35176-18a1-427b-870c-bdae465060c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYM18E-iIAMFcmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ff4f2-427bc0ff6593e71e25b91589;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 03:11:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9ybN4lIqGCbpld1PvmjrIpnYNgHGTSgg6Qc0o8xg-ttlTvX1uNa9dQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 20:21:39 GMT
age: 131
etag: "96ab8cd8e14350f730d26731f3445710324e24e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png

104.110.29.32

200 OK

1.8 kB

URL HTTP/1.1
www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png
IP
104.110.29.32:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /CBOL/IA/Angular/assets/citilogoredesign.png HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 30 Nov 2021 10:40:38 GMT
Accept-Ranges: bytes
Content-Length: 1799
X-Akamai-CITISITE: GTDC
Strict-Transport-Security: max-age=300
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
Content-Type: image/png
X-WebKit-CSP: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Date: Thu, 15 Sep 2022 20:23:50 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=EEC3FC2489112D9C0C7FD7C6C47CBADD; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com

dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png

162.125.71.15

200 OK

5.0 kB

URL HTTP/2
dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4952 bytes)
Hash
eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

HTTP Headers

GET /s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Citi-Branding-Sprite.png"; filename*=UTF-8''Citi-Branding-Sprite.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968652168104n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 178
content-type: image/png
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4952
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 66bfd9312d6e4fe6b6e3b4bcfaa9ac6c
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png

162.125.71.15

200 OK

1.2 kB

URL HTTP/2
dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

HTTP Headers

GET /s/d7sibblybve5blb/social-media_youtube%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_youtube@3x.png"; filename*=UTF-8''social-media_youtube%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968897745048n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 166
content-type: image/png
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1175
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 697119b8879b42dcbbd1307ce739d74b
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png

162.125.71.15

200 OK

445 B

URL HTTP/2
dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

HTTP Headers

GET /s/tx4dbqw0bze09il/social-media_facebook%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_facebook@3x.png"; filename*=UTF-8''social-media_facebook%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968884486105n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 147
content-type: image/png
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 445
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4ad4640cc1cb4a40873f14fd08d8ace2
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png

162.125.71.15

200 OK

45 kB

URL HTTP/2
dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size
45 kB (44996 bytes)
Hash
7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

HTTP Headers

GET /s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Appstore-Googleplay-JDPower-Sprite.png"; filename*=UTF-8''Appstore-Googleplay-JDPower-Sprite.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968650157896n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 283
content-type: image/png
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 44996
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 031cc3014e9c4117bc53e4c8185b2688
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/al8h1wt4q4z80q1/social-media_twitter%403x.png

162.125.71.15

200 OK

1.3 kB

URL HTTP/2
dl.dropboxusercontent.com/s/al8h1wt4q4z80q1/social-media_twitter%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

HTTP Headers

GET /s/al8h1wt4q4z80q1/social-media_twitter%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_twitter@3x.png"; filename*=UTF-8''social-media_twitter%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968891955128n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 235
content-type: image/png
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1277
x-dropbox-response-origin: far_remote
x-dropbox-request-id: e4dc402f7a734fac91f95cb73a900b19
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff

162.125.71.15

200 OK

72 kB

URL HTTP/2
dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

HTTP Headers

GET /s/onrn6uufd9w6dw9/Interstate-Bold.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://my-citi-upd.bwtmumo.workers.dev
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Bold.woff"; filename*=UTF-8''Interstate-Bold.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968844676205n
pragma: public
set-cookie: uc_session=5K2S8uKA4tQkv8i6zTfNum1m30iSE3kHeZdWOLbNHgvR7grgCE9DtamqxP4AiZVh; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 449
content-type: application/octet-stream
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 71874
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 182affdcd71148ffaedb4e142620fae9
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff

162.125.71.15

200 OK

76 kB

URL HTTP/2
dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

HTTP Headers

GET /s/5pecxff6thpa7bk/Interstate-Light.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://my-citi-upd.bwtmumo.workers.dev
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Light.woff"; filename*=UTF-8''Interstate-Light.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968851764500n
pragma: public
set-cookie: uc_session=dlrizqlrZQM5IKJgXWavAgCIJrCvn62i0GUHMhJygkJxy5V46Mywr32HA12lurJv; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 500
content-type: application/octet-stream
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 75538
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 107a81074a1846a98e5a9efa48dd6fba
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png

162.125.71.15

200 OK

1.0 kB

URL HTTP/2
dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 5 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 kB (1001 bytes)
Hash
a673c51b56b022c5a190b93060e3368b
15ff8d5fa005554f2a5cf9d4c2440da5ebe8c8c0
8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc

HTTP Headers

GET /s/gd8h4cwovjh6a2u/progress-indicator-bg.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://files.catbox.moe/
Cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="progress-indicator-bg.png"; filename*=UTF-8''progress-indicator-bg.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968878381358n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 395
content-type: image/png
date: Thu, 15 Sep 2022 20:23:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1001
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4591fee9f0c64e98bc0f7d25aa20b0ab
X-Firefox-Spdy: h2

files.catbox.moe/4pgrxf.ico

107.160.74.131

200 OK

8.7 kB

URL HTTP/2
files.catbox.moe/4pgrxf.ico
IP
107.160.74.131:0
ASN
#40676 AS40676

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
8.7 kB (8747 bytes)
Hash
5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32

HTTP Headers

GET /4pgrxf.ico HTTP/1.1
Host: files.catbox.moe
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.3
date: Thu, 15 Sep 2022 20:23:51 GMT
content-type: image/x-icon
content-length: 8747
last-modified: Wed, 14 Sep 2022 16:45:20 GMT
etag: "63220520-222b"
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
X-Firefox-Spdy: h2

my-citi-upd.bwtmumo.workers.dev/css/320_Citi-PLT@3x.png

172.67.196.231

200 OK

0 B

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/css/320_Citi-PLT@3x.png
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/320_Citi-PLT@3x.png HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:50 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bDniPDsFkn%2B8uq%2B9ateTx6CQK9FYL2kvgDBaR%2Bitl89vQjTCrC9nWtz1TC3lHTvFAbmxHNRRrCrPPhuJhOpclhWRzTsxpoiWqC3aAVeYB3dnl%2B9Pfiei0Fka2jMIXcJbV9nJsSK9cpIUCgE1od2T5CbJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4151afc99b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/ttemfbjw200ljgk/050-location%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=050-location%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=gai8oZROAJ4K2utlKH7txSYjDU2DqcyS6pLRMXlQo1eDXoaEMPBpjSWWxQY8xSQQ; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 240
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Thu, 15 Sep 2022 20:23:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: a9345363bf3b4822b5bd82b1eced1e6e
X-Firefox-Spdy: h2

my-citi-upd.bwtmumo.workers.dev/css/1440_Citi-PLT@3x.png

172.67.196.231

200 OK

0 B

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/css/1440_Citi-PLT@3x.png
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/1440_Citi-PLT@3x.png HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:50 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HG7hP69l1%2Fp1d4vscndTcEVfu1YFCiXbs%2BkQGII6Czf4TzaTN%2BzR6iu7wktdNbTYvV5PAY8dTR4I6okHVowJvwezHFDwYbnjxxrf9PXpWVR3%2FnTYNJnNOvXLS%2FBZREK4IuDB2E370TBxwW%2FDEw2lzRLF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4151afd73b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

my-citi-upd.bwtmumo.workers.dev/css/320_Citi-PLT@3x.png

172.67.196.231

200 OK

0 B

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/css/320_Citi-PLT@3x.png
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/320_Citi-PLT@3x.png HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:50 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDtG9Ys7jMDhaPDARONTZBMoWG3VrUqS%2FmtRCqEX%2FICqjH941tniItK6E%2F8%2BLFgfYbKsK8VD0dTj5Ti2LY5O1ddFJ2fgPEscSRLoCFrF9l7SX%2FfQG9d8ELUTVxT7yRox7yIcCG2ZE%2Bz3Kd1ktITLQE6%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4151c1ec30b69-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

my-citi-upd.bwtmumo.workers.dev/css/1440_Citi-PLT@3x.png

172.67.196.231

200 OK

0 B

URL HTTP/1.1
my-citi-upd.bwtmumo.workers.dev/css/1440_Citi-PLT@3x.png
IP
172.67.196.231:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/1440_Citi-PLT@3x.png HTTP/1.1
Host: my-citi-upd.bwtmumo.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 20:23:50 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JdAcujB8Qu8YvbzDb%2FibMcxfk6mEpS8lJBVHz6WYHRriiRjcIsWscnWF7TtootBmjheWRmLaBLdS7LggkbVRF1MVuc%2BfD5dGVs%2BPDOxGGHMikIkvdf4xmEB4XX8e6ztQGMM06m6SZ77r8TuHHAU9Tyv2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b4151c1f62b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

files.catbox.moe/talj6r.css

107.160.74.131

200 OK

0 B

URL HTTP/2
files.catbox.moe/talj6r.css
IP
107.160.74.131:0
ASN
#40676 AS40676

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /talj6r.css HTTP/1.1
Host: files.catbox.moe
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://my-citi-upd.bwtmumo.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.21.3
date: Thu, 15 Sep 2022 20:23:49 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 17:50:03 GMT
vary: Accept-Encoding
etag: W/"6322144b-152fe5"
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self';
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP