Overview

URLciti.requestssl.com/verify/login.php
IP 18.222.145.119 (United States)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-09 13:39:31 UTC
StatusLoading report..
IDS alerts0
Blocklist alert0
urlquery alerts
15
Phishing - Citi
Tags None

Domain Summary (26)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
c1.rfihub.net (1) 6410 2012-05-22 09:58:31 UTC 2022-12-08 19:59:04 UTC 54.230.111.62
ocsp.pki.goog (12) 175 2017-06-14 07:23:31 UTC 2022-12-09 04:10:05 UTC 142.250.74.131
r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-12-09 04:09:12 UTC 23.36.76.226
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-09 04:11:36 UTC 34.117.237.239
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-12-09 10:54:32 UTC 93.184.220.29
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-09 04:11:36 UTC 54.148.213.75
dpm.demdex.net (5) 204 2012-05-22 05:45:05 UTC 2022-12-08 17:12:13 UTC 54.72.35.25
metrics.citi.com (1) 0 2017-02-10 20:14:54 UTC 2022-10-28 01:45:40 UTC 15.188.95.229 Domain (citi.com) ranked at: 5933
iad1.qualtrics.com (1) 15985 2018-02-19 09:07:37 UTC 2022-12-08 19:41:26 UTC 2.18.173.116
img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-12-09 04:09:09 UTC 34.120.237.76
nexus.ensighten.com (7) 2786 2012-05-23 18:34:00 UTC 2022-12-08 17:30:16 UTC 54.230.111.74
cm.everesttech.net (2) 996 2017-01-30 04:59:57 UTC 2022-12-08 17:16:26 UTC 54.77.60.152
fast.citi.demdex.net (1) 0 2022-06-25 14:09:15 UTC 2022-10-28 01:45:42 UTC 23.33.119.10 Domain (demdex.net) ranked at: 5815
www.googletagmanager.com (10) 75 2012-10-04 01:07:32 UTC 2022-12-09 13:12:26 UTC 142.250.74.40
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com (1) 0 2022-10-21 12:37:09 UTC 2022-12-07 14:58:45 UTC 104.17.208.240 Domain (qualtrics.com) ranked at: 805
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-09 04:09:32 UTC 35.241.9.150
citicorpcreditservic.tt.omtrdc.net (1) 31643 2012-07-27 21:40:02 UTC 2022-12-07 14:58:45 UTC 34.252.149.97
ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-12-09 12:55:51 UTC 104.18.32.68
googleads.g.doubleclick.net (7) 42 2012-05-21 07:15:40 UTC 2022-12-09 13:13:47 UTC 216.58.207.226
www.google.com (5) 7 2012-11-08 00:08:21 UTC 2022-12-09 13:28:57 UTC 216.58.207.228
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-09 04:09:19 UTC 34.160.144.191
citi.requestssl.com (19) 0 2022-12-08 21:43:56 UTC 2022-12-09 01:26:28 UTC 18.222.145.119 Unknown ranking
ocsp.sca1b.amazontrust.com (1) 1015 2016-02-14 02:37:56 UTC 2019-03-27 04:05:54 UTC 143.204.42.165
20766699p.rfihub.com (2) 40171 2017-08-24 21:47:17 UTC 2022-12-07 14:58:47 UTC 193.0.160.128
www.google.no (6) 25607 2012-06-26 23:22:08 UTC 2022-12-09 11:33:11 UTC 142.250.74.35
siteintercept.qualtrics.com (10) 1163 2012-05-22 04:24:46 UTC 2022-12-08 17:16:53 UTC 104.17.208.240

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 18.222.145.119
Date UQ / IDS / BL URL IP
2022-12-09 20:24:47 +0000 14 - 0 - 0 citi.requestssl.com/verify/login.php 18.222.145.119
2022-12-09 20:24:40 +0000 0 - 0 - 2 citi.requestssl.com/verify 18.222.145.119
2022-12-09 13:39:31 +0000 15 - 0 - 0 citi.requestssl.com/verify/login.php 18.222.145.119


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-01-29 16:57:15 +0000 0 - 0 - 1 bitbucket.org/nobodoimportante/diniasndiasnid (...) 104.192.141.1
2023-01-29 16:57:14 +0000 0 - 2 - 1 bitbucket.org/nobodoimportante/diniasndiasnid (...) 104.192.141.1
2023-01-29 16:56:08 +0000 0 - 0 - 4 ww25.ms342i2yp.hdjekcnk.com.cn/ 199.59.243.222
2023-01-29 16:54:50 +0000 0 - 2 - 1 bitbucket.org/osaka123/mahoa1/downloads/Subur (...) 104.192.141.1
2023-01-29 16:53:34 +0000 0 - 0 - 1 bitbucket.org/downcloud-load-ad/ads1022/downl (...) 104.192.141.1


Last 3 reports on domain: requestssl.com
Date UQ / IDS / BL URL IP
2022-12-09 20:24:47 +0000 14 - 0 - 0 citi.requestssl.com/verify/login.php 18.222.145.119
2022-12-09 20:24:40 +0000 0 - 0 - 2 citi.requestssl.com/verify 18.222.145.119
2022-12-09 13:39:31 +0000 15 - 0 - 0 citi.requestssl.com/verify/login.php 18.222.145.119


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-27 03:05:25 +0000 15 - 0 - 1 mpu-solutions.com/release/f6ed89f7f3b553b31db (...) 160.153.133.168
2023-01-27 02:39:26 +0000 15 - 0 - 0 mpu-solutions.com/release/f6ed89f7f3b553b31db (...) 160.153.133.168
2023-01-27 02:39:24 +0000 15 - 0 - 0 mpu-solutions.com/release/f6ed89f7f3b553b31db (...) 160.153.133.168
2023-01-27 00:39:30 +0000 14 - 0 - 0 mpu-solutions.com/release/216ab2fb4de520bc806 (...) 160.153.133.168
2023-01-27 00:39:24 +0000 14 - 0 - 0 mpu-solutions.com/release/216ab2fb4de520bc806 (...) 160.153.133.168

JavaScript

Executed Scripts (34)

Executed Evals (22)
#1 JavaScript::Eval (size: 9) - SHA256: e540eff3523ff6d5672d452b6283ea916fc0924a1e9c10cdad6e411a84e8bdea
s.eVar100
#2 JavaScript::Eval (size: 8) - SHA256: 1b1466c09d596fcada1a883ababa157703fda0370dbe3af0a6d4cd93d650a68e
s.eVar51
#3 JavaScript::Eval (size: 7) - SHA256: 07fcfc823f6eb2dbc204581488b46dd30a8245de37e4b89a24c07f25d8444095
citiNGA
#4 JavaScript::Eval (size: 10) - SHA256: 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86
this.track
#5 JavaScript::Eval (size: 5) - SHA256: e679ba08e9aa79b7ab72183f6d23c67c9e40276f44d5caac4f6305a5b849d325
CCSID
#6 JavaScript::Eval (size: 28) - SHA256: 83399909dc134cac35ba243f89703b0a2b19d4892a72064c1db74530b6a68367
window.citiData.selfServType
#7 JavaScript::Eval (size: 10) - SHA256: e6b9977e33025b4e5e94dcbfb3693b8b60b05245cdfe0d6b63fce4fa5a783cca
s.pageName
#8 JavaScript::Eval (size: 8) - SHA256: 5985e40b5e87364a9e91ad59937dfcb39298e0d218ef54bf23c7a4f03fc2042d
LoggedIn
#9 JavaScript::Eval (size: 10) - SHA256: 2a49cf844faec4ce673304854207e6ddc96241be760b111f412a71e8a448225d
citiLocale
#10 JavaScript::Eval (size: 7) - SHA256: 531ba6f66e1f6ea25947b7c7855727af207bf67015d775db59c9256cdb82b599
pageDef
#11 JavaScript::Eval (size: 20) - SHA256: 690111e4c32b4994fac8ab5125a2e99136c4284cf5857d42d1fe65c42f609a9d
window.location.href
#12 JavaScript::Eval (size: 8) - SHA256: 8b7a61822ff99290d6d9533283b520988f624f760b9658ba682f3b48cf50f822
_dl.ccid
#13 JavaScript::Eval (size: 11) - SHA256: 2e22f065f364a8e9b48f76a19f244fee022f6ab696a00db5fd905f33dda10e3f
_dl.user_id
#14 JavaScript::Eval (size: 76) - SHA256: 11b19cefd5be97fa129b375f3428fb1d34f8fd8641e9d3f4df580c1e7c7f0b17
_detector.getSessionReplayLink('cob.cards.customerexperience.citigroup.net')
#15 JavaScript::Eval (size: 12) - SHA256: bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3
this.setArgs
#16 JavaScript::Eval (size: 12) - SHA256: 50cadee5eaf10e9141af667dbe4cc003d748e10f8c37b628afa61927c357e3fd
_dl.language
#17 JavaScript::Eval (size: 7) - SHA256: 259a9831751e74c5c0d082de5cb88efb89c8139e9e0936d320b396fbeb22e58b
_dl.lob
#18 JavaScript::Eval (size: 19) - SHA256: c79627a7f9ef361f7b3763bb2e0de164546ee448e183d4ff448714a92fcdf8c0
_detector.sessionId
#19 JavaScript::Eval (size: 12) - SHA256: bb7c271804952bb8a05b975f015c2bf5c998347e68d0f0d3495f53bdfeea8f8a
_dl.Platform
#20 JavaScript::Eval (size: 23) - SHA256: 2451101feb9d6dec5546ba03764f41220b441f084d3fba4c31d02e8e0b2c2fae
_dl.ff_employeeFeedback
#21 JavaScript::Eval (size: 17) - SHA256: c4cf569d2aebffe73838ef3b29349befda2332e7b28e56653f365fba8ddbb10b
_dl.citi_products
#22 JavaScript::Eval (size: 10) - SHA256: d1152a1a8c6451a5259a99422563e736ad1c23ca49ba298c5b64ddf2bbb9026e
isLoggedin

Executed Writes (0)


HTTP Transactions (115)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8781
Expires: Fri, 09 Dec 2022 16:05:41 GMT
Date: Fri, 09 Dec 2022 13:39:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5314
Expires: Fri, 09 Dec 2022 15:07:54 GMT
Date: Fri, 09 Dec 2022 13:39:20 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 13:08:18 GMT
age: 1862
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8625
Expires: Fri, 09 Dec 2022 16:03:05 GMT
Date: Fri, 09 Dec 2022 13:39:20 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: r/H8IqvRIYeXrVw3H5ZWhB9RA4eDr1pNwKoSTipgdhz9yy3MDNq3Ln+15qQOvWLJ/Ok6KNqtrFs=
x-amz-request-id: STEHBF74DJSXN3ZB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 12:48:20 GMT
age: 3060
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 09 Dec 2022 13:39:20 GMT
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 13:07:55 GMT
age: 1885
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5818
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 13:39:21 GMT
Last-Modified: Fri, 09 Dec 2022 12:02:23 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vh/K8xbbP432gdNC8hw09Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.213.75
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3p5E5BOIIqZXGRlZ/Nkt8azT3QY=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 31987
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5169
Md5:    06514ce96ae21cb01f526a5febdcbeb4
Sha1:   ebb97e5b97f394e8c67098f55581d5329ce819a2
Sha256: 4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 56878
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5188
Md5:    fba9a3854df65740512f96efe7442e58
Sha1:   8fbff7725c842d70e047c635a725723a9dc9c55a
Sha256: 6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 23167
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7557
Md5:    5de5d319f43d9c9c641419d96655541f
Sha1:   cde4c7fa0145d3645af17e34c83c63c08f76a076
Sha256: fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 36056
etag: "7558222788f06623ddae6e883413e38e1146281e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7897
Md5:    8c3214044657f3b876d1f1848bca5684
Sha1:   7558222788f06623ddae6e883413e38e1146281e
Sha256: e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 23123
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6578
Md5:    8546542f00ea29ef4df6ab8d3c7c2164
Sha1:   5c8ffe91490006a9890188b53f875568c2b6bd8f
Sha256: 7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 01:23:35 GMT
age: 44147
etag: "27f558d5cdc150a50f080c054423500666b63d74"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5245
Md5:    43fdc85bfd574fa803f0bcdc216ef622
Sha1:   27f558d5cdc150a50f080c054423500666b63d74
Sha256: fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
                                        
                                            GET /verify/login.php HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF, CR line terminators
Size:   38457
Md5:    71cb2496aaf93d8d532f92bbbdf2275b
Sha1:   f2386b8f5edcaae7f9bf3b42d245abfb9e7cca7f
Sha256: dbce1ec39c16edf743f0236c0afc15c9babc64c0b896e50abc64329500d5daac
                                        
                                            GET /verify/js/Bootstrap.js HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "45e8f-60c0f008-13dad3;gz"
last-modified: Wed, 09 Jun 2021 16:44:56 GMT
content-length: 92986
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (577), with CRLF line terminators
Size:   92986
Md5:    065af722ae00f597b5f8a2573a13065b
Sha1:   b1c4affcd37095321d33e8e2469a0098abc29297
Sha256: 2e27a93e60495b70a719adce123e3765c190649651332dcb11641a48a69d8c55
                                        
                                            GET /verify/css/Interstate-Regular.woff HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: application/font-woff
                                        
etag: "133aa-60c0ec72-13dab9;;;"
last-modified: Wed, 09 Jun 2021 16:29:38 GMT
content-length: 78762
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Size:   78762
Md5:    b1f3eca7de0c2cb35740f32dd0b83823
Sha1:   dffc474081c23fc151265b637a4468e82004ecc8
Sha256: 045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/Interstate-Light.woff HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: application/font-woff
                                        
etag: "12712-60c0ec70-13dab8;;;"
last-modified: Wed, 09 Jun 2021 16:29:36 GMT
content-length: 75538
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size:   75538
Md5:    3d1d3153b04b6ce8a33a20f60df9d723
Sha1:   60e91c7766bdc415134c1111a283ffed3749dbae
Sha256: f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/Interstate-Bold.woff HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: application/font-woff
                                        
etag: "118c2-60c0ec6e-13dab7;;;"
last-modified: Wed, 09 Jun 2021 16:29:34 GMT
content-length: 71874
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size:   71874
Md5:    9fd45584370dd1c58e1ed9050efb925f
Sha1:   7b41085678166c62e23e8cf3c8c9ab13e13c356d
Sha256: e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.72.35.25
HTTP/1.1 302 Found
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citi.requestssl.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0bb46f593.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=88687908196940025313362779659057318245; Max-Age=15552000; Expires=Wed, 07 Jun 2023 13:39:24 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: FF7cqFsMQsI=
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://citi.requestssl.com
Content-Type: application/x-www-form-urlencoded
Referer: http://citi.requestssl.com/
Connection: keep-alive

search
                                         54.72.35.25
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citi.requestssl.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v045-05ee5fd88.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: LiXOqA/yTSI=
Content-Length: 124
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   124
Md5:    1f6783349ac4177ec3b3845fd520dca6
Sha1:   d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
Sha256: 64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
                                        
                                            GET /verify/css/styles.css HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "152f86-60c5d824-13dacd;gz"
last-modified: Sun, 13 Jun 2021 10:04:20 GMT
content-length: 158639
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size:   158639
Md5:    113e0a3c1debf8b475499aa144a5c0a3
Sha1:   3c9292d4752c21553159a47d91bc0a4e4bc4b7ae
Sha256: fa2345fe4287325b850dcaf39b572476bdaa553065c95dc84d45129fc9c2ab3d
                                        
                                            GET /verify/css/social-media_facebook@3x.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "1bd-60c0e66a-13daca;;;"
last-modified: Wed, 09 Jun 2021 16:03:54 GMT
content-length: 445
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   445
Md5:    1f627e41e84a3b87f57c9de2e3a722d0
Sha1:   a7d350d9d267149f60b46a454f021920f89df877
Sha256: 695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/icon_globe_med-grey@2x.svg HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "dc3-60c0ec5a-13dac2;gz"
last-modified: Wed, 09 Jun 2021 16:29:14 GMT
content-length: 1419
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size:   1419
Md5:    ebcbe76ba2da728d84c6a76b3541919d
Sha1:   cacffc8e5130f938cc86399ba1b9fe379ba65b3b
Sha256: a2f31bb6f70cfc842d1e8d3709aac9a8dd58fc4adebdc4cd2556051eb49d2bd8

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "afc4-60c0e660-13daaf;;;"
last-modified: Wed, 09 Jun 2021 16:03:44 GMT
content-length: 44996
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size:   44996
Md5:    7be7c9b6b21cee4ae9dffb234765a60e
Sha1:   ec853bb38a24a01498cff42a8ef53d8707b39cb0
Sha256: b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/jamp-spinner-2x.gif HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/gif
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "8ff7-60c0e676-13dac3;;;"
last-modified: Wed, 09 Jun 2021 16:04:06 GMT
content-length: 36855
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 60 x 60\012- data
Size:   36855
Md5:    9132ad37e83e5eef39e5e315c2b6c94f
Sha1:   9036fb328a9266e1f6fb95021464a77a11894ec1
Sha256: 79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
                                        
                                            GET /verify/css/050-location@2x.svg HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "6d8-60c0ec4c-13daaa;gz"
last-modified: Wed, 09 Jun 2021 16:29:00 GMT
content-length: 758
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size:   758
Md5:    2b7cfe76b3d07bceb495d2dcc63dafa3
Sha1:   dd9a3e5c21135454fb20655caf55b7269a06a579
Sha256: b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/citipridelogo.jpg HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/jpeg
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "a62-60c0e666-13dac1;;;"
last-modified: Wed, 09 Jun 2021 16:03:50 GMT
content-length: 2658
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size:   2658
Md5:    9b0ca893e4bfaea57af02ffe82867243
Sha1:   7035c26c91a3da162492df77d59bc19356a8e3bb
Sha256: f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
                                        
                                            GET /verify/img/Citi-Branding-Sprite.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 404 Not Found
content-type: text/html
                                        
cache-control: private, no-cache, max-age=0
pragma: no-cache
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   705
Md5:    bfbf1451d2d0ca64731dda41aadbfee9
Sha1:   8ced5f4e49d615a0855492ea12a174f8f63ac9aa
Sha256: d7a6693a3add3dc913f5472fabcc097a55a4269210d8af2c37e1ad53a1565a55

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/social-media_twitter@3x.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "4fd-60c0e66c-13dacb;;;"
last-modified: Wed, 09 Jun 2021 16:03:56 GMT
content-length: 1277
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   1277
Md5:    60b0fec951727b4762fabc2570a1317f
Sha1:   56f9ed9699233f4cef1317a9a2c83179070b5e8a
Sha256: 5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/LSO_4959.jpg HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/jpeg
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "2ab55-60c39bc0-13daba;;;"
last-modified: Fri, 11 Jun 2021 17:22:08 GMT
content-length: 174933
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size:   174933
Md5:    4c50aaf00ec3fd89b59019568e3ce376
Sha1:   e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
Sha256: 48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/social-media_youtube@3x.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "497-60c0e66e-13dacc;;;"
last-modified: Wed, 09 Jun 2021 16:03:58 GMT
content-length: 1175
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   1175
Md5:    3541c5442b1b90b4efe20ab4b2802323
Sha1:   ad778d35efc7b9950d2158d800b61966204b75d8
Sha256: be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1670593163955 HTTP/1.1 
Host: metrics.citi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         15.188.95.229
HTTP/1.1 200 OK
content-type: application/x-javascript;charset=utf-8
                                        
access-control-allow-origin: http://citi.requestssl.com
access-control-allow-credentials: true
date: Fri, 09 Dec 2022 13:39:25 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C99D46BB1C950D-600014A5F6F4C7C1[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 08 Dec 2024 13:39:39 GMT; AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C06197551418422927072529149890134711386; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 08 Dec 2024 13:39:39 GMT; s_ecid=MCMID%7C06197551418422927072529149890134711386; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 08 Dec 2024 13:39:39 GMT; SameSite=Lax;
vary: Origin
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   89
Md5:    93ecd1478b07d792a819edd92bf37dd4
Sha1:   1fd7d5ac7e2ac42cfad54741458cb1a7b8e6fad0
Sha256: a3260aa065057d30091c34e0fccf886e626b1dac61b89558453b8a6513e1bd54
                                        
                                            GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=06197551418422927072529149890134711386&d_cid_ic=AVID%0131C99D46BB1C950D-600014A5F6F4C7C1&ts=1670593164156 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.72.35.25
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citi.requestssl.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v045-0c67d0b74.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=00884647694571576963078986967512819193; Max-Age=15552000; Expires=Wed, 07 Jun 2023 13:39:25 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: O4mTd5XzT/0=
Content-Length: 299
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Size:   299
Md5:    59dfd849df0262b002f4e4d20caca23e
Sha1:   1ae02e0fe0ee024717bbd76cac815cd248be6cd4
Sha256: c41476bcbcf8dda945470d051b981a983d875fa8312be878243c1adb5a2cc635
                                        
                                            GET /verify/css/1440_Citi-PLT@3x.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "6df5-60c0e656-13daab;;;"
last-modified: Wed, 09 Jun 2021 16:03:34 GMT
content-length: 28149
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size:   28149
Md5:    33567268701e83c3e827b6062cb0c062
Sha1:   d23224d7d4fd15617c84c976f979b259557b6fc6
Sha256: 6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /verify/css/320_Citi-PLT@3x.png HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "2d2a-60c0e65c-13daad;;;"
last-modified: Wed, 09 Jun 2021 16:03:40 GMT
content-length: 11562
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size:   11562
Md5:    7c1b9c0c6762e2405c3fea9847a1d422
Sha1:   441fd252e12934bfb00554eae96f091d2764bf32
Sha256: f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 204 No Content
                                        
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 09 Dec 2022 00:20:40 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qdVvm2UHGJPDmdJC0CAmZUOieEajmBxIlGmB_VFH3M7wp3W8mXyeAw==
Age: 47925

                                        
                                            GET /citi/na_prod/serverComponent.php?r=0.9755028359622883&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 09 Dec 2022 13:39:25 GMT
Expires: Fri, 09 Dec 2022 13:39:24 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CLgijkufb5moNCHqopwpQKHEgt-lZBP8pB1YPO1zuoEkqzmue7MSCw==


--- Additional Info ---
Magic:  ASCII text, with very long lines (1155)
Size:   532
Md5:    db5bf02ebed50defb9cdce21941a6133
Sha1:   1eec1a650eb78c6f53b06efe2bf247895c77216c
Sha256: 3aea06671cc5612e91aa1bbd2eaf4e63fd8a7682b0302f5a3f1b9b929429918b
                                        
                                            GET /cm/dd?d_uuid=00884647694571576963078986967512819193 HTTP/1.1 
Host: cm.everesttech.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.77.60.152
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: awselb/2.0
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=00884647694571576963078986967512819193


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   134
Md5:    4aa7a432bb447f094408f1bd6229c605
Sha1:   1965c4952cc8c082a6307ed67061a57aab6632fa
Sha256: 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
                                        
                                            GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=50cb2b78934c40b897a3b13f9f9b8e76&mboxPC=&mboxPage=5711344bd4514e78b91a8beb63f31808&mboxRid=c21253c263c942ec95b07e0f4642649d&mboxVersion=1.7.0&mboxCount=1&mboxTime=1670593163705&mboxHost=citi.requestssl.com&mboxURL=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=62F6552D751380D6-26AB4A974C1D674D&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=06197551418422927072529149890134711386&mboxMCAVID=31C99D46BB1C950D-600014A5F6F4C7C1&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1 
Host: citicorpcreditservic.tt.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         34.252.149.97
HTTP/1.1 200
Content-Type: application/json;charset=UTF-8
                                        
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://citi.requestssl.com
Access-Control-Allow-Credentials: true
X-Request-ID: c21253c263c942ec95b07e0f4642649d
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=50cb2b78934c40b897a3b13f9f9b8e76; Max-Age=1860; Expires=Fri, 09-Dec-2022 14:10:25 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None citicorpcreditservic!mboxPC=50cb2b78934c40b897a3b13f9f9b8e76.37_0; Max-Age=63244800; Expires=Tue, 10-Dec-2024 13:39:25 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   142
Md5:    341a2845864d3d3d5a94cbd7c7d5607b
Sha1:   fa4e57c6beed93304d3ddbaacbfc71121c50cdac
Sha256: 323b2ed9fd5c8d1a40db282b2da5c03c8f2f2f1abc0400386726a46b858c3087
                                        
                                            GET /verify/img/favicon.ico HTTP/1.1 
Host: citi.requestssl.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CMCMID%7C06197551418422927072529149890134711386%7CMCAID%7C31C99D46BB1C950D-600014A5F6F4C7C1%7CMCOPTOUT-1670600364s%7CNONE%7CMCAAMLH-1671197964%7C6%7CMCAAMB-1671197964%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1

search
                                         18.222.145.119
HTTP/1.1 200 OK
content-type: image/x-icon
                                        
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:25 GMT
etag: "222b-60c11206-13dad0;gz"
last-modified: Wed, 09 Jun 2021 19:09:58 GMT
content-length: 8116
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:25 GMT
server: LiteSpeed
connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size:   8116
Md5:    7408f1858b7d67263a001f84022b33a4
Sha1:   89161c6255a5559cc1282c5a9c7d4d84623bd12f
Sha256: 0cffb7ed99266581c5b90b6b2d8c758232f6746f9784ead6ae85725806691eb6
                                        
                                            GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 09 Dec 2022 01:09:54 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZaJW2VsMUuWz3-ENQlBuu-gdaGVJsC0TrVlbPVHjBZXD-IM7JZeuzA==
Age: 44972


--- Additional Info ---
Magic:  ASCII text, with very long lines (542)
Size:   2184
Md5:    9d386182dee76bbeb1ac0e9a82925cf3
Sha1:   bfcc4073c4cf16fdda856cedce3cd2f426ef9111
Sha256: f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
                                        
                                            GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Nov 2022 11:40:58 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q8CWwWgJxjj-Km77r_J5QtzDk9gOi3MkdvBM_pO0tJ6FBiRlSZ73JQ==
Age: 2167108


--- Additional Info ---
Magic:  ASCII text, with very long lines (619)
Size:   1222
Md5:    8621afe09918c8b527b2f6c410270234
Sha1:   f6f8315236bb14d91c27693d2fde5b5e7fb327d8
Sha256: d64fd9ecde6c4c303d19919337c86d7856689cc73c459b3fd4e88d0851f14a41
                                        
                                            GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 27 Nov 2022 17:37:10 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dm8rHJUr7quA0J0AaQ-q55XFRYRCkEQcFkGNz3rO1RdiSojv4UP0CQ==
Age: 1022536


--- Additional Info ---
Magic:  ASCII text, with very long lines (524)
Size:   655
Md5:    b7502c8f355586be76d0ab4936375bfe
Sha1:   e4014d3e5120ec3bb5be0f649652479d2d16129d
Sha256: 0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
                                        
                                            GET /citi/na_prod/code/3130622cda902787229d46ad9fe87f0b.js?conditionId0=486757 HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 02 Dec 2022 07:26:17 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 15 Nov 2022 18:15:08 GMT
ETag: W/"341dee3296d22f905d1bd88e7f279590"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: v0iIZV7IcneHZ3eW11iEDXRzv51oeO1K
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cJJU4A5bOd-X9uvpQ1fwHn7Tcz-5TG1rLkNGqN6C9CvEauvpl9yabA==
Age: 627189


--- Additional Info ---
Magic:  ASCII text, with very long lines (586)
Size:   41961
Md5:    1373325c5760fa8c5a8c1cafbfe24259
Sha1:   e24e5488f391a6f587985f5ceca601ec866abdb1
Sha256: c2385d3fb404894fc0a07d7b0e448d77a2b94d2f32d83a2758edb70a4896a30f
                                        
                                            GET /dest5.html?d_nsid=0 HTTP/1.1 
Host: fast.citi.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/
Upgrade-Insecure-Requests: 1

search
                                         23.33.119.10
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2785
Md5:    b8a1b21bd0651935d53a7bff0c2479d6
Sha1:   31527c952669b6d1d06c537eb50c9043f576e607
Sha256: 80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd

Alerts:
  urlquery:
    - Phishing - Citi
                                        
                                            GET /citi/na_prod/code/53f747481c9f2c8bdf26582de927ef52.js?conditionId0=421908 HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.74
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 08 Dec 2022 22:14:01 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 08 Dec 2022 22:08:04 GMT
ETag: W/"907f6a92c22fd26a8cf42254772283f0"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: uZ8jLretl22PzNSilKgogF1OZo.HsbE1
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2772dK-e1wKibH4NE0L1s1py5PvBQrLp-yBhJV_OZv1DsM-7qyCjtw==
Age: 55525


--- Additional Info ---
Magic:  ASCII text, with very long lines (557)
Size:   35014
Md5:    a7a10e8f64cfe946dec98b5ed45b589a
Sha1:   a475da6d3313cffeba59ecc5b2b0ae8e338a1eb6
Sha256: 02ba22f1008a66261d83f92f6e9c5e5b8ad17c619d52d1a45d11343934463fb4
                                        
                                            GET /js/tc.min.js HTTP/1.1 
Host: c1.rfihub.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         54.230.111.62
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Length: 6162
Connection: keep-alive
Date: Fri, 09 Dec 2022 13:10:09 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 09 Dec 2022 14:10:09 GMT
Last-Modified: Fri, 09 Dec 2022 13:09:59 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LQ61yvFbKkcf-MFXW0GL52v4WyhIkkcy4sYB15Y5ObG5kYzD1Cgh3w==
Age: 1756


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (19497)
Size:   6162
Md5:    ab5a2e3f2414c0a2b622e48c0b6da2fd
Sha1:   1a894787bde6cbf9b58d47b8f4245607420112ad
Sha256: a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93110
Date: Fri, 09 Dec 2022 13:39:25 GMT
Etag: "6391ee1f-1d7"
Expires: Sat, 10 Dec 2022 15:31:15 GMT
Last-Modified: Thu, 08 Dec 2022 14:01:03 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Tgj35xlkIQzrbLPsxHzpst0go8DEA2vYew8f8NYP5Y1jiIUz6JuGuw==
Age: 5412

                                        
                                            GET /cm/dd?d_uuid=00884647694571576963078986967512819193 HTTP/1.1 
Host: cm.everesttech.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.77.60.152
HTTP/1.1 302
                                        
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y5M6jQAAAJ9PKQN6; Domain=.everesttech.net; Expires=Sat, 09-Dec-2023 13:39:25 GMT; Path=/ everest_session_v2=Y5M6jQAAAJ9PKgN6; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6
Server: AMO-cookiemap/1.1

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5309
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 13:39:25 GMT
Last-Modified: Fri, 09 Dec 2022 12:10:56 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ibs:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.72.35.25
HTTP/1.1 302 Found
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0dc3ea27c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=28162154121756866684516926571534376115; Max-Age=15552000; Expires=Wed, 07 Jun 2023 13:39:25 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Wgr4CWgJSFA=
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.72.35.25
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v045-034f2d6c4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: VIN8aX/rRhA=
Content-Length: 59
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   59
Md5:    1251cd5e5c2def4c046309375f87c1c1
Sha1:   e02d6b0c6a5c495c15985e2832e335eda8528c80
Sha256: 4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
                                        
                                            GET /ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771 HTTP/1.1 
Host: 20766699p.rfihub.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/
Upgrade-Insecure-Requests: 1

search
                                         193.0.160.128
HTTP/1.1 302 Found
                                        
Date: Fri, 09 Dec 2022 13:39:25 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771
Content-Length: 0

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 02:15:46 GMT
Expires: Wed, 14 Dec 2022 02:15:45 GMT
Etag: "1b862aa663ca4b1fbbc2279ea6cadd4223fb70bd"
Cache-Control: max-age=390379,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776e25965cf1b50b-OSL

                                        
                                            GET /sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771 HTTP/1.1 
Host: 20766699p.rfihub.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         193.0.160.128
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Date: Fri, 09 Dec 2022 13:39:25 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0NjExNTUxMjAyMLYwNzYyMRbiM9RNMclIMQiPyk8pcjQCAEpZXpMlAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 3 Jan 2024 13:39:25 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAA_-MSNjU0NjExNTUxMjAyMLYwNzYyMRbiM9RNMclIMQiPyk8pcjQCAEpZXpMlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Length: 118
Server: Jetty(9.3.29.v20201019)


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with no line terminators
Size:   118
Md5:    372d494a4cb82acdc6b44d6941392ec4
Sha1:   3c777c56cb89b34f2e15159282dca81dcdfe33d7
Sha256: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
                                        
                                            GET /gtag/js?id=AW-916451471 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:25 GMT
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   253
Md5:    e789be587e31a97443893e23f9ba9666
Sha1:   4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
Sha256: 541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5267
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 13:39:26 GMT
Etag: "63931c80-1d7"
Last-Modified: Fri, 09 Dec 2022 12:11:40 GMT
Server: ECS (amb/6B90)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /gtag/js?id=AW-916451471 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.40
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:26 GMT
expires: Fri, 09 Dec 2022 13:39:26 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66904
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2917)
Size:   66904
Md5:    b4ed65a08a84e846e70805e1a824ec73
Sha1:   5b78dfa7ccc3800cdf2940e1047964aa8713c07a
Sha256: 5dc1fdeb4d749d3580013e9fd3282b45fc45c79ccba1b1c2a5e08e6cc127ea6c
                                        
                                            GET /SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc HTTP/1.1 
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e25979d33fabc-OSL
access-control-allow-origin: *
age: 197182
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-3rJKcsfYLyqh+TLmSfkOfT7rzaE"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6801)
Size:   4120
Md5:    0278bb247d9dcfea7a9df14da5dea7f5
Sha1:   834da48b2a4617f763089272e24e8accadeb3b39
Sha256: 6d6d91ef76ec71a35f6908b552108c5c7dd4e4b8aa800fc7979ba4e7f008bb14
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    ba8206089b7af80ec9bb4fe0c07977b4
Sha1:   4b0c036a5124f06026772a92168d3799e37c8ed3
Sha256: 64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
                                        
                                            GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    da059e66474ac8e0fcb7e70b7ed4be44
Sha1:   7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
Sha256: 904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
                                        
                                            GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    d7c2cd80c8899405c8ead9dcd82aa484
Sha1:   8d0248ffaaf1594d89e077cb3904f0ad42ec474e
Sha256: 2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
                                        
                                            GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    3cdb7a0d8774281c45d6a09b22e28af2
Sha1:   eee92813bf3130c7e6ca8be5911197c1ee486daa
Sha256: cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4
                                        
                                            GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    6d8c6cf61840045919f4789eac2d3d9c
Sha1:   ef5e66f528ab1701f99e467593020d263d6220f0
Sha256: ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
                                        
                                            GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    f20987509aaa3b3f9e52f7581afd6a4d
Sha1:   7147419bbeb1605a89733067d195356fc73c3cd3
Sha256: 5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
                                        
                                            GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   278
Md5:    16d7ad56818dde4bc80864654bfbd12e
Sha1:   c95b93882c98641b7f1b648c122194a9fb2534c7
Sha256: 5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
                                        
                                            GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

search
                                         142.250.74.40
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   280
Md5:    a262f0126f939827df765f078136498b
Sha1:   5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
Sha256: 7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/viewthroughconversion/916451471/?random=1670593165172&cv=11&fst=1670593165172&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 902
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1947), with no line terminators
Size:   902
Md5:    6ac1ff8eb60bef5593f85ebd72e6a890
Sha1:   cde6ef130e6b967172176f26e26f0228bc0d173d
Sha256: 00d076687ce829bd38326a75d8f8bd49adfa252b67a9cb80836591cd985b1da0
                                        
                                            GET /pagead/viewthroughconversion/644574043/?random=1670593165332&cv=11&fst=1670593165332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 903
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1947), with no line terminators
Size:   903
Md5:    10c7daf6a47870f95b54f4fade64d60e
Sha1:   20eaf99b357d3ce57bc6031cf98fca2818fa631d
Sha256: 92a0460ef9bee1f0bd7cb3d447f56585bd8f9c69d3548a503c060d6da22e5250
                                        
                                            GET /pagead/viewthroughconversion/960621875/?random=1670593165313&cv=11&fst=1670593165313&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 902
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1947), with no line terminators
Size:   902
Md5:    ed0b20e887d4ac67f5a20a2c996b9e3e
Sha1:   80e66cacc8f692fa2eaa8f8c52a3fec8e611bab4
Sha256: 0f6b88cbf9a5ac6d5a2f6a50e098c58d889f860d5f00187da884ca3a34c1206a
                                        
                                            GET /pagead/viewthroughconversion/695231162/?random=1670593165345&cv=11&fst=1670593165345&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 903
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1947), with no line terminators
Size:   903
Md5:    29caaece43ec00303e3fcf2f1b0d31f9
Sha1:   2c9b0003770d655030f7978aad10b8b429c59540
Sha256: a0eeab289f70fa14528d02b0a1d697393c37f8a4092a68148abf699101a0723d
                                        
                                            GET /pagead/viewthroughconversion/975701947/?random=1670593165359&cv=11&fst=1670593165359&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 901
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1945), with no line terminators
Size:   901
Md5:    47dc13aacc8e6d79762f6120a1c8e028
Sha1:   6b90903b1a06412fa40d41231d70ae29be24c3f2
Sha256: ef35eee55f0f09f89fa3bebffd5743063849f9a58042192e1980cc58b1580cb4
                                        
                                            GET /pagead/viewthroughconversion/819500023/?random=1670593165373&cv=11&fst=1670593165373&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 900
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1947), with no line terminators
Size:   900
Md5:    01d64e8b4dc9c3eb85b35a9ef46e329e
Sha1:   a94d17d40f34d5b6f34f75eafbefd1f99c161c40
Sha256: ecf1628982e0b0dc828943efa88d8dd2c0a11ebe874885262e519752e72b31b3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/viewthroughconversion/830907969/?random=1670593165394&cv=11&fst=1670593165394&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 901
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1945), with no line terminators
Size:   901
Md5:    f8ac381c59797def8d03ec3ab929eb67
Sha1:   0c4bb965cc0c37b167edcf658985147c0cb1d8ba
Sha256: 8a8bdbdc65e0b09de962f78f04a456ada9b793af7c8e9584b385c20577fcdd69
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e25992e12fabc-OSL
access-control-allow-origin: *
age: 194013
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19b73-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105331
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   32510
Md5:    32d948dc88a9c81c92782f262e6003db
Sha1:   eb6bebb6a87332a7bc79a8727696811f02f37d44
Sha256: 137a438686be825dada78a5427393ee1f6e03d51eaadf2674a3c6cd7440903d1
                                        
                                            GET /pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/644574043/?random=1670593165332&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4065468845&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.228
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc HTTP/1.1 
Host: iad1.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         2.18.173.116
HTTP/2 200 OK
content-type: image/png
                                        
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
access-control-allow-origin: *
x-request-id: 2ecddb2f-a2dd-489d-93ac-36a2b0ab9d4c
x-transaction-id: 86098b14-15dc-40e1-b4d0-b5a17a27c76b
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
content-disposition: inline; filename=feedback.png
content-length: 2196
x-robots-tag: noindex
cache-control: public, max-age=56
expires: Fri, 09 Dec 2022 13:40:23 GMT
date: Fri, 09 Dec 2022 13:39:27 GMT
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size:   2196
Md5:    e6ed675f115fb1568bb1aabc00aa3f30
Sha1:   5cd752c6b199a3fdefe95712c77b240a92e9f1f2
Sha256: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
                                        
                                            GET /WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 09 Dec 2022 13:39:27 GMT
content-length: 254
cf-ray: 776e25a02bdbfabc-OSL
accept-ranges: bytes
age: 16039799
cache-control: max-age=315360000, public
expires: Mon, 23 Feb 2032 07:18:15 GMT
last-modified: Wed, 23 Feb 2022 00:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
referrer-policy: strict-origin-when-cross-origin
servershortname:
trace-id: d15759f42a15818a
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Size:   254
Md5:    48240b2998738f29efb197386e688338
Sha1:   2a864e0cdba56126f8eb46d4945b758c7c732bcd
Sha256: cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8345
x-amzn-requestid: 4e42c335-cc27-41bc-8d5c-cbe3dcc1f623
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwRBF_gIAMFdCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-254d38575d76726a4462c66f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X1pe947CVDaM6wJ4x5ncH2N_Mu56YAqB6ApLNePkm3ZMl-u1LiDo7Q==
via: 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 13:22:44 GMT
age: 1005
etag: "4792b0893827924e84cc51450012407717da4d2b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8345
Md5:    659b6eb1f1c430e2780758c7787b9a23
Sha1:   4792b0893827924e84cc51450012407717da4d2b
Sha256: f14393b6bcc036fa9ed61114944ebb25192adfec72c09807eb7948a88c790d69
                                        
                                            POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 98
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/json
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e25980d6ffabc-OSL
access-control-allow-origin: http://citi.requestssl.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 27536c30ee3b62e3
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e259a3ec5fabc-OSL
access-control-allow-origin: *
age: 194012
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"102f7-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66295
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/json
                                        
date: Fri, 09 Dec 2022 13:39:27 GMT
cf-ray: 776e259a3ec8fabc-OSL
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Mon, 06 Dec 2032 13:39:27 GMT
last-modified: Fri, 09 Dec 2022 13:39:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&r=1670593166435 HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
                                        
date: Fri, 09 Dec 2022 13:39:27 GMT
cf-ray: 776e25a02bdefabc-OSL
access-control-allow-origin: http://citi.requestssl.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: 3d515badd607c046
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citi.requestssl.com HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e2597cd4ffabc-OSL
access-control-allow-origin: *
age: 194014
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"f871-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=63601
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=18&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/json
                                        
date: Fri, 09 Dec 2022 13:39:27 GMT
cf-ray: 776e259a3ec6fabc-OSL
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Mon, 06 Dec 2032 13:39:27 GMT
last-modified: Fri, 09 Dec 2022 13:39:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e259a3ec1fabc-OSL
access-control-allow-origin: *
age: 194014
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"7380-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29568
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1 
Host: siteintercept.qualtrics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.208.240
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 09 Dec 2022 13:39:26 GMT
cf-ray: 776e259a3ec0fabc-OSL
access-control-allow-origin: *
age: 194014
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9eb-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2539
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---