Report - citl-online.site/login.php

Report Overview

Submitted URL
citl-online.site/login.php
IP
62.204.41.126
ASN
#59425 Horizon LLC
Submitted
2022-09-21 06:13:27
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.208.31.97
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
citl-online.site	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	455 kB	62.204.41.126
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	67 kB	34.120.237.76
iplogger.org	280600	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	539 B	148.251.234.83

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-21	medium	citl-online.site/login.php	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff	Phishing
2022-09-21	medium	citl-online.site/images/050-location@2x.svg	Phishing
2022-09-21	medium	citl-online.site/images/icon_globe_med-grey@2x.svg	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf	Phishing
2022-09-21	medium	citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf	Phishing
2022-09-21	medium	citl-online.site/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (0)

HTTP Transactions (49)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 05:13:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u9U7BcEdMy4d1o8KPmc3Ysd8rkd7QHFifzC9D1gl6vcfyU5WUOuxbg==
Age: 3584

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5119
Expires: Wed, 21 Sep 2022 07:38:35 GMT
Date: Wed, 21 Sep 2022 06:13:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 93Fdplz4iJOS7RK5r1Z-xH8NcTcWI_d3hw_EutMW3YnkiG92GjYLrg==
age: 5883
X-Firefox-Spdy: h2

citl-online.site/login.php

62.204.41.126

200 OK

39 kB

URL HTTP/1.1
citl-online.site/login.php
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2278)
Size
39 kB (39038 bytes)
Hash
eeb635ddbc6ecdf80dc3dd1560d5cc46
79d25a45c7cf8d356538880c707242d49cce469d
b7f6ee2bfa81b8bbc72345d6fcc08607ff3f8e5d7dd539de2ae74900d557f715

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 06:13:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/css/styles.7083615ebe6cea4aa24b.css

62.204.41.126

200 OK

167 kB

URL HTTP/1.1
citl-online.site/css/styles.7083615ebe6cea4aa24b.css
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
Unicode text, UTF-8 text, with very long lines (1069)
Size
167 kB (167380 bytes)
Hash
821f04abb34ea1d73dffa86b303c33f0
0298260122366094cdfa2415518f4b5c550505cc
880f1f1be5284c125f0409d1b8df1d9d8e57e94ff1540c8d3698ece165732572

HTTP Headers

GET /css/styles.7083615ebe6cea4aa24b.css HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/css
Last-Modified: Thu, 08 Jul 2021 15:44:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"60e71d42-159e01"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

citl-online.site/images/1592741950571_CTA_Feedback(final).png

62.204.41.126

200 OK

2.2 kB

URL HTTP/1.1
citl-online.site/images/1592741950571_CTA_Feedback(final).png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2196 bytes)
Hash
e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

HTTP Headers

GET /images/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 2196
Last-Modified: Thu, 08 Jul 2021 15:37:08 GMT
Connection: keep-alive
ETag: "60e71ba4-894"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/320_Citi-PLT@3x.png

62.204.41.126

200 OK

12 kB

URL HTTP/1.1
citl-online.site/images/320_Citi-PLT@3x.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /images/320_Citi-PLT@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 11562
Last-Modified: Thu, 08 Jul 2021 15:34:40 GMT
Connection: keep-alive
ETag: "60e71b10-2d2a"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/kloader.gif

62.204.41.126

200 OK

19 kB

URL HTTP/1.1
citl-online.site/images/kloader.gif
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
GIF image data, version 89a, 400 x 400\012- data
Size
19 kB (19110 bytes)
Hash
a90e737d05ebfa82bf96168def807c36
ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b
24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90

HTTP Headers

GET /images/kloader.gif HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/gif
Content-Length: 19110
Last-Modified: Thu, 08 Jul 2021 15:37:38 GMT
Connection: keep-alive
ETag: "60e71bc2-4aa6"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/citilogoredesign.png

62.204.41.126

200 OK

1.8 kB

URL HTTP/1.1
citl-online.site/images/citilogoredesign.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /images/citilogoredesign.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 1799
Last-Modified: Thu, 08 Jul 2021 15:26:28 GMT
Connection: keep-alive
ETag: "60e71924-707"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 21 Sep 2022 06:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 06:41:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 72Qkf1cVw4Gvez5MqnE2cyDucDl2doflSwQmeQJh4eLDTbtHhXB02Q==
Age: 595

citl-online.site/images/050-location@2x.svg

62.204.41.126

200 OK

1.8 kB

URL HTTP/1.1
citl-online.site/images/050-location@2x.svg
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
1.8 kB (1752 bytes)
Hash
2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/050-location@2x.svg HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/svg+xml
Content-Length: 1752
Last-Modified: Thu, 08 Jul 2021 15:26:50 GMT
Connection: keep-alive
ETag: "60e7193a-6d8"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/1440_Citi-PLT@3x.png

62.204.41.126

200 OK

28 kB

URL HTTP/1.1
citl-online.site/images/1440_Citi-PLT@3x.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /images/1440_Citi-PLT@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 28149
Last-Modified: Thu, 08 Jul 2021 15:35:00 GMT
Connection: keep-alive
ETag: "60e71b24-6df5"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/icon_globe_med-grey@2x.svg

62.204.41.126

200 OK

3.5 kB

URL HTTP/1.1
citl-online.site/images/icon_globe_med-grey@2x.svg
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
3.5 kB (3523 bytes)
Hash
8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/icon_globe_med-grey@2x.svg HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/svg+xml
Content-Length: 3523
Last-Modified: Thu, 08 Jul 2021 15:27:14 GMT
Connection: keep-alive
ETag: "60e71952-dc3"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 06:13:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:24:37 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

citl-online.site/images/Citi-Branding-Sprite.png

62.204.41.126

200 OK

5.0 kB

URL HTTP/1.1
citl-online.site/images/Citi-Branding-Sprite.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4952 bytes)
Hash
eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

HTTP Headers

GET /images/Citi-Branding-Sprite.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 4952
Last-Modified: Thu, 08 Jul 2021 15:35:18 GMT
Connection: keep-alive
ETag: "60e71b36-1358"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/LSO_4959.jpg

62.204.41.126

200 OK

108 kB

URL HTTP/1.1
citl-online.site/images/LSO_4959.jpg
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
JPEG image data, progressive, precision 8, 2160x600, components 3\012- data
Size
108 kB (108233 bytes)
Hash
7dd9aa1bc81d1bf0e77e3e08de814096
0e251835579aa147fd88c76b85b74359856c6de9
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070

HTTP Headers

GET /images/LSO_4959.jpg HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/jpeg
Content-Length: 108233
Last-Modified: Thu, 02 Jun 2022 13:46:34 GMT
Connection: keep-alive
ETag: "6298bf3a-1a6c9"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/images/Appstore-Googleplay-JDPower-Sprite.png

62.204.41.126

200 OK

45 kB

URL HTTP/1.1
citl-online.site/images/Appstore-Googleplay-JDPower-Sprite.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size
45 kB (44996 bytes)
Hash
7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

HTTP Headers

GET /images/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 44996
Last-Modified: Thu, 08 Jul 2021 15:35:38 GMT
Connection: keep-alive
ETag: "60e71b4a-afc4"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/images/social-media_facebook@3x.png

62.204.41.126

200 OK

445 B

URL HTTP/1.1
citl-online.site/images/social-media_facebook@3x.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

HTTP Headers

GET /images/social-media_facebook@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 445
Last-Modified: Thu, 08 Jul 2021 15:36:04 GMT
Connection: keep-alive
ETag: "60e71b64-1bd"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/social-media_twitter@3x.png

62.204.41.126

200 OK

1.3 kB

URL HTTP/1.1
citl-online.site/images/social-media_twitter@3x.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

HTTP Headers

GET /images/social-media_twitter@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: image/png
Content-Length: 1277
Last-Modified: Thu, 08 Jul 2021 15:36:20 GMT
Connection: keep-alive
ETag: "60e71b74-4fd"
Expires: Thu, 22 Sep 2022 06:13:17 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/images/social-media_youtube@3x.png

62.204.41.126

200 OK

1.2 kB

URL HTTP/1.1
citl-online.site/images/social-media_youtube@3x.png
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

HTTP Headers

GET /images/social-media_youtube@3x.png HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: image/png
Content-Length: 1175
Last-Modified: Thu, 08 Jul 2021 15:36:38 GMT
Connection: keep-alive
ETag: "60e71b86-497"
Expires: Thu, 22 Sep 2022 06:13:18 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff

62.204.41.126

404 Not Found

278 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
278 B (278 bytes)
Hash
364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

push.services.mozilla.com/

34.208.31.97

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.208.31.97:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0OCu15jCioO64qkNCYBnaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SgMkZlyyjBdrFBPr5o1UWHNEJ+E=

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

62.204.41.126

404 Not Found

278 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
278 B (278 bytes)
Hash
364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff

62.204.41.126

404 Not Found

278 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
278 B (278 bytes)
Hash
364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

62.204.41.126

404 Not Found

278 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
278 B (278 bytes)
Hash
364e77d328adf46ccfe3cdfcf6ee236d
e1b54140c6d4e4bf65a478deafde2e368cb1ec11
90647406ccccc51e568c2cd04fc910d8f531ad9ec0277a57c2b65f4ccb49f33c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

62.204.41.126

404 Not Found

232 B

URL HTTP/1.1
citl-online.site/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
167b8e879cf98dee0ed5db5a72c17ba3
7eb31bec5fe2d057c9511e2fea77b50a38078ac8
5093522cd79b444f9d751aeb1370d04716b8954bb8e30f2c473664ca459e91f3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/css/styles.7083615ebe6cea4aa24b.css

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

citl-online.site/images/favicon.ico

62.204.41.126

200 OK

8.7 kB

URL HTTP/1.1
citl-online.site/images/favicon.ico
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
8.7 kB (8747 bytes)
Hash
5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:18 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 8747
Connection: keep-alive
Last-Modified: Thu, 08 Jul 2021 15:39:34 GMT
ETag: "222b-5c69e7636f980"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7870
Expires: Wed, 21 Sep 2022 08:24:29 GMT
Date: Wed, 21 Sep 2022 06:13:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12048 bytes)
Hash
c2db94039cb675cb250519fe57b2b3c9
37222a70df5d9a69073b4b32ebc3a5da60006001
444f4359ac25747e7c5d7e09202f195d407bc94a4933ac7ebbbaf9839bf59aff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12048
x-amzn-requestid: bc551b18-fddb-4502-8c11-b8de83d75def
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwlKzF9FoAMFp_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329b578-7e030b2e0af1d1c309d2dde6;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 12:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q4_aUdJyUhQIezjvo7LtOw_0pV-W3EkdLVzVnVB4_4gHSK9AYhrTxA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 12:43:36 GMT
etag: "37222a70df5d9a69073b4b32ebc3a5da60006001"
content-type: image/jpeg
age: 62983
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10244 bytes)
Hash
14e6ddceb639a5f4875aecb796f95c79
b1cd04a66852694284eeef16a1cde38896e33c03
4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e3MMA-NVstIsR7M9_JGH05i1e8pK17RsjyERrSMlC3uoHsWw_7ABtA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 19:18:32 GMT
age: 39287
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7383 bytes)
Hash
681b3e236c8b9bc524d935af247ec72b
96048f054243b5a13f14ab3dd9f4a0f3f2e0feae
aaa2f649fd336f89b3c0fc1d9226f8763f5a8cd850826a7f0819ebe7414fbf2a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7383
x-amzn-requestid: 32b97df0-b979-4e80-a54f-cae77affc915
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy2sHJ_oAMF0bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31c4-2c6db6e21fa1db233a4c1f49;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgtMqpEEGh4T-E7vTcy_XhKVaoN9trQ_gtoxx1igk62zYATMmZBQCA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:30 GMT
age: 30709
etag: "96048f054243b5a13f14ab3dd9f4a0f3f2e0feae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24bb3042-6621-4dd2-99f1-4b50cc7da808.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9399 bytes)
Hash
10ad73e887b57566c4ba3ae763552a2e
63252bd8cc72452c4c6be84593d704ae9bf97d1f
7d58d096045066af053eb1a1fc3878d3e2080aa50b71aa30fa5b7929693ab004

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24bb3042-6621-4dd2-99f1-4b50cc7da808.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9399
x-amzn-requestid: 44705828-c137-4ab5-8538-5d4595a2b058
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvkJGjxoAMF6-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c80-3cb542a303a59002480c82b2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:08:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PIZx2S4HyPokzOhbut6yFxH_-32I3SvT1jbeo2rSxQtkgYZGcqjBJA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:00:12 GMT
age: 29587
etag: "63252bd8cc72452c4c6be84593d704ae9bf97d1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9201 bytes)
Hash
a692964324dbb9c460a1b855808d02e6
1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JEb0g486u6AjYFbf8rSbreKjh0m1GsAGbvykHl0oahmVN2ciqe5FOw==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:14:57 GMT
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
content-type: image/jpeg
age: 28702
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12654 bytes)
Hash
f7b780d39877eea116277625aaa01f1b
d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db
ca9d59056e0a3f512d36db11f4a4bd3109c2ce1e13b29b5f40dce84df079e71f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12654
x-amzn-requestid: efc99152-2b51-462d-b48b-67ba8263b1cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJOGVYoAMFcvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-00eeb6913e06ac151f293263;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: nSWUmBqJPIBYNoLtyrfAN7CK4367b6TEku9eki8BGJVdTWW3dSyckw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 07:21:22 GMT
age: 82317
etag: "d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

citl-online.site/

62.204.41.126

200 OK

0 B

URL HTTP/1.1
citl-online.site/
IP
62.204.41.126:0
ASN
#59425 Horizon LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: citl-online.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citl-online.site/login.php

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 21 Sep 2022 06:13:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

iplogger.org/1NKN05

148.251.234.83

200 OK

0 B

URL HTTP/2
iplogger.org/1NKN05
IP
148.251.234.83:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /1NKN05 HTTP/1.1
Host: iplogger.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citl-online.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 06:13:17 GMT
content-type: image/png
set-cookie: clhf03028ja=91.90.42.154; expires=Thu, 21-Sep-2023 06:13:17 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
379161511532635802=1; expires=Thu, 21-Sep-2023 06:13:17 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
expires: Wed, 21 Sep 2022 06:13:17 +0000
cache-control: no-store, no-cache, must-revalidate
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (0)

HTTP Transactions (49)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP