r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3646
Expires: Wed, 07 Dec 2022 08:11:47 GMT
Date: Wed, 07 Dec 2022 07:11:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1173
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 07:11:01 GMT
Last-Modified: Wed, 07 Dec 2022 06:51:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3658
Expires: Wed, 07 Dec 2022 08:11:59 GMT
Date: Wed, 07 Dec 2022 07:11:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 06:20:28 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3033
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 1zW2RN/LsEdVbKwv9HV81x6n+LpWrahDFGNbFBCmlriVsc8I5E//W4G/w+TJk2ySXSHFndIcQX4=
x-amz-request-id: 5YJMGDNNYDQ1VYBJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 06:47:24 GMT
age: 1417
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 07:11:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 07:08:58 GMT
cache-control: public,max-age=3600
age: 124
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1132
Cache-Control: max-age=94480
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 07:11:02 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 09:25:42 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
www.securedserver1.my03.com/
198.204.229.178200 OK 4.0 kB URL HTTP/1.1 www.securedserver1.my03.com/
IP 198.204.229.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (984)
Hash efdf41e7c4887675e0c2973da7c72afb
1bbd071171cc3ef1508ff7f002c945d0d6dbe215
707d5b7c0a09a35b44bc4b45ab242d5cc05ec1fdb9c7863ba3be80957424a838
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET / HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:01 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
34.218.168.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.168.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: a8SplbeQlt8qEdMMxc4GsQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4nsTv0/LSg+94VhfqB4G56Eoqbk=
www.securedserver1.my03.com/Guard/css/cf.css
198.204.229.178200 OK 1.8 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/cf.css
IP 198.204.229.178:0
Hash 667fbc35fdd4fd01035271307ed494b6
60e1fe58b0af83b4a326e1af93ca0ca2685d5011
6026255cc26e031389358227ccd1b7de6cba842c3978f9144d31cb30032276ef
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/cf.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:02 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:27:04 GMT
Accept-Ranges: bytes
Content-Length: 1751
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/img/favicon.png
198.204.229.178200 OK 11 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/favicon.png
IP 198.204.229.178:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/favicon.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:03 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 01:55:46 GMT
Accept-Ranges: bytes
Content-Length: 10871
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18100
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 07:11:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18100
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 07:11:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18100
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 07:11:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18100
Expires: Wed, 07 Dec 2022 12:12:44 GMT
Date: Wed, 07 Dec 2022 07:11:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7ee62c5e846e8ad4808f4724f15146d
6d55b299f906908309f91eaf0a720ad65866db04
0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Znjnq24wuXoi43Bfc9aPdcUHhMh-a00hSCXUHFpHq3sTtQQoUYe6Uw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:29:49 GMT
age: 85275
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 550ee57c325ce8d4892400deb24141d3
acece1761a7d4d3926500726c19d528bb204ef4c
7cc68e966362916947e7d6e24d3c001c64298fec2438a97538765d801fa7c92c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd933687b-86e0-407a-9bff-2debb09d5167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10362
x-amzn-requestid: 7fdd2011-e283-467e-9f04-741946a834ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpl_1EsooAMFhvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5065-0cddad1919d984065bd0b03e;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 01:59:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WtZWFmfVSXYRQlYwpBxj8JG_WC91ik_p68HjX7-wCfYb0624CvcBSA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:58:02 GMT
age: 71600
etag: "acece1761a7d4d3926500726c19d528bb204ef4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d0219e6bee2a28f003f396f872eecf0
b3d22d146c6094cb539de40a72b9c5a140802ee5
41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 02299a39-6804-49ae-b415-313b6e06b2ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfj24G39oAMF25Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63894cf8-5f578e3f211063bd125b645a;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 00:55:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uMTaiFjrcbJxWm4M7BuSHPu0BFUMp9UIpMvnvlLs_dajlM0_iObY2A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:52 GMT
age: 33192
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b079607b368263e3517dd30250f5f2af
a1b7863c70f1d501560a5b2fb4442f4835f94341
e7ed3ed2aca312d82fb017e06c6493fafffff9a603d1498c9c05355c08b444e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e484ee7-12d9-41dc-b674-890c51c30626.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5913
x-amzn-requestid: 355ca338-7d8e-4a60-a491-0509d0ff32d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlirF3DIAMF-vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb610-5bff7b5b3984102e1ef0e737;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RlnA4SSUIbIVtGBxqBtabKw58aXWE-jGIKLZ4DnoTiGzvH5bzBOUbA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:54:15 GMT
age: 33409
etag: "a1b7863c70f1d501560a5b2fb4442f4835f94341"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb1ea0161d261518c99909aff49e6f58
c3b915cb579b651db25442fea0bbedd0d292c0fc
d877a21abfd883a368da0136c4e56d7f590fa9e9ea09dec3675823211fe56385
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6110
x-amzn-requestid: 2ebf542a-dacc-472a-81c0-0c69cb1ec143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEQAH2doAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb3ff-7173ff7941b57fa163e3cc6b;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fxuPjC35VBDaymSCPY_iBxDnQY4CFHgolHSmnDhCRUjzw5UzY7ovA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 04:14:32 GMT
age: 10592
etag: "c3b915cb579b651db25442fea0bbedd0d292c0fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b92721cbe24623f1713a5248d6a7c1b2
3628390c62642dcc375b28f58c9b48180c4abd73
37d0451c03bc7cf0253aba6d3204cbf38502692a0fbc751a3ead01b07e9a65d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc501a87-1b50-43f3-8031-2c93f724dc91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9613
x-amzn-requestid: 3542fd4f-74e3-450b-b7fc-04034d680bf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cslIEEDtIAMFfuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e8233-40eaebed627d374d0910e456;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 23:43:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2aI7z8gOkQiNDlj2tbsoWibfupjl25ZjoO_QRbfmXQKwO-yF455yXg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 07:18:37 GMT
age: 85947
etag: "3628390c62642dcc375b28f58c9b48180c4abd73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
198.204.229.178200 OK 33 kB URL HTTP/1.1 www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
IP 198.204.229.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (975)
Hash b624baa85bf40e9a22bc9387cfce1243
6d954e0f16e75fa8c690e3b7e246abf2691253a1
9058fe7aa34c3318f2a9fee12dce11a5bc1ce5e213108965aa763f181e2181cc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7 HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:04 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.securedserver1.my03.com/Guard/css/Login/normalize.css
198.204.229.178200 OK 9.9 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/normalize.css
IP 198.204.229.178:0
Hash f4c899699f3f6235f3bfa2db0cff86da
cbb6ec7fa4b58fb6c5a700720b239ce27e339646
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/normalize.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:39:40 GMT
Accept-Ranges: bytes
Content-Length: 9922
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/css/Login/ad-containers.css
198.204.229.178200 OK 8.0 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/ad-containers.css
IP 198.204.229.178:0
File type ASCII text, with CRLF line terminators
Hash 65d28549495a385024b93b037e33835f
987adde42fd154ef5da27d9ed3845ccb168ba2f4
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/ad-containers.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:39:40 GMT
Accept-Ranges: bytes
Content-Length: 7985
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/css/Login/flows.css
198.204.229.178200 OK 8.6 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/flows.css
IP 198.204.229.178:0
Hash 078f967787a4306c0ad31bc92c8796f0
9f85a2b460a73c644c82174641e21e2caa315f9c
760a14e8872a498b478f3c942746d7657199d8d7f23ce151368c6e58d9fbc85f
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/flows.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 01:20:10 GMT
Accept-Ranges: bytes
Content-Length: 8622
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/css/Login/citizensns.css
198.204.229.178200 OK 6.0 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/citizensns.css
IP 198.204.229.178:0
Hash 4e258533601217d93e556e99b5e5899e
842e5a1e1eedb691a1d8ad1618d1bbde36ea745a
80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/citizensns.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:39:40 GMT
Accept-Ranges: bytes
Content-Length: 5981
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/css/Login/jquery-ui-1.css
198.204.229.178200 OK 19 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/jquery-ui-1.css
IP 198.204.229.178:0
File type ASCII text, with very long lines (17412)
Hash 554d7d54b6474370d39d74ba81f8a60b
d857a1229ebca1508756c1a46481398cf01803b5
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/jquery-ui-1.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:04 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:39:40 GMT
Accept-Ranges: bytes
Content-Length: 19030
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/css/Login/sec-3-3.css
198.204.229.178200 OK 1.6 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/sec-3-3.css
IP 198.204.229.178:0
File type ASCII text, with very long lines (609)
Hash 2fe4aec8dfb33f933ed5c6515e6a3f8b
995dbff4cbe05148f25301c896bb6a7f04d2ebc1
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/sec-3-3.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:39:40 GMT
Accept-Ranges: bytes
Content-Length: 1601
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/css/Login/main.css
198.204.229.178200 OK 60 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/css/Login/main.css
IP 198.204.229.178:0
Hash 451a0244aa5e30c6be6adc7da5cae907
2ceea2a7c2a36de57de2f248f620a6b76c0a4080
ac687458578c7a3bea39134b211b3db1d9d064dcf01646bcb66312987fd15fe1
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/css/Login/main.css HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 01:21:44 GMT
Accept-Ranges: bytes
Content-Length: 60331
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.securedserver1.my03.com/Guard/img/footer-follow-twitter.png
198.204.229.178200 OK 3.3 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/footer-follow-twitter.png
IP 198.204.229.178:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/footer-follow-twitter.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/img/footer-follow-facebook.png
198.204.229.178200 OK 395 B URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/footer-follow-facebook.png
IP 198.204.229.178:0
File type PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash 25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/footer-follow-facebook.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/img/equal-housing.gif
198.204.229.178200 OK 1.1 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/equal-housing.gif
IP 198.204.229.178:0
File type GIF image data, version 89a, 14 x 9\012- data
Hash 39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/equal-housing.gif HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/gif
www.securedserver1.my03.com/Guard/img/footer-follow-youtube.png
198.204.229.178200 OK 3.3 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/footer-follow-youtube.png
IP 198.204.229.178:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/footer-follow-youtube.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/img/fdicFooter.gif
198.204.229.178200 OK 2.2 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/fdicFooter.gif
IP 198.204.229.178:0
File type GIF image data, version 89a, 56 x 24\012- data
Hash a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/fdicFooter.gif HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
www.securedserver1.my03.com/Guard/img/elh.gif
198.204.229.178200 OK 1.4 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/elh.gif
IP 198.204.229.178:0
File type GIF image data, version 89a, 31 x 24\012- data
Hash f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/elh.gif HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
www.securedserver1.my03.com/Guard/img/CTZ_Green-01.png
198.204.229.178200 OK 4.2 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/CTZ_Green-01.png
IP 198.204.229.178:0
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash edeb1da3a70dc89f6afdf7e104d06f6c
5afd9b50c42c7820edfceebcc47b4443c9dbb0f9
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/CTZ_Green-01.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 4206
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/Fonts/citizen_extrabold.woff
198.204.229.178200 OK 28 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/Fonts/citizen_extrabold.woff
IP 198.204.229.178:0
File type Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Hash 76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/Fonts/citizen_extrabold.woff HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:49:16 GMT
Accept-Ranges: bytes
Content-Length: 27852
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
www.securedserver1.my03.com/Guard/Fonts/citizen_book.woff
198.204.229.178200 OK 32 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/Fonts/citizen_book.woff
IP 198.204.229.178:0
File type Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Hash 0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/Fonts/citizen_book.woff HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:49:16 GMT
Accept-Ranges: bytes
Content-Length: 31864
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: font/woff
www.securedserver1.my03.com/Guard/Fonts/citizen_roman.woff
198.204.229.178200 OK 32 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/Fonts/citizen_roman.woff
IP 198.204.229.178:0
File type Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Hash d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/Fonts/citizen_roman.woff HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:49:16 GMT
Accept-Ranges: bytes
Content-Length: 31968
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff
www.securedserver1.my03.com/Guard/Fonts/citiolb_icons.woff
198.204.229.178200 OK 18 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/Fonts/citiolb_icons.woff
IP 198.204.229.178:0
File type Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Hash 022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/Fonts/citiolb_icons.woff HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:45:30 GMT
Accept-Ranges: bytes
Content-Length: 18524
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
www.securedserver1.my03.com/Guard/Fonts/citizen_bold.woff
198.204.229.178200 OK 29 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/Fonts/citizen_bold.woff
IP 198.204.229.178:0
File type Web Open Font Format, TrueType, length 29304, version 1.0\012- data
Hash c0f795cba89d0c65078577b8b1b7c62a
6fd231b6616aad9abdfc37562541da3db904e6ac
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/Fonts/citizen_bold.woff HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:49:16 GMT
Accept-Ranges: bytes
Content-Length: 29304
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
www.securedserver1.my03.com/Guard/img/flows-tooltip.png
198.204.229.178200 OK 364 B URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/flows-tooltip.png
IP 198.204.229.178:0
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/flows-tooltip.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/flows.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:55:16 GMT
Accept-Ranges: bytes
Content-Length: 364
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/img/arrow-button-white.png
198.204.229.178200 OK 1.0 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/arrow-button-white.png
IP 198.204.229.178:0
File type PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/arrow-button-white.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/flows.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:54:12 GMT
Accept-Ranges: bytes
Content-Length: 1017
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/img/icon-secure.png
198.204.229.178200 OK 292 B URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/icon-secure.png
IP 198.204.229.178:0
File type PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/icon-secure.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/flows.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:05 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:46:44 GMT
Accept-Ranges: bytes
Content-Length: 292
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/Guard/img/arrow-down-blue.png
198.204.229.178200 OK 1.1 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/arrow-down-blue.png
IP 198.204.229.178:0
File type PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/arrow-down-blue.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:06 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 01:19:58 GMT
Accept-Ranges: bytes
Content-Length: 1054
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
www.securedserver1.my03.com/efs/efs/grafx/arrow-right-orange.png
198.204.229.178404 Not Found 315 B URL HTTP/1.1 www.securedserver1.my03.com/efs/efs/grafx/arrow-right-orange.png
IP 198.204.229.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Guard/css/Login/main.css
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 404 Not Found
Date: Wed, 07 Dec 2022 07:11:06 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.securedserver1.my03.com/Guard/img/footer-follow-linkedin.png
198.204.229.178200 OK 3.2 kB URL HTTP/1.1 www.securedserver1.my03.com/Guard/img/footer-follow-linkedin.png
IP 198.204.229.178:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
Analyzer Verdict Alert urlquery phishing Phishing - Citizens Bank
urlquery suspicious Suspicious - DynDNS domain
GET /Guard/img/footer-follow-linkedin.png HTTP/1.1
Host: www.securedserver1.my03.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.securedserver1.my03.com/Login/?token=42ede83a5aecb452f98c945d26753d012bdc84a89c4758a6d206bded4805c3966b59f6996c3dd167bad88cbd8d1c2045ed638afd88a6e8ebad7c7096b8f078a7
Cookie: PHPSESSID=ca644d47a9381bd295140db1e80ce972
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 07:11:06 GMT
Server: Apache
Last-Modified: Sun, 02 May 2021 00:52:32 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png