ctzn-secure3ab.ga/login.php
104.21.70.84301 Moved Permanently 0 B URL HTTP/1.1 ctzn-secure3ab.ga/login.php
IP 104.21.70.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: ctzn-secure3ab.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 21:35:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 28 Nov 2022 22:35:21 GMT
Location: https://ctzn-secure3ab.ga/login.php
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2B8i0sjTx5YHFVsq3JkFkfTpWGhKoWaCbd80e6goMoUpcQkuA57AanK6z8oF4DjTYHe46r6zVfHWftxDmgTpLuZG6Ps0u4DLU7JxM9XnYf0wwvOPUpw0z4ekeJ3zvWw%2BY2dOOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77163b9fde1eb527-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5682
Expires: Mon, 28 Nov 2022 23:10:03 GMT
Date: Mon, 28 Nov 2022 21:35:21 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2433
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:21 GMT
Last-Modified: Mon, 28 Nov 2022 20:54:48 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 21:17:49 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1052
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4508
Expires: Mon, 28 Nov 2022 22:50:29 GMT
Date: Mon, 28 Nov 2022 21:35:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7FRiqsKDMVHZYj5ujQE57nyVNW1flda4znfuA78j4BK25lGKRVQ+madtfNpqQFPoUcIZDy8ca2wR7jcc0zah7Q==
x-amz-request-id: MKBR7BJVVENXRE5K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 20:45:10 GMT
age: 3011
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 21:35:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/4MPL2MPSC4Q
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/4MPL2MPSC4Q
IP 142.250.74.3:0
Hash f78d347a6a90ce6c151da3d55b1a38ea
2fa26e49e95c973a47d76b52e4490cac1c50333f
2ec531107ca64315f368c1abdeb4271f3735e49e128eebd6cc42046a3bd4cc64
POST /s/gts1p5/4MPL2MPSC4Q HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 21:08:55 GMT
cache-control: public,max-age=3600
age: 1587
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5936
Cache-Control: max-age=133829
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:22 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:45:51 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash b06a47cab2adc70d2b9ca5dfce29facc
a7fbbed4927ebaa8768a40dc3c51f36a70025dc0
09a13f7025b74a71f8f3ee4ea30a8743dc244755af89b03769cd09f99378038d
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "09A13F7025B74A71F8F3EE4EA30A8743DC244755AF89B03769CD09F99378038D"
Last-Modified: Mon, 28 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3553
Expires: Mon, 28 Nov 2022 22:34:35 GMT
Date: Mon, 28 Nov 2022 21:35:22 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash b06a47cab2adc70d2b9ca5dfce29facc
a7fbbed4927ebaa8768a40dc3c51f36a70025dc0
09a13f7025b74a71f8f3ee4ea30a8743dc244755af89b03769cd09f99378038d
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "09A13F7025B74A71F8F3EE4EA30A8743DC244755AF89B03769CD09F99378038D"
Last-Modified: Mon, 28 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3553
Expires: Mon, 28 Nov 2022 22:34:35 GMT
Date: Mon, 28 Nov 2022 21:35:22 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash b06a47cab2adc70d2b9ca5dfce29facc
a7fbbed4927ebaa8768a40dc3c51f36a70025dc0
09a13f7025b74a71f8f3ee4ea30a8743dc244755af89b03769cd09f99378038d
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "09A13F7025B74A71F8F3EE4EA30A8743DC244755AF89B03769CD09F99378038D"
Last-Modified: Mon, 28 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3591
Expires: Mon, 28 Nov 2022 22:35:13 GMT
Date: Mon, 28 Nov 2022 21:35:22 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash b06a47cab2adc70d2b9ca5dfce29facc
a7fbbed4927ebaa8768a40dc3c51f36a70025dc0
09a13f7025b74a71f8f3ee4ea30a8743dc244755af89b03769cd09f99378038d
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "09A13F7025B74A71F8F3EE4EA30A8743DC244755AF89B03769CD09F99378038D"
Last-Modified: Mon, 28 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3553
Expires: Mon, 28 Nov 2022 22:34:35 GMT
Date: Mon, 28 Nov 2022 21:35:22 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/4MPL2MPSC4Q
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/4MPL2MPSC4Q
IP 142.250.74.3:0
Hash f78d347a6a90ce6c151da3d55b1a38ea
2fa26e49e95c973a47d76b52e4490cac1c50333f
2ec531107ca64315f368c1abdeb4271f3735e49e128eebd6cc42046a3bd4cc64
POST /s/gts1p5/4MPL2MPSC4Q HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
104.110.3.220200 OK 10 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
IP 104.110.3.220:0
Hash e8a5a242bcaea8c7314ccbb04612d922
101e2286a81e108dd00c618032d793b2dc5366b3
8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7
GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5edc96484414d"
last-modified: Sun, 27 Nov 2022 06:31:53 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2185
x-olb-req-received: t=1669530645613268
content-length: 10382
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.216.88.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.88.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QYE9K5E4trsEeOpVzkxkew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cYv/5c5WJQ3GBN+1VYfavCy0MC8=
www4.citizensbankonline.com/akam/11/7c3ed55c
104.110.3.220404 Not Found 9 B URL HTTP/2 www4.citizensbankonline.com/akam/11/7c3ed55c
IP 104.110.3.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Mon, 28 Nov 2022 21:35:22 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=458BAF7AE597E76F3BBC738CF922060E~000000000000000000000000000000~YAAQnE8kF434IoSEAQAACYUqwBE5l9ZIsiE9KLydkpM4+7TSn0neOr1wzgpZB8UZCYEEWaDjrUdtv1W/bLfdyhIJpEoWVxRrNmPeyncB6ASKroFBQNaP2fQGk4xWmeA7e0tX+4YeOUBMN7HFZneEyidHN3uDFJAdvjM8CJK4gLJt2W4HlPlgFfzuDDFmP4YaWVHDUQ7NpfSYwNsvBreaHnftIWEayb+gtBN39mIHn+BKdu32jZ0GtQPkojp8ZhqGeBWz4F2J4nJ1cL3FfRhLsfIoDknEAro1vS2dyvzq/Li2obMeuB8/WQAiPj5d/hRyToIj79YSD2jDS9DoVxoYkymwrWRVQ1pa46YR0j6srrCDr/0EVzAM0rhtEeltgTNpdjLjkHFRuVuS50QrNXoxOemnLjlk; Domain=.citizensbankonline.com; Path=/; Expires=Mon, 28 Nov 2022 23:35:22 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
104.110.3.220200 OK 4.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
IP 104.110.3.220:0
Hash cc2102df58511c9a2653b1dff48ca8d7
64790e6adff6768178ab7d0ad9a4fbc2849b81f2
b9abbff7d9e75763790fd3b291f21525fe85583b397fe5f4b260bc99ff48aab7
GET /efs/efs/jsp-ns/scripts/main.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4c03-5edc9641ad03d"
last-modified: Sun, 27 Nov 2022 06:36:22 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=798
x-olb-req-received: t=1669530644202467
content-length: 3967
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
104.110.3.220200 OK 1.4 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
IP 104.110.3.220:0
File type ASCII text, with very long lines (4237)
Hash f42064b9d324029ba5cb5afccc50b641
3993f47a728f00ee410a143361ab33b0339455f7
b02a1a4d60ab1f5c740784e9a27a7f0a85178466573fb29fb0bd7afdccf7b5f0
GET /efs/efs/jsp-ns/scripts/placeholders.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "10aa-5edc96484685d"
last-modified: Sun, 27 Nov 2022 06:37:08 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=384
x-olb-req-received: t=1669530653872351
content-length: 1394
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
104.110.3.220200 OK 3.1 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP 104.110.3.220:0
File type ASCII text, with very long lines (17412)
Hash ac9a70a6f100c02749dfadb709b6eadf
69906e55ace36c217a52d428029a3c71dc16a7e4
466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a
GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5edc9641aa92d"
last-modified: Sun, 27 Nov 2022 06:43:01 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=661
x-olb-req-received: t=1669530645717364
content-length: 3118
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
104.110.3.220200 OK 2.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
IP 104.110.3.220:0
Hash 0a445a15e0f09a7738952731fdf3fe9d
3d4cef20189303cc4f24c27da1b8d2043e700cea
173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54
GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5edc96484414d"
last-modified: Sun, 27 Nov 2022 06:32:58 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=517
x-olb-req-received: t=1669530653750963
content-length: 2300
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
104.110.3.220200 OK 5.5 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
IP 104.110.3.220:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 088d590db53a3ede82a998537283c75d
87ed57fd5e2a623f35f80a3684c2de916ce4e2f8
d45c62a7108121887dc8866d445dde985d96b82143b3da2c9068e32caf316db4
GET /efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "3c36-5edc9641ad03d"
last-modified: Sun, 27 Nov 2022 06:37:37 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=762
x-olb-req-received: t=1669530644064943
content-length: 5535
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
104.110.3.220200 OK 2.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
IP 104.110.3.220:0
Hash 07507f946ee4b2b9d4affc283b431119
00218cebeb305b00ae4ef74e4a67957d3c43e6f2
44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830
GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5edc964de6466"
last-modified: Sun, 27 Nov 2022 06:31:44 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=665
x-olb-req-received: t=1669530645678883
content-length: 1975
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
104.110.3.220200 OK 1.2 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
IP 104.110.3.220:0
Hash e9404d7ddc1ef0b93851879620bfea8a
69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772
GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5edc964de6466"
last-modified: Sun, 27 Nov 2022 06:40:33 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=507
x-olb-req-received: t=1669530653662549
content-length: 1227
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
104.110.3.220200 OK 5.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
IP 104.110.3.220:0
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "149d-5e848db420aa2"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1669530644172039
x-olb-req-duration: D=123
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464205
expires: Sun, 04 Dec 2022 06:32:07 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
104.110.3.220200 OK 39 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
IP 104.110.3.220:0
Hash 2940c843ff15ab8e9f02511625f33e57
98ccd0fb1d60770a1aadf90d41daa49cab543cb3
4aed3165815cc1806999483e40a47863accf1cead25769de0162921f2f590298
GET /efs/efs/jsp-ns/scripts/plugins.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "31d24-5edc964dee165"
last-modified: Sun, 27 Nov 2022 06:35:06 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=8343
x-olb-req-received: t=1669530653813612
content-length: 38875
cache-control: max-age=38842
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
104.110.3.220200 OK 32 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Hash d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "7ce0-5edc964deb286"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1669530644781082
x-olb-req-duration: D=188
access-control-allow-origin: *
cache-control: max-age=464284
expires: Sun, 04 Dec 2022 06:33:27 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
104.110.3.220200 OK 29 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
IP 104.110.3.220:0
File type ASCII text, with very long lines (32089)
Hash 82481a92ac472d179954d66e38f72d07
ea65071dbc1ab11ed29e76bdd30eabbe6cdbc3ec
c8e2e6f9e0e01dcfec7f2633efdd7f8f9d78ba3920e86a0d1231f487928b5fe4
GET /efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "169d6-5edc964844d05"
last-modified: Sun, 27 Nov 2022 06:32:48 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=4738
x-olb-req-received: t=1669530714227106
content-length: 29409
cache-control: max-age=38841
expires: Tue, 29 Nov 2022 08:22:44 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www4.citizensbankonline.com/akam/11/7c3ed55c
104.110.3.220404 Not Found 9 B URL HTTP/2 www4.citizensbankonline.com/akam/11/7c3ed55c
IP 104.110.3.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Mon, 28 Nov 2022 21:35:23 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=B6A668705C0FB864C4EC090CB1C7CB56~000000000000000000000000000000~YAAQnE8kF6j4IoSEAQAA/YYqwBGxEJG12XRknzgu4tKWJl6Qp/3dzwsM99r+jtgCeG6hcmSUlDMvPuQTdgAji0D87B09RAKWxUsqdkb4N/bW1OkgONG5uT5yJUu/pXKdvVFQtypOc3N92F0Ui0VQrzyDhz9ipnQ23E3N6fwnJNhstVplBwupyEaX0R1dZJLT9iuj+IVgRqymH1cUE9iRwYNHF2sc3ypsH3zda2gQxctjUDy7RsVMADDomXDzdN1zSKEbqBaJ+OJRNc27pOMdXth7gE1CtL7wg2JkMo91I/9NRsORpxibJhr69zi+TAHxhC54xfSfLOPMv7np5KiVoryRYLuVQXMQkzdlbvdAqNNoHTXleS6O1v947jvRgVOEyj/wzxki/Ifi8+T+PwyllYGaoWGi; Domain=.citizensbankonline.com; Path=/; Expires=Mon, 28 Nov 2022 23:35:23 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:42:54 GMT
etag: "26ce-5c0694cac1b80"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669671323287527
x-olb-req-duration: D=205
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=816
expires: Mon, 28 Nov 2022 21:48:59 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=466, origin; dur=79
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=B26021F8D50ADC06B7EC613D398C34AA~000000000000000000000000000000~YAAQnE8kF6n4IoSEAQAAAocqwBE2hIoP/7wIQ9b0KXNhUYcBzugQWIjyf0KMTXqQj/WtVpkFAy/OztE/QyZlcoFMSAl94SiMaXijSYgixPhqEitQW/FQfUfKh/0lUF0LAmEhppWQDWxML35UC9rggMepG4xJbnu9gS7kIDISdXgI4fxrkWdXvza2pdlieSKKBRkyry7pS4MLI2qIpXKG6xZ6fhsJz8Z/4v4xTGF9zTzRHdog1NYQHe8AazE/aJ97NxPZPWy1LfA5XzRCnvlM/740lFkEgIOPYX4ppv4sc3TwbinIhsngtmF7V3+XbhIXULoJS/kEGhfxvcuf02dc+HKmSzkjHUXdYyC5iHl1745K15ElttWEcv5+nU6hDTCpG23eErK7koyHSMA2vft25ORmjHi1; Domain=.citizensbankonline.com; Path=/; Expires=Mon, 28 Nov 2022 23:35:22 GMT; Max-Age=7199; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
104.110.3.220200 OK 292 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
IP 104.110.3.220:0
File type PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cc1227"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1669530653636884
x-olb-req-duration: D=177
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464056
expires: Sun, 04 Dec 2022 06:29:39 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
104.110.3.220200 OK 580 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
IP 104.110.3.220:0
Hash 09211c1466f1c6dea2a3e1a821e1ed85
e2cba4b368ba5ca2644d0d4bdd0fb19d6ebbaa87
d43198205e2ff4e76486a693cb97dd6f555d36a47509bd6c090ef6bf74b340b2
GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbab17"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1669530644027005
x-olb-req-duration: D=101
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464170
expires: Sun, 04 Dec 2022 06:31:33 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
104.110.3.220200 OK 1.2 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
IP 104.110.3.220:0
Hash 3e19cd72d2accea4854980590a1b277b
e1ed27034abb6ab0fca3f4f3b313b0aa23f9e1d2
e4ff0bb978710892e63432a4a8cc1f61c7182c17c5595f4b387feaf9e0f2e010
GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4d20"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1669530644861876
x-olb-req-duration: D=147
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464074
expires: Sun, 04 Dec 2022 06:29:57 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
104.110.3.220200 OK 1.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
IP 104.110.3.220:0
Hash 1c06a148622d30dc3557b46b7598f438
0ea2b751e681e997a3af30e0c2757654a53d651b
b5d2e8414bf8f855d22f613b8ae824157303f6906581f58df9438bba07cd38d6
GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1669530644127915
x-olb-req-duration: D=108
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464125
expires: Sun, 04 Dec 2022 06:30:48 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
104.110.3.220200 OK 165 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
IP 104.110.3.220:0
File type PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5357"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1669530644111962
x-olb-req-duration: D=95
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464164
expires: Sun, 04 Dec 2022 06:31:27 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
104.110.3.220200 OK 18 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Hash 022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
GET /efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "485c-5edc9641a5b0d"
accept-ranges: bytes
content-length: 18524
x-olb-req-received: t=1669530644749296
x-olb-req-duration: D=159
access-control-allow-origin: *
cache-control: max-age=464196
expires: Sun, 04 Dec 2022 06:31:59 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
54.230.111.63200 OK 63 kB URL HTTP/2 nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
IP 54.230.111.63:0
File type ASCII text, with very long lines (594)
Hash 9f9310d8d1ccdd5df905e72c2e36b398
edd2807bdb65ec178ca7ae0331e6057dc3cc12b3
9e91eacfbcd78f65b6126e63844fe75a5725f67af9bcfd954a1319279a35d433
GET /citizensbank/olbprod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 26 Oct 2022 15:44:45 GMT
x-amz-replication-status: PENDING
last-modified: Wed, 26 Oct 2022 15:44:22 GMT
etag: W/"39bf7a3a8df0e7cc7aac36800368843a"
x-amz-server-side-encryption: AES256
cache-control: max-age=300
x-amz-version-id: n.3u3tglJzlUidakqrAu0WJ9p85U4QzX
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NDS1Sp6K0edbHsemQRCv5kbB4hfu2q8skuSi6G1rhET5IAs3bJjYuA==
age: 2872238
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
104.110.3.220200 OK 28 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Hash 76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "6ccc-5edc964de9b16"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1669530644378190
x-olb-req-duration: D=138
access-control-allow-origin: *
cache-control: max-age=464128
expires: Sun, 04 Dec 2022 06:30:51 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
104.110.3.220200 OK 14 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
IP 104.110.3.220:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e
GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "3653-5edc9641b8005"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1669530689268693
x-olb-req-duration: D=154
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464215
expires: Sun, 04 Dec 2022 06:32:18 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
104.110.3.220200 OK 11 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
IP 104.110.3.220:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f
GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "2a77-5edc9641b83ed"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1669530651482186
x-olb-req-duration: D=168
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=464148
expires: Sun, 04 Dec 2022 06:31:11 GMT
date: Mon, 28 Nov 2022 21:35:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=https%3A%2F%2Fctzn-secure3ab.ga%2Flogin.php
54.230.111.63200 OK 615 B URL HTTP/2 nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=https%3A%2F%2Fctzn-secure3ab.ga%2Flogin.php
IP 54.230.111.63:0
Hash 623679834e2a0da649bcdca99ebb5fc4
001ebe15ca9d3df057ac80416f02a33d0a441a64
15a2af33a85f2582fc0510d958c266a6cd280dd0b7af6c47b718e57d0332b2f0
GET /citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=https%3A%2F%2Fctzn-secure3ab.ga%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
content-length: 399
server: nginx
date: Mon, 28 Nov 2022 21:35:23 GMT
expires: Mon, 28 Nov 2022 21:35:22 GMT
cache-control: no-cache, no-store
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KCqLjMadDPo8C96VSVmq7fb6fTYPCWMlHW8lUr7BRSCsO1FRwIiejg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 04a1e174fccea9e65be21b0c9746de94
a62527b64c568170053ef10f12f479c61848a6a8
b14de7ab62003f342cb84b98caa3bd291bf24d9cefdad1571edfd94aa0a483da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4190
Cache-Control: max-age=121286
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:23 GMT
Etag: "63845003-1d7"
Expires: Wed, 30 Nov 2022 07:16:49 GMT
Last-Modified: Mon, 28 Nov 2022 06:06:59 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128
52.213.200.83302 Found 218 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128
IP 52.213.200.83:0
Hash 10474b6d85fbb1571e6102dff4f59019
17bda34096d0594ba34779c7c6232601e99b0fbd
2dfdf51e696ac7bbb69b991f98bc182205db11271b203c008efeb60f481a2d45
GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ctzn-secure3ab.ga
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=46570616552598573381869074498003717960; Max-Age=15552000; Expires=Sat, 27 May 2023 21:35:23 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: vtvYf/M1RFs=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128
52.213.200.83200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128
IP 52.213.200.83:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669671322128 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ctzn-secure3ab.ga
Content-Type: application/x-www-form-urlencoded
Referer: https://ctzn-secure3ab.ga/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ctzn-secure3ab.ga
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-028e6f909.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: JLGCoeJMS9A=
Content-Length: 124
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash f700a34fbaa5509fc98fa3e192f57174
1c2a4dbc974d066d387f71087f112dabf702be66
2fa1bb4c30ef1a1b899997a8038f2a4a4320117ce3c42e81475d143d5f110250
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:43:25 GMT
Expires: Sat, 03 Dec 2022 15:43:24 GMT
Etag: "1c2a4dbc974d066d387f71087f112dabf702be66"
Cache-Control: max-age=410280,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bada80f1c02-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2564
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 21:35:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2563
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 21:35:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2563
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 21:35:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2563
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 21:35:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2563
Expires: Mon, 28 Nov 2022 22:18:07 GMT
Date: Mon, 28 Nov 2022 21:35:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:42:14 GMT
age: 85990
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9acc1fbab1686321509fbddb111f3dec
1e07bde1934696c38126c569938fb160148efe0a
8639b1e868a7eb1b7293996847e512c0242f677d2d0b4123298d23b5888d9b8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4320
Cache-Control: max-age=100893
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:24 GMT
Etag: "6383ffda-1d7"
Expires: Wed, 30 Nov 2022 01:36:57 GMT
Last-Modified: Mon, 28 Nov 2022 00:24:58 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
lptag.liveperson.net/tag/tag.js?site=89632304
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=89632304
IP 178.249.101.23:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd
GET /tag/tag.js?site=89632304 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 84818
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 10:13:33 GMT
age: 40911
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 84818
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
54.230.111.63200 OK 13 kB URL HTTP/2 nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
IP 54.230.111.63:0
File type ASCII text, with very long lines (564)
Hash b5a21ecc2637897e93a95a9acbcb28ed
3f25d67ca0323ba523979a6ccf474bdec2eb1f38
42c39ab3a6d47af6054587fb7430f1c4b4f8165d8ec7de9007098da6d5142ad2
GET /citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 26 Oct 2022 15:44:28 GMT
x-amz-replication-status: PENDING
last-modified: Wed, 26 Oct 2022 15:44:21 GMT
etag: W/"83105033d3f7f9905b026d4c409b655e"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: UC6_GkBHShiJU9saRInmbngEX7lPiXpp
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R_ma4vcBAyj3yslsMzck3CagvfQnqw7tdgjmjQULdV7b_BSGWp-xmA==
age: 2872256
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15bd53848c7082464273007e010c54e0
9a3ca698ca1aeae695923277ed2244465e01a1ea
36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10119
x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR782HEZIAMFTKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _jTN1lFL0_PS-9DYgE6O2V6s6AYnlGJs0xCEHn761Mxq_asytlaRoQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:40 GMT
age: 85424
etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669671323209
15.236.176.210200 OK 48 B URL HTTP/2 smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669671323209
IP 15.236.176.210:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 19dacdf5c7b6f145d5115a99715eed9a
fb40e874545585efb2e95ffa53ce8baf3c44fab1
2797dc1050672ff3bda3b764887108b6b0e4cc536681d49e098ca7818ca8ea1c
GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669671323209 HTTP/1.1
Host: smetrics.citizensbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://ctzn-secure3ab.ga
access-control-allow-credentials: true
date: Mon, 28 Nov 2022 21:35:24 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=0%7CMCMID%7C41530818487512781360565699621135057725; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Wed, 27 Nov 2024 21:35:35 GMT;
s_ecid=MCMID%7C41530818487512781360565699621135057725; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Wed, 27 Nov 2024 21:35:35 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=41530818487512781360565699621135057725&ts=1669671323386
52.213.200.83200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=41530818487512781360565699621135057725&ts=1669671323386
IP 52.213.200.83:0
File type JSON data\012- , ASCII text, with very long lines (3749), with no line terminators
Hash 2b09a0d0f2c0c6a4db307337dab318cf
d3ed8f4f32e7536ccde4d6eacd3f140f3f1c8b03
49c0f5b70242ddb6b439c3962ecf6c78ca59eef0c31ba14dd5f7718a832e8852
GET /id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=41530818487512781360565699621135057725&ts=1669671323386 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ctzn-secure3ab.ga
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0e6039550.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=41561254618284498870564910620900130138; Max-Age=15552000; Expires=Sat, 27 May 2023 21:35:24 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: qNDqS36FTx8=
Content-Length: 1314
Connection: keep-alive
nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
151.101.85.175200 OK 516 B URL HTTP/2 nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
IP 151.101.85.175:0
File type ASCII text, with very long lines (573)
Hash 0949250dbf9dfbf5a4b558745f9c2777
501ab60bb5a0f1febd09ff9335c897391f8fb8e4
25ca704d115ceeb422832620edfaf6425e94e31b10ecb420644a967e20105943
GET /wu/356861/onsite/embed.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7q4E+xJya3JQN02XYVcawmxqX7Vp8BBOuEH782L5SG5wU1Ky5WmN4+xTgd0GSFqBZygzHz92MKg=
x-amz-request-id: T3YET0YCYQ48Q1VS
last-modified: Thu, 17 Nov 2022 01:43:28 GMT
etag: "d702a2b9ebe4f8826d0a3b100f1e7b3d"
x-amz-version-id: mptjfWx1ykDRDnf_B8nj8XXvWUEoGBBU
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 21:35:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1681-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669671324.140678,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 516
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
151.101.85.175200 OK 115 kB URL HTTP/2 nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP 151.101.85.175:0
File type Unicode text, UTF-8 text, with very long lines (53474)
Size 115 kB (115133 bytes)
Hash 7ed0576023d7e4cdb6411897ed856328
38ea0ed2a3b78b8ad6b474be67c5922124342c11
fbfdcefb6749b742b55a9d6c2d2e294772d67cf51a3ef7b1929ee75107ea1f7c
GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: R245FGFYgLzgm6CjhZXX391x+/nrm8EsevbjLVXUitRuMOvvg1EDEb/G66Uls1eoe7HL3lmQCiY=
x-amz-request-id: T3Y691PWPTBXF4W3
last-modified: Thu, 17 Nov 2022 01:43:27 GMT
etag: "7dd7a0cbfa04919de4a6dd07c7075dbc"
x-amz-version-id: 9Qu9pUDBqhBI0WezIkmyLK82GWZf1Oui
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 21:35:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1681-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669671324.164936,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 115133
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2e3c535da94dd530e8452ce89df29277
a2f546d432334a8dabcafb3c8f6f8794db51ba45
c148cadc4f5fafe8f3d5ddfd91b538dc5c2da4befb385f3d9cfbd0dd368a85d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=164977
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 21:35:24 GMT
Etag: "63850b0d-116"
Expires: Wed, 30 Nov 2022 19:25:01 GMT
Last-Modified: Mon, 28 Nov 2022 19:25:01 GMT
Server: nginx
Content-Length: 278
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
143.204.55.129200 OK 23 kB URL HTTP/2 cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP 143.204.55.129:0
File type ASCII text, with very long lines (574)
Hash 967ccacdde106f76e2eaee3b6b937d1e
d5b4ff6da3aec5b3623ebc20cf33a0021256b867
3e4ba261cc6d6299c5ec221257f52412433b273c3c6bd754de7c52b5035923d2
GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 16 Nov 2022 01:06:39 GMT
server: nginx/1.16.1
last-modified: Tue, 06 Sep 2022 21:05:12 GMT
etag: W/"6317b608-d132"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eddHEd54CvG_d1WmmZoY3KgoWAW-ZE6N42tpy1KnItt0VvIKLkTT4A==
age: 1110525
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3abfda95da9161a7940e489ba957e237
ddedb2266b851ea1e32ea00962e126b99d7709e4
7bddacb5331afb1e017c6a1e3cfaec6812354693597686f07328c2186200a538
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=150152
Date: Mon, 28 Nov 2022 21:35:24 GMT
Etag: "6384bf1f-1d7"
Expires: Wed, 30 Nov 2022 15:17:56 GMT
Last-Modified: Mon, 28 Nov 2022 14:01:03 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TTih9xlQWZm63Ge9h7R_YxGfDGTTLWlAJUaeNnZCUsSU7Z_7UwdDVA==
Age: 4613
cm.everesttech.net/cm/dd?d_uuid=41561254618284498870564910620900130138
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=41561254618284498870564910620900130138
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=41561254618284498870564910620900130138 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 28 Nov 2022 21:35:24 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4UpnAAAAGxiyQOJ; Domain=.everesttech.net; Expires=Tue, 28-Nov-2023 21:35:24 GMT; Path=/
everest_session_v2=Y4UpnAAAAGxiygOJ; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ
Server: AMO-cookiemap/1.1
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash a5d8b01dc05d6093591561a25fdef524
5ba5d6b976e0fe02042cf11dc44e3c5c37618930
519df958131f1ee50702252f9c2447b9a7a57f40769c36564c4ecb3bec6b8283
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 21:35:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Mon, 05 Dec 2022 16:47:36 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "5ba5d6b976e0fe02042cf11dc44e3c5c37618930"
Last-Modified: Mon, 28 Nov 2022 16:47:37 GMT
X-Proxy-Cache: HIT
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=326789,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bb2a97bb52d-OSL
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwczovL2N0em4tc2VjdXJlM2FiLmdhL2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5NjcxMzIzNjExIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjMDJhODdjNzdlOC0wY2MxZTA4NDJiYjM1Mi1jNTA1NDI1LTE0MDAwMC0xODRjMDJhODdjODU1OCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1tYWluIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cHM6Ly9jdHpuLXNlY3VyZTNhYi5nYS9sb2dpbi5waHAiLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjliZDYtMmQ4YS1kOTRhLWNkMzUtMjkxYS0xM2Q2LWIxMWEtNjY0OSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY5NjcxMzIzNjA5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDU3MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDguMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDguMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2OTY3MTMyMzYxMCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwczovL2N0em4tc2VjdXJlM2FiLmdhL2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5NjcxMzIzNjExIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjMDJhODdjNzdlOC0wY2MxZTA4NDJiYjM1Mi1jNTA1NDI1LTE0MDAwMC0xODRjMDJhODdjODU1OCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1tYWluIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cHM6Ly9jdHpuLXNlY3VyZTNhYi5nYS9sb2dpbi5waHAiLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjliZDYtMmQ4YS1kOTRhLWNkMzUtMjkxYS0xM2Q2LWIxMWEtNjY0OSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY5NjcxMzIzNjA5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDU3MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDguMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDguMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2OTY3MTMyMzYxMCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwczovL2N0em4tc2VjdXJlM2FiLmdhL2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5NjcxMzIzNjExIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjMDJhODdjNzdlOC0wY2MxZTA4NDJiYjM1Mi1jNTA1NDI1LTE0MDAwMC0xODRjMDJhODdjODU1OCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1tYWluIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cHM6Ly9jdHpuLXNlY3VyZTNhYi5nYS9sb2dpbi5waHAiLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjliZDYtMmQ4YS1kOTRhLWNkMzUtMjkxYS0xM2Q2LWIxMWEtNjY0OSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY5NjcxMzIzNjA5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDU3MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDguMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDguMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2OTY3MTMyMzYxMCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-s0hr
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 9b1aa11b10e771c9af299261e080b403
0f53791e86fbe0c9b72c93fa503d9c2d19501ad9
34c663004c564192f026003b38a27102a445a92f660a7c286e6e1f9868a9ce5b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108957
Date: Mon, 28 Nov 2022 21:35:24 GMT
Etag: "63842044-1d7"
Expires: Wed, 30 Nov 2022 03:51:21 GMT
Last-Modified: Mon, 28 Nov 2022 02:43:16 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _tC1GCpgDQI235KQmdqBFnSLkpWzUD5Jt4NjtIP3hHqKFqiL2IAy0g==
Age: 4086
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=326789,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bb28d3d1c02-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=326789,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bb2a913b523-OSL
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee%3A0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pv=2&f_cls_s=true
3.87.234.62200 OK 429 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee%3A0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pv=2&f_cls_s=true
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Hash be459c45619eb321f0f824d1cd58a577
a65d5eb693ffe22a0e06d10f6356eb4badaaa58b
e852d057c1fe4d6fa1a23955825539ef849be465c7e2d183014efc51c1b5262b
GET /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee%3A0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pv=2&f_cls_s=true HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:24 GMT
Content-Type: application/json
Content-Length: 429
Connection: keep-alive
Set-Cookie: AWSALB=AxYVRLA/AzcVD+ROpNT9uh2d3k4AWuNLD5Xxzcgfuui4iocuYsiykHiIGIeEAGmqAIxaas5k9r0q/gIaVBRrXWqaP/VzemfEnn6Z3XcgvTSB4gGqs6ouSKHuuTvX; Expires=Mon, 05 Dec 2022 21:35:24 GMT; Path=/
AWSALBCORS=AxYVRLA/AzcVD+ROpNT9uh2d3k4AWuNLD5Xxzcgfuui4iocuYsiykHiIGIeEAGmqAIxaas5k9r0q/gIaVBRrXWqaP/VzemfEnn6Z3XcgvTSB4gGqs6ouSKHuuTvX; Expires=Mon, 05 Dec 2022 21:35:24 GMT; Path=/; SameSite=None; Secure
_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0; Secure; SameSite=None
_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0; Secure; SameSite=None
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: https://ctzn-secure3ab.ga
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=326788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bb2ac851bfa-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=326788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bb289f80b65-OSL
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ
52.213.200.83302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ
IP 52.213.200.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ctzn-secure3ab.ga/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0b398da67.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=44491458987750384490631881274825414819; Max-Age=15552000; Expires=Sat, 27 May 2023 21:35:25 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: RMLEF658TFk=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ
52.213.200.83200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ
IP 52.213.200.83:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4UpnAAAAGxiyQOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ctzn-secure3ab.ga/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-0eab94181.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: k8Bowey4Qkg=
Content-Length: 59
Connection: keep-alive
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=https%3A%2F%2Fctzn-secure3ab.ga&site=89632304&force=1&env=prod&isCrossDomain=true
178.249.97.98200 OK 15 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=https%3A%2F%2Fctzn-secure3ab.ga&site=89632304&force=1&env=prod&isCrossDomain=true
IP 178.249.97.98:0
File type ASCII text, with very long lines (39078), with no line terminators
Hash aae7b00db41131b34cceedc64dbccc11
38dca6a55089b45e848414d50d8c772706623620
645e391a95d7f2b3ccec6eecade7aaa20cbe060d054351ce34a8265027113d58
GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=https%3A%2F%2Fctzn-secure3ab.ga&site=89632304&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:25 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 28 Nov 2023 21:35:25 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash c4cffae40da88c171fdf94684718f7a7
37877fa22790ea67454cb8fe50e5816a81f5e2f4
d17d3736897e4ec3a22e5817ecc0bd1e7b374222b9fada09097308f85cb2a95f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 01:42:44 GMT
Expires: Sun, 04 Dec 2022 01:42:43 GMT
Etag: "37877fa22790ea67454cb8fe50e5816a81f5e2f4"
Cache-Control: max-age=446237,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bba3d8f1c02-OSL
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pid=2e8126d6-4a71-4378-af0e-bd90af9a3001&sn=2&cfg&pv=2&aid=
3.87.234.62200 OK 429 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pid=2e8126d6-4a71-4378-af0e-bd90af9a3001&sn=2&cfg&pv=2&aid=
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Hash be459c45619eb321f0f824d1cd58a577
a65d5eb693ffe22a0e06d10f6356eb4badaaa58b
e852d057c1fe4d6fa1a23955825539ef849be465c7e2d183014efc51c1b5262b
POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pid=2e8126d6-4a71-4378-af0e-bd90af9a3001&sn=2&cfg&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 8341
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Cookie: _cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0; _cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0; _cls_cfgver=27baeec; AWSALBCORS=AxYVRLA/AzcVD+ROpNT9uh2d3k4AWuNLD5Xxzcgfuui4iocuYsiykHiIGIeEAGmqAIxaas5k9r0q/gIaVBRrXWqaP/VzemfEnn6Z3XcgvTSB4gGqs6ouSKHuuTvX
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:26 GMT
Content-Type: application/json
Content-Length: 429
Connection: keep-alive
Set-Cookie: AWSALB=18Dkxcxrne7luz59bGQBgqd/ky5NR1c/Zp00aqRR/WHLWgHeMg5lyM0pm79kWTL8etFnbL15tOGHvAfhBUCsWczPRslYE39vUO1IFHX6yYZOBDZVqJHxCDu162ag; Expires=Mon, 05 Dec 2022 21:35:26 GMT; Path=/
AWSALBCORS=18Dkxcxrne7luz59bGQBgqd/ky5NR1c/Zp00aqRR/WHLWgHeMg5lyM0pm79kWTL8etFnbL15tOGHvAfhBUCsWczPRslYE39vUO1IFHX6yYZOBDZVqJHxCDu162ag; Expires=Mon, 05 Dec 2022 21:35:26 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: https://ctzn-secure3ab.ga
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pid=2e8126d6-4a71-4378-af0e-bd90af9a3001&sn=3&cfg=27baeec&pv=2&aid=
3.87.234.62200 OK 139 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pid=2e8126d6-4a71-4378-af0e-bd90af9a3001&sn=3&cfg=27baeec&pv=2&aid=
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 53a77a5406cd61cbfd30eb9eda6614c5
951dc21f2f06f4f0487adc9b0278bc4b090f5de8
5cd2d0019eb38088714c2048e1a0ae893d1783d4b1be388f08f0677e4d55b7d5
POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0&_cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0&pid=2e8126d6-4a71-4378-af0e-bd90af9a3001&sn=3&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 608
Origin: https://ctzn-secure3ab.ga
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Cookie: _cls_v=f993c656-bc00-4646-bd6e-ae4f73ac55c0; _cls_s=d9737407-a5cc-472d-982f-6a7ffbf1d7ee:0; _cls_cfgver=27baeec; AWSALBCORS=IqgFk0ow3viRy7sNUAX6JY9BBXUDENoS2xEIme/Ktshk/rKOvb2wH9zx0r9RKxs18lSCX6e98l7Q5jbGiqCqinoHYBiIFXwCdTVUsTTpSdFDX9xjVHOIjasd2iyT
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:26 GMT
Content-Type: application/json
Content-Length: 139
Connection: keep-alive
Set-Cookie: AWSALB=s5rZP7CGtZdv/1MDT+JW8/NqetG/zd1PS7hcU30cmvO5ILiNvXZbXcjWXD+xNzzkkbvEeB42dHB0cwZiAkcr6nqPNgN4+lz6nCsgao/fxipsK3ve3c4+K2CUzCai; Expires=Mon, 05 Dec 2022 21:35:26 GMT; Path=/
AWSALBCORS=s5rZP7CGtZdv/1MDT+JW8/NqetG/zd1PS7hcU30cmvO5ILiNvXZbXcjWXD+xNzzkkbvEeB42dHB0cwZiAkcr6nqPNgN4+lz6nCsgao/fxipsK3ve3c4+K2CUzCai; Expires=Mon, 05 Dec 2022 21:35:26 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: https://ctzn-secure3ab.ga
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015
va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=79927
208.89.15.170200 OK 678 B URL HTTP/2 va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=79927
IP 208.89.15.170:0
File type JSON data\012- , ASCII text, with very long lines (678), with no line terminators
Hash 8055764d1ad4d195d3e2fb1a53f4190d
ac44bba10d507f90ae83c167530f36276c7c3cb1
121a6880b5d680bfa7c537d02af2a45654bca58b34433e109cc03cd550edde19
POST /api/account/89632304/anonymous/authorize?__d=79927 HTTP/1.1
Host: va.idp.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
LP-URL: https://ctzn-secure3ab.ga/login.php
LP-DOMAIN-REFERER: https://ctzn-secure3ab.ga
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Origin: https://va.idp.liveperson.net
Connection: keep-alive
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669671324759&loc=https%3A%2F%2Fctzn-secure3ab.ga
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:26 GMT
content-type: application/json
content-length: 678
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: https://va.idp.liveperson.net
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
x-content-type-options: nosniff
cache-control: private, max-age=0, no-cache, no-store
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash ac05074fa9d0ea07b44c3d559178cb4f
f1247b69ed3e53b036499fb00adea527f837358f
ea465a630f433ef3029df16f0426fccb39140bc17ae0049f27b710fbde8669c0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 21:35:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 11:37:41 GMT
Expires: Fri, 02 Dec 2022 11:37:40 GMT
Etag: "f1247b69ed3e53b036499fb00adea527f837358f"
Cache-Control: max-age=309133,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77163bc0abf31c02-OSL
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
GET /le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:25 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:24 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 28 Nov 2023 21:35:25 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
IP 178.249.101.99:0
GET /api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:25 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:26|g:4248a1ea-77e4-48d6-a332-686788cc9c2e; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:55 GMT; Path=/
ADRUM_BTa=R:26|g:4248a1ea-77e4-48d6-a332-686788cc9c2e|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:55 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:55 GMT; Path=/; Secure
ADRUM_BT1=R:26|i:2241585; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:55 GMT; Path=/
ADRUM_BT1=R:26|i:2241585|e:7; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:55 GMT; Path=/
vary: Accept
expires: Mon, 28 Nov 2022 21:36:25 GMT
x-envoy-upstream-service-time: 2
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
54.230.111.63200 OK 0 B URL HTTP/2 nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
IP 54.230.111.63:0
GET /citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 12 Oct 2022 04:24:14 GMT
x-amz-replication-status: PENDING
last-modified: Wed, 12 Oct 2022 04:24:01 GMT
etag: W/"7f943d1386ac8d666a04c5f7c1aca6a2"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: 7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YV2KY24edCxsEHxS2rSDSOyQb3oZFHKKQKpNY8UOUets3c1aM_YRGw==
age: 4122670
X-Firefox-Spdy: h2
ctzn-secure3ab.ga/efs/efs/jsp-ns/pm_fp.js
104.21.70.84404 Not Found 0 B URL HTTP/2 ctzn-secure3ab.ga/efs/efs/jsp-ns/pm_fp.js
IP 104.21.70.84:0
Analyzer Verdict Alert fortinet Phishing
GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: ctzn-secure3ab.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 28 Nov 2022 21:35:23 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=poqDsv2%2FY5cgWGgOONypZzR1JPxMDXYyxaEbqAedNwgBBVbnAttp%2Fknh8PmcWSLYEj2oJBKSEMt5w9wGsD9zdBiFwxeFwXS3y4sbFCyF2t0R17O%2Fe2jHLCCF88aZhUzBqtueUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77163ba6c85bb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
GET /le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 28 Nov 2023 21:35:24 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP 178.249.101.99:0
GET /api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:26|g:057710bd-483e-4611-baea-d784e56504ea; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:54 GMT; Path=/
ADRUM_BTa=R:26|g:057710bd-483e-4611-baea-d784e56504ea|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:54 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:54 GMT; Path=/; Secure
ADRUM_BT1=R:26|i:2241585; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:54 GMT; Path=/
ADRUM_BT1=R:26|i:2241585|e:6; Max-Age=30; Expires=Mon, 28-Nov-2022 21:35:54 GMT; Path=/
vary: Accept
expires: Mon, 28 Nov 2022 21:36:24 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
GET /le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 28 Nov 2023 21:35:24 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/89632304?&cb=lpCb96987x32733&t=sp&ts=1669671324734&pid=150953618&tid=1475830565&pt=Online%20Login%20%7C%20Citizens&u=https%3A%2F%2Fctzn-secure3ab.ga%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%226388d4e6-1915-4928-88d4-e619159928f4%22%2C%22account%22%3A%2289632304%22%7D%5D
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/89632304?&cb=lpCb96987x32733&t=sp&ts=1669671324734&pid=150953618&tid=1475830565&pt=Online%20Login%20%7C%20Citizens&u=https%3A%2F%2Fctzn-secure3ab.ga%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%226388d4e6-1915-4928-88d4-e619159928f4%22%2C%22account%22%3A%2289632304%22%7D%5D
IP 208.89.12.87:0
GET /api/js/89632304?&cb=lpCb96987x32733&t=sp&ts=1669671324734&pid=150953618&tid=1475830565&pt=Online%20Login%20%7C%20Citizens&u=https%3A%2F%2Fctzn-secure3ab.ga%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%226388d4e6-1915-4928-88d4-e619159928f4%22%2C%22account%22%3A%2289632304%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:26 GMT
content-type: application/javascript
set-cookie: LPVisitorID=k1NGM4ODExMTY1NmEzMjhj; Expires=Tue, 28-Nov-2023 21:35:26 GMT; Path=/; HttpOnly
LPSessionID=O-uSzO9MRhGzYKIY1CbD0w; Path=/api/js/89632304; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
GET /le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 28 Nov 2023 21:35:24 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
ctzn-secure3ab.ga/login.php
104.21.70.84200 OK 0 B URL HTTP/2 ctzn-secure3ab.ga/login.php
IP 104.21.70.84:0
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: ctzn-secure3ab.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:22 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8RR0iflXs8CMVJYIatp0np9RWF8f80EuGfFls%2FtCBXhVMghlSby5gImQnW8ZDzJm8Zsqq4c3NYMf0QOzOWq0k2cq37XXi%2BS2%2BOQXbj4v8E7zSA0vT9y3FLedGyM9yORRVm62HA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77163ba2ca6fb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.appdynamics.com/adrum/adrum-latest.js?
143.204.55.129200 OK 0 B URL HTTP/2 cdn.appdynamics.com/adrum/adrum-latest.js?
IP 143.204.55.129:0
GET /adrum/adrum-latest.js? HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Fri, 04 Nov 2022 06:21:09 GMT
server: nginx/1.16.1
last-modified: Tue, 06 Sep 2022 21:05:13 GMT
etag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XXaA_jlB3vs0R8vbnOa6huQ0Txpkss0FQ_ePgtrWsAeurcJ2_wiUhA==
age: 2128454
X-Firefox-Spdy: h2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
104.18.14.22200 OK 0 B URL HTTP/2 cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP 104.18.14.22:0
GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
last-modified: Thu, 13 May 2021 10:48:21 GMT
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding: gzip
etag: W/"845173368b011e7fa14658b57426fe09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TjES7ym4ShstKtpj1GLznZjl8VeU-G2N0yGQlAXn4IB-OQXucq9_RQ==
cf-cache-status: HIT
age: 2165
expires: Tue, 29 Nov 2022 01:35:24 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 77163bb08a35b4fa-OSL
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP 178.249.97.98:0
GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:24 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 28 Nov 2023 21:35:24 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/89632304?sid=O-uSzO9MRhGzYKIY1CbD0w&cb=lpCb27564x48245&t=pl&ts=1669671325768&pid=150953618&tid=1475830565&vid=k1NGM4ODExMTY1NmEzMjhj
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/89632304?sid=O-uSzO9MRhGzYKIY1CbD0w&cb=lpCb27564x48245&t=pl&ts=1669671325768&pid=150953618&tid=1475830565&vid=k1NGM4ODExMTY1NmEzMjhj
IP 208.89.12.87:0
GET /api/js/89632304?sid=O-uSzO9MRhGzYKIY1CbD0w&cb=lpCb27564x48245&t=pl&ts=1669671325768&pid=150953618&tid=1475830565&vid=k1NGM4ODExMTY1NmEzMjhj HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctzn-secure3ab.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 21:35:27 GMT
content-type: application/javascript
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2