firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 05:13:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u9U7BcEdMy4d1o8KPmc3Ysd8rkd7QHFifzC9D1gl6vcfyU5WUOuxbg==
Age: 3584
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5119
Expires: Wed, 21 Sep 2022 07:38:35 GMT
Date: Wed, 21 Sep 2022 06:13:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 93Fdplz4iJOS7RK5r1Z-xH8NcTcWI_d3hw_EutMW3YnkiG92GjYLrg==
age: 5883
X-Firefox-Spdy: h2
citl-online.site/login.php
62.204.41.126200 OK 39 kB URL HTTP/1.1 citl-online.site/login.php
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2278)
Hash eeb635ddbc6ecdf80dc3dd1560d5cc46
79d25a45c7cf8d356538880c707242d49cce469d
b7f6ee2bfa81b8bbc72345d6fcc08607ff3f8e5d7dd539de2ae74900d557f715
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 06:13:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/css/styles.7083615ebe6cea4aa24b.css
62.204.41.126200 OK 167 kB URL HTTP/1.1 citl-online.site/css/styles.7083615ebe6cea4aa24b.css
IP 62.204.41.126:0
File type Unicode text, UTF-8 text, with very long lines (1069)
Size 167 kB (167380 bytes)
Hash 821f04abb34ea1d73dffa86b303c33f0
0298260122366094cdfa2415518f4b5c550505cc
880f1f1be5284c125f0409d1b8df1d9d8e57e94ff1540c8d3698ece165732572
GET /css/styles.7083615ebe6cea4aa24b.css HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/css
Last-Modified: Thu, 08 Jul 2021 15:44:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"60e71d42-159e01"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
citl-online.site/images/1592741950571_CTA_Feedback(final).png
62.204.41.126200 OK 2.2 kB URL HTTP/1.1 citl-online.site/images/1592741950571_CTA_Feedback(final).png
IP 62.204.41.126:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
GET /images/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 2196
Last-Modified: Thu, 08 Jul 2021 15:37:08 GMT
Connection: keep-alive
ETag: "60e71ba4-894"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/320_Citi-PLT@3x.png
62.204.41.126200 OK 12 kB URL HTTP/1.1 citl-online.site/images/320_Citi-PLT@3x.png
IP 62.204.41.126:0
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /images/320_Citi-PLT@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 11562
Last-Modified: Thu, 08 Jul 2021 15:34:40 GMT
Connection: keep-alive
ETag: "60e71b10-2d2a"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/kloader.gif
62.204.41.126200 OK 19 kB URL HTTP/1.1 citl-online.site/images/kloader.gif
IP 62.204.41.126:0
File type GIF image data, version 89a, 400 x 400\012- data
Hash a90e737d05ebfa82bf96168def807c36
ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b
24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90
GET /images/kloader.gif HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/gif
Content-Length: 19110
Last-Modified: Thu, 08 Jul 2021 15:37:38 GMT
Connection: keep-alive
ETag: "60e71bc2-4aa6"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/citilogoredesign.png
62.204.41.126200 OK 1.8 kB URL HTTP/1.1 citl-online.site/images/citilogoredesign.png
IP 62.204.41.126:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
GET /images/citilogoredesign.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 1799
Last-Modified: Thu, 08 Jul 2021 15:26:28 GMT
Connection: keep-alive
ETag: "60e71924-707"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 21 Sep 2022 06:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 06:41:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 72Qkf1cVw4Gvez5MqnE2cyDucDl2doflSwQmeQJh4eLDTbtHhXB02Q==
Age: 595
citl-online.site/images/050-location@2x.svg
62.204.41.126200 OK 1.8 kB URL HTTP/1.1 citl-online.site/images/050-location@2x.svg
IP 62.204.41.126:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
Analyzer Verdict Alert fortinet Phishing
GET /images/050-location@2x.svg HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/svg+xml
Content-Length: 1752
Last-Modified: Thu, 08 Jul 2021 15:26:50 GMT
Connection: keep-alive
ETag: "60e7193a-6d8"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/1440_Citi-PLT@3x.png
62.204.41.126200 OK 28 kB URL HTTP/1.1 citl-online.site/images/1440_Citi-PLT@3x.png
IP 62.204.41.126:0
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /images/1440_Citi-PLT@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 28149
Last-Modified: Thu, 08 Jul 2021 15:35:00 GMT
Connection: keep-alive
ETag: "60e71b24-6df5"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/icon_globe_med-grey@2x.svg
62.204.41.126200 OK 3.5 kB URL HTTP/1.1 citl-online.site/images/icon_globe_med-grey@2x.svg
IP 62.204.41.126:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Analyzer Verdict Alert fortinet Phishing
GET /images/icon_globe_med-grey@2x.svg HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/svg+xml
Content-Length: 3523
Last-Modified: Thu, 08 Jul 2021 15:27:14 GMT
Connection: keep-alive
ETag: "60e71952-dc3"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 06:13:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:24:37 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
citl-online.site/images/Citi-Branding-Sprite.png
62.204.41.126200 OK 5.0 kB URL HTTP/1.1 citl-online.site/images/Citi-Branding-Sprite.png
IP 62.204.41.126:0
File type PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Hash eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
GET /images/Citi-Branding-Sprite.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 4952
Last-Modified: Thu, 08 Jul 2021 15:35:18 GMT
Connection: keep-alive
ETag: "60e71b36-1358"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/LSO_4959.jpg
62.204.41.126200 OK 108 kB URL HTTP/1.1 citl-online.site/images/LSO_4959.jpg
IP 62.204.41.126:0
File type JPEG image data, progressive, precision 8, 2160x600, components 3\012- data
Size 108 kB (108233 bytes)
Hash 7dd9aa1bc81d1bf0e77e3e08de814096
0e251835579aa147fd88c76b85b74359856c6de9
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
GET /images/LSO_4959.jpg HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/jpeg
Content-Length: 108233
Last-Modified: Thu, 02 Jun 2022 13:46:34 GMT
Connection: keep-alive
ETag: "6298bf3a-1a6c9"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/images/Appstore-Googleplay-JDPower-Sprite.png
62.204.41.126200 OK 45 kB URL HTTP/1.1 citl-online.site/images/Appstore-Googleplay-JDPower-Sprite.png
IP 62.204.41.126:0
File type PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Hash 7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
GET /images/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 44996
Last-Modified: Thu, 08 Jul 2021 15:35:38 GMT
Connection: keep-alive
ETag: "60e71b4a-afc4"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/images/social-media_facebook@3x.png
62.204.41.126200 OK 445 B URL HTTP/1.1 citl-online.site/images/social-media_facebook@3x.png
IP 62.204.41.126:0
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
GET /images/social-media_facebook@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 445
Last-Modified: Thu, 08 Jul 2021 15:36:04 GMT
Connection: keep-alive
ETag: "60e71b64-1bd"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/social-media_twitter@3x.png
62.204.41.126200 OK 1.3 kB URL HTTP/1.1 citl-online.site/images/social-media_twitter@3x.png
IP 62.204.41.126:0
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
GET /images/social-media_twitter@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 1277
Last-Modified: Thu, 08 Jul 2021 15:36:20 GMT
Connection: keep-alive
ETag: "60e71b74-4fd"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/images/social-media_youtube@3x.png
62.204.41.126200 OK 1.2 kB URL HTTP/1.1 citl-online.site/images/social-media_youtube@3x.png
IP 62.204.41.126:0
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
GET /images/social-media_youtube@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: image/png
Content-Length: 1175
Last-Modified: Thu, 08 Jul 2021 15:36:38 GMT
Connection: keep-alive
ETag: "60e71b86-497"
Expires: Thu, 22 Sep 2022 06:13:18 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff
62.204.41.126404 Not Found 278 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
push.services.mozilla.com/
34.208.31.97101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.31.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0OCu15jCioO64qkNCYBnaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SgMkZlyyjBdrFBPr5o1UWHNEJ+E=
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
62.204.41.126404 Not Found 278 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff
62.204.41.126404 Not Found 278 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
62.204.41.126404 Not Found 278 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
62.204.41.126404 Not Found 232 B URL HTTP/1.1 citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
IP 62.204.41.126:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
citl-online.site/images/favicon.ico
62.204.41.126200 OK 8.7 kB URL HTTP/1.1 citl-online.site/images/favicon.ico
IP 62.204.41.126:0
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
GET /images/favicon.ico HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 8747
Connection: keep-alive
Last-Modified: Thu, 08 Jul 2021 15:39:34 GMT
ETag: "222b-5c69e7636f980"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2db94039cb675cb250519fe57b2b3c9
37222a70df5d9a69073b4b32ebc3a5da60006001
444f4359ac25747e7c5d7e09202f195d407bc94a4933ac7ebbbaf9839bf59aff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12048
x-amzn-requestid: bc551b18-fddb-4502-8c11-b8de83d75def
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwlKzF9FoAMFp_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329b578-7e030b2e0af1d1c309d2dde6;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 12:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q4_aUdJyUhQIezjvo7LtOw_0pV-W3EkdLVzVnVB4_4gHSK9AYhrTxA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 12:43:36 GMT
etag: "37222a70df5d9a69073b4b32ebc3a5da60006001"
content-type: image/jpeg
age: 62983
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14e6ddceb639a5f4875aecb796f95c79
b1cd04a66852694284eeef16a1cde38896e33c03
4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e3MMA-NVstIsR7M9_JGH05i1e8pK17RsjyERrSMlC3uoHsWw_7ABtA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 19:18:32 GMT
age: 39287
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 681b3e236c8b9bc524d935af247ec72b
96048f054243b5a13f14ab3dd9f4a0f3f2e0feae
aaa2f649fd336f89b3c0fc1d9226f8763f5a8cd850826a7f0819ebe7414fbf2a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7383
x-amzn-requestid: 32b97df0-b979-4e80-a54f-cae77affc915
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy2sHJ_oAMF0bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31c4-2c6db6e21fa1db233a4c1f49;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgtMqpEEGh4T-E7vTcy_XhKVaoN9trQ_gtoxx1igk62zYATMmZBQCA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:30 GMT
age: 30709
etag: "96048f054243b5a13f14ab3dd9f4a0f3f2e0feae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24bb3042-6621-4dd2-99f1-4b50cc7da808.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24bb3042-6621-4dd2-99f1-4b50cc7da808.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10ad73e887b57566c4ba3ae763552a2e
63252bd8cc72452c4c6be84593d704ae9bf97d1f
7d58d096045066af053eb1a1fc3878d3e2080aa50b71aa30fa5b7929693ab004
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24bb3042-6621-4dd2-99f1-4b50cc7da808.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9399
x-amzn-requestid: 44705828-c137-4ab5-8538-5d4595a2b058
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvkJGjxoAMF6-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c80-3cb542a303a59002480c82b2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:08:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PIZx2S4HyPokzOhbut6yFxH_-32I3SvT1jbeo2rSxQtkgYZGcqjBJA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:00:12 GMT
age: 29587
etag: "63252bd8cc72452c4c6be84593d704ae9bf97d1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a692964324dbb9c460a1b855808d02e6
1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JEb0g486u6AjYFbf8rSbreKjh0m1GsAGbvykHl0oahmVN2ciqe5FOw==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:14:57 GMT
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
content-type: image/jpeg
age: 28702
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7b780d39877eea116277625aaa01f1b
d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db
ca9d59056e0a3f512d36db11f4a4bd3109c2ce1e13b29b5f40dce84df079e71f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12654
x-amzn-requestid: efc99152-2b51-462d-b48b-67ba8263b1cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJOGVYoAMFcvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-00eeb6913e06ac151f293263;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: nSWUmBqJPIBYNoLtyrfAN7CK4367b6TEku9eki8BGJVdTWW3dSyckw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 07:21:22 GMT
age: 82317
etag: "d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
citl-online.site/
62.204.41.126200 OK 0 B IP 62.204.41.126:0
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
iplogger.org/1NKN05
148.251.234.83200 OK 0 B IP 148.251.234.83:0
ASN #24940 Hetzner Online GmbH
GET /1NKN05 HTTP/1.1
Host: iplogger.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citl-online.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 06:13:17 GMT
content-type: image/png
set-cookie: clhf03028ja=91.90.42.154; expires=Thu, 21-Sep-2023 06:13:17 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
379161511532635802=1; expires=Thu, 21-Sep-2023 06:13:17 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
expires: Wed, 21 Sep 2022 06:13:17 +0000
cache-control: no-store, no-cache, must-revalidate
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2