firefox.settings.services.mozilla.com/v1/
18.244.155.120200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.244.155.120:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 18:26:25 GMT
Expires: Sat, 22 Oct 2022 19:01:27 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fee1af928fb542120a907076855ee8f0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: VQhqLCFlFF4aGJumFnVsADc9rs2F9wbpmYvU3tKz_D4Af18wuzDVzg==
Age: 502
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7682
Expires: Sat, 22 Oct 2022 20:42:49 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7699
Expires: Sat, 22 Oct 2022 20:43:06 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mqW6DiM2BoRfExBBVgAY5QO0iG545c2Qto6bomzIIkhdxMQxVYAYM1afGmCR1ElNpUvt/b8rS3w=
x-amz-request-id: KQDTK7Z60X7XD1ZR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 18:07:44 GMT
age: 1623
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
23.254.132.83200 OK 26 kB URL HTTP/1.1 citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672), with CRLF line terminators
Hash b27bd01402693bedb7107dec85a3f2df
0129e5275b6bbdd6355d291eaebc22e6da532c41
bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c
GET /citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso= HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.32
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=10000
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 18:34:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1088c838b6899ed8b0e6281b27e93033
dc448fa2a9cfc21f8eb8300c61905435d35c56c4
583487ca0208647e44fac62c55671ac8fa9321ae1d59038a66115f979521a5a0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "583487CA0208647E44FAC62C55671AC8FA9321AE1D59038A66115F979521A5A0"
Last-Modified: Sat, 22 Oct 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3432
Expires: Sat, 22 Oct 2022 19:31:59 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1088c838b6899ed8b0e6281b27e93033
dc448fa2a9cfc21f8eb8300c61905435d35c56c4
583487ca0208647e44fac62c55671ac8fa9321ae1d59038a66115f979521a5a0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "583487CA0208647E44FAC62C55671AC8FA9321AE1D59038A66115F979521A5A0"
Last-Modified: Sat, 22 Oct 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3432
Expires: Sat, 22 Oct 2022 19:31:59 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
13.224.245.122200 OK 32 kB URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
IP 13.224.245.122:0
File type ASCII text, with very long lines (594)
Hash 3e3e57d74e385af3525e39e1a6b268da
8c0bd74879a5678ad73d6313ec8bc6c6ed339079
fbdeaa04631ff4616c28d150742e68b3197d7541c3742a7082ca1473de886311
GET /citizensbank/olbprod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 12 Oct 2022 05:11:32 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 04:24:01 GMT
ETag: W/"e28169ebc267a281e5ca0d996e98214e"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=300
x-amz-version-id: 6VlOzl96zfTglXsm.ylgZ_Vxg_x9B5Dp
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1b5424f4e08ca48fc35e311bea9e9ff6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C3
X-Amz-Cf-Id: mvLkBri2ZJp5YQeV7lA10cRJ9X-E7GcrmHTUCeA6LGxo5t2IOJrMTQ==
Age: 912196
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1088c838b6899ed8b0e6281b27e93033
dc448fa2a9cfc21f8eb8300c61905435d35c56c4
583487ca0208647e44fac62c55671ac8fa9321ae1d59038a66115f979521a5a0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "583487CA0208647E44FAC62C55671AC8FA9321AE1D59038A66115F979521A5A0"
Last-Modified: Sat, 22 Oct 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3432
Expires: Sat, 22 Oct 2022 19:31:59 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1088c838b6899ed8b0e6281b27e93033
dc448fa2a9cfc21f8eb8300c61905435d35c56c4
583487ca0208647e44fac62c55671ac8fa9321ae1d59038a66115f979521a5a0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "583487CA0208647E44FAC62C55671AC8FA9321AE1D59038A66115F979521A5A0"
Last-Modified: Sat, 22 Oct 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3392
Expires: Sat, 22 Oct 2022 19:31:19 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1088c838b6899ed8b0e6281b27e93033
dc448fa2a9cfc21f8eb8300c61905435d35c56c4
583487ca0208647e44fac62c55671ac8fa9321ae1d59038a66115f979521a5a0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "583487CA0208647E44FAC62C55671AC8FA9321AE1D59038A66115F979521A5A0"
Last-Modified: Sat, 22 Oct 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3432
Expires: Sat, 22 Oct 2022 19:31:59 GMT
Date: Sat, 22 Oct 2022 18:34:47 GMT
Connection: keep-alive
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
104.110.3.220200 OK 2.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
IP 104.110.3.220:0
Hash 0a445a15e0f09a7738952731fdf3fe9d
3d4cef20189303cc4f24c27da1b8d2043e700cea
173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54
GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5e885b034f92d"
last-modified: Mon, 17 Oct 2022 05:48:09 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=562
x-olb-req-received: t=1665902334194308
content-length: 2300
cache-control: max-age=3125
expires: Sat, 22 Oct 2022 19:26:52 GMT
date: Sat, 22 Oct 2022 18:34:47 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
citizens-online-support.com/efs/efs/jsp-ns/pm_fp.js
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/efs/efs/jsp-ns/pm_fp.js
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:47 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www4.citizensbankonline.com/akam/11/7c3ed55c
104.110.3.220404 Not Found 9 B URL HTTP/2 www4.citizensbankonline.com/akam/11/7c3ed55c
IP 104.110.3.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 22 Oct 2022 18:34:47 GMT
date: Sat, 22 Oct 2022 18:34:47 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=FE57543C3796899FE9876BF38A365D9A~000000000000000000000000000000~YAAQnE8kF97Y+uaDAQAANuX5ABGrrF8BU7k4zlc62eFYgBR2mmOJ+vXu2OV4fA6wJTdpYkZTd0neAd4XGMWPkVem5cSrOPxnJoFPRpCLbB5sHyH1RYnZ39ym1DnTkOpqYGjPOk+NR9cOpi6s7vK7O+O3nAopcZ63b/nYD6lUKs0AbKR8p9BQSAupVfNG4Qu7+kVrfWWKPNthM4rtCjWk08WWDCT27w9A2xfwoetTOHERkNyLdR9i/nmDUkfU8SBrPKR2IyvpjTp9g1jE3nVTPl1BCMK/F3A13QRo9lStXV2lckVMeo4Y+EtQaZmibr4qqqTUKUNPyNWMRJD2Ce/gDhN5vcP5/48DX0qPZZDvH9SeQnTlekHCgnfff0g2UwLuI/NZWcbDNuFAWM9H3t2jMpkGv/pN; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 22 Oct 2022 20:34:47 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
104.110.3.220200 OK 39 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
IP 104.110.3.220:0
Hash 2940c843ff15ab8e9f02511625f33e57
98ccd0fb1d60770a1aadf90d41daa49cab543cb3
4aed3165815cc1806999483e40a47863accf1cead25769de0162921f2f590298
GET /efs/efs/jsp-ns/scripts/plugins.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "31d24-5e885b0350b17"
last-modified: Sun, 16 Oct 2022 06:41:17 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=8368
x-olb-req-received: t=1665902334392040
content-length: 38875
cache-control: max-age=76410
expires: Sun, 23 Oct 2022 15:48:17 GMT
date: Sat, 22 Oct 2022 18:34:47 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
104.110.3.220200 OK 4.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
IP 104.110.3.220:0
Hash cc2102df58511c9a2653b1dff48ca8d7
64790e6adff6768178ab7d0ad9a4fbc2849b81f2
b9abbff7d9e75763790fd3b291f21525fe85583b397fe5f4b260bc99ff48aab7
GET /efs/efs/jsp-ns/scripts/main.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4c03-5e885b03504e5"
last-modified: Thu, 20 Oct 2022 04:19:24 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=779
x-olb-req-received: t=1665902332994710
content-length: 3967
cache-control: max-age=32023
expires: Sun, 23 Oct 2022 03:28:31 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
104.110.3.220200 OK 5.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
IP 104.110.3.220:0
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:58:56 GMT
etag: "149d-5e849015deb49"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1665902353036164
x-olb-req-duration: D=187
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587836
expires: Sat, 29 Oct 2022 13:52:04 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
104.110.3.220200 OK 3.1 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP 104.110.3.220:0
File type ASCII text, with very long lines (17412)
Hash ac9a70a6f100c02749dfadb709b6eadf
69906e55ace36c217a52d428029a3c71dc16a7e4
466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a
GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5e885b034bab2"
last-modified: Sun, 16 Oct 2022 06:48:15 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=723
x-olb-req-received: t=1665902337198216
content-length: 3118
cache-control: max-age=76410
expires: Sun, 23 Oct 2022 15:48:18 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
104.110.3.220200 OK 5.5 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
IP 104.110.3.220:0
File type HTML document, ASCII text, with very long lines (14756)
Hash 088d590db53a3ede82a998537283c75d
87ed57fd5e2a623f35f80a3684c2de916ce4e2f8
d45c62a7108121887dc8866d445dde985d96b82143b3da2c9068e32caf316db4
GET /efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "3c36-5e885b034ca52"
last-modified: Sat, 22 Oct 2022 11:30:08 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=833
x-olb-req-received: t=1665902334348159
content-length: 5535
cache-control: max-age=74395
expires: Sun, 23 Oct 2022 15:14:43 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
104.110.3.220200 OK 10 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
IP 104.110.3.220:0
Hash e8a5a242bcaea8c7314ccbb04612d922
101e2286a81e108dd00c618032d793b2dc5366b3
8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7
GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5e885b034f92d"
last-modified: Sun, 16 Oct 2022 06:47:26 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2162
x-olb-req-received: t=1665902334267901
content-length: 10382
cache-control: max-age=76409
expires: Sun, 23 Oct 2022 15:48:17 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
104.110.3.220200 OK 2.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
IP 104.110.3.220:0
Hash 07507f946ee4b2b9d4affc283b431119
00218cebeb305b00ae4ef74e4a67957d3c43e6f2
44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830
GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5e885b034aefa"
last-modified: Mon, 17 Oct 2022 14:29:06 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=535
x-olb-req-received: t=1665902336855011
content-length: 1975
cache-control: max-age=58208
expires: Sun, 23 Oct 2022 10:44:56 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
104.110.3.220200 OK 1.2 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
IP 104.110.3.220:0
Hash e9404d7ddc1ef0b93851879620bfea8a
69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772
GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5e885b034ed75"
last-modified: Sun, 16 Oct 2022 06:48:49 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=523
x-olb-req-received: t=1665902334308988
content-length: 1227
cache-control: max-age=76409
expires: Sun, 23 Oct 2022 15:48:17 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
citizens-online-support.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
104.110.3.220200 OK 32 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Hash d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "7ce0-5e885b034bab2"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1665902333663068
x-olb-req-duration: D=206
access-control-allow-origin: *
cache-control: max-age=587856
expires: Sat, 29 Oct 2022 13:52:24 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
citizens-online-support.com/efs/efs/jsp-ns/scripts/common.js
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/efs/efs/jsp-ns/scripts/common.js
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
104.110.3.220200 OK 29 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
IP 104.110.3.220:0
File type ASCII text, with very long lines (32089)
Hash 82481a92ac472d179954d66e38f72d07
ea65071dbc1ab11ed29e76bdd30eabbe6cdbc3ec
c8e2e6f9e0e01dcfec7f2633efdd7f8f9d78ba3920e86a0d1231f487928b5fe4
GET /efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "169d6-5e885b034fd15"
last-modified: Sun, 16 Oct 2022 06:41:15 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=4665
x-olb-req-received: t=1665902417810620
content-length: 29409
cache-control: max-age=76410
expires: Sun, 23 Oct 2022 15:48:18 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2
citizens-online-support.com/content/930e113327rn2365aa3b7b98b0447e8d
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/content/930e113327rn2365aa3b7b98b0447e8d
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=10000
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:23:40 GMT
etag: "26ce-5c06907e37700"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1666463688097069
x-olb-req-duration: D=186
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=900
expires: Sat, 22 Oct 2022 18:49:48 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=195, origin; dur=77
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=6E3452646824E937390112E8461C9616~000000000000000000000000000000~YAAQnE8kF/LY+uaDAQAAbOb5ABEkrT8ugkzqJEr88TsvC3ayHmAkgWMMB4aR+j6kvrqvZdq3lrt6Rgwmo0vA8n2gHFZscuLAsmUwVNA+AWmdgw0B6voFR4dI2RUDJs/+QnPdxnef65S3Gxv64sn8TIFpwG+WDDlEsSb+LdIuB5LKoYe9y+dTEs9nSUPJR2eHztIvleqSOmtHWnuozBEFV1w+OSxG0aGH6zqRJnKoZij7n0VU/pHbTP86sa2v1okoJQEg7K2DfLIZvWUYdNvJ68ri+UxFRPgKdN/AE6B/6zWwMm5pxb/3D27F69r4vMq+hd3th/3u8A45VJi6MC1ZZ7AXMkC0TwE6+xS8l6+csYWHNG8YMbO/jHib97vpmJmvnXSNKks/guzxl5VgguIqBnsgfK1P; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 22 Oct 2022 20:34:48 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www4.citizensbankonline.com/akam/11/7c3ed55c
104.110.3.220404 Not Found 9 B URL HTTP/2 www4.citizensbankonline.com/akam/11/7c3ed55c
IP 104.110.3.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 22 Oct 2022 18:34:48 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=32DD3FC1D9B1E9F282DF9F98439CAD31~000000000000000000000000000000~YAAQnE8kF/PY+uaDAQAAceb5ABFl6WP14q9fEzgkrwHfxSqRmbrdd+rJdtTaXMMAsD3wDR0texmvQX84RhUt+QCGgupAs2G4L9bQUUhx4jFISDQfTy5weoAyUs59BqH7IxyDpXHxDPhsGqik26jE9asBhRJxwfxYIwpbHA2N+KFC433yeexwpB3Gn7Zswrtv6Emw8cbsKQi3RDlh38riPkp+YJ6yIH6i1IXNaNz9nybI3KXBHH9cTUhGYpurQjDcMRG0Q/hlgv0q7SrWiVzSgJMrJl7Ug/6IHK9Y+9XewyxVN2EScnQ0DvZid1fPHAeskpCe01B77foZ4XToi64gZFVJ0SK8uGqZNaKGvaB93xNIR4xxQOhlQMh5wz1bz5Kr7pm7gPJ9kf1KOLkPG7Joemlwjk6w; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 22 Oct 2022 20:34:48 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
104.110.3.220200 OK 292 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
IP 104.110.3.220:0
File type PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cbd9f7"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1665902333471989
x-olb-req-duration: D=145
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587874
expires: Sat, 29 Oct 2022 13:52:42 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
104.110.3.220200 OK 364 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
IP 104.110.3.220:0
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbab17"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1665902333449146
x-olb-req-duration: D=127
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587900
expires: Sat, 29 Oct 2022 13:53:08 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
104.110.3.220200 OK 1.0 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
IP 104.110.3.220:0
File type PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1665902333578008
x-olb-req-duration: D=97
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587719
expires: Sat, 29 Oct 2022 13:50:07 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
104.110.3.220200 OK 1.1 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
IP 104.110.3.220:0
File type PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1665902333438403
x-olb-req-duration: D=100
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587898
expires: Sat, 29 Oct 2022 13:53:06 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
104.110.3.220200 OK 165 B URL HTTP/2 www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
IP 104.110.3.220:0
File type PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5357"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1665902333683140
x-olb-req-duration: D=140
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587768
expires: Sat, 29 Oct 2022 13:50:56 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
104.110.3.220200 OK 18 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Hash 022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
GET /efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "485c-5e885b034aefa"
accept-ranges: bytes
content-length: 18524
x-olb-req-received: t=1665902333523263
x-olb-req-duration: D=197
access-control-allow-origin: *
cache-control: max-age=587887
expires: Sat, 29 Oct 2022 13:52:55 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
104.110.3.220200 OK 32 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Hash 0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
GET /efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "7c78-5e885b034f78f"
accept-ranges: bytes
content-length: 31864
x-olb-req-received: t=1665902334048084
x-olb-req-duration: D=227
access-control-allow-origin: *
cache-control: max-age=587850
expires: Sat, 29 Oct 2022 13:52:18 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
104.110.3.220200 OK 28 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP 104.110.3.220:0
File type Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Hash 76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "6ccc-5e885b034f545"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1665902334049950
x-olb-req-duration: D=159
access-control-allow-origin: *
cache-control: max-age=587858
expires: Sat, 29 Oct 2022 13:52:26 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
citizens-online-support.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19288%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=9998
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.244.155.120200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.244.155.120:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Pragma, Content-Length, Content-Type, ETag, Retry-After, Cache-Control, Last-Modified, Backoff, Expires
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 22 Oct 2022 18:03:52 GMT
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 18:24:23 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8f636bf03a771a87b28d04c076408cc2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: hn8VReLwEYy_2xuMajuFYjE4eHHFqq59kRenTNI5d-UAnV7qtIwd8Q==
Age: 1858
citizens-online-support.com/content/930e113327rn2365aa3b7b98b0447e8d
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/content/930e113327rn2365aa3b7b98b0447e8d
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19288%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3586
Cache-Control: max-age=138703
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:48 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 09:06:31 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
citizens-online-support.com/efs/efs/jsp-ns/scripts/common.js
23.254.132.83404 Not Found 315 B URL HTTP/1.1 citizens-online-support.com/efs/efs/jsp-ns/scripts/common.js
IP 23.254.132.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: citizens-online-support.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/citizenbank/login.php?online_id=4921f827b966178616342b635&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19288%7CvVersion%7C5.0.1
HTTP/1.1 404 Not Found
Date: Sat, 22 Oct 2022 18:34:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=9997
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
104.110.3.220200 OK 14 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
IP 104.110.3.220:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e
GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "3653-5e885b03510a1"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1665902334263596
x-olb-req-duration: D=181
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587741
expires: Sat, 29 Oct 2022 13:50:29 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
104.110.3.220200 OK 11 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
IP 104.110.3.220:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f
GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "2a77-5e885b0354b35"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1665902333725314
x-olb-req-duration: D=145
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=587667
expires: Sat, 29 Oct 2022 13:49:15 GMT
date: Sat, 22 Oct 2022 18:34:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2012%2004:23:59%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fcitizens-online-support.com%2Fcitizenbank%2Flogin.php%3Fonline_id%3D4921f827b966178616342b635%26country%3D%26iso%3D
13.224.245.122200 OK 397 B URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2012%2004:23:59%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fcitizens-online-support.com%2Fcitizenbank%2Flogin.php%3Fonline_id%3D4921f827b966178616342b635%26country%3D%26iso%3D
IP 13.224.245.122:0
File type ASCII text, with very long lines (396)
Hash 0e04f1a1d421ab4c3013810d045db743
2d1bd80b7650c07ad562d00de4d13f7eedee9272
4c965d4f2d98a489594c2884c5ed7bc72dfa29ea992ff3a2f10e79e95961c39b
GET /citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2012%2004:23:59%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fcitizens-online-support.com%2Fcitizenbank%2Flogin.php%3Fonline_id%3D4921f827b966178616342b635%26country%3D%26iso%3D HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 397
Connection: keep-alive
Server: nginx
Date: Sat, 22 Oct 2022 18:34:48 GMT
Expires: Sat, 22 Oct 2022 18:34:47 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 1b5424f4e08ca48fc35e311bea9e9ff6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C3
X-Amz-Cf-Id: 9R1MHdTBuACI-xA4AHGxcDSZzXHJDNJi4aL6N53UB3Za0ImTkq3PIA==
nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
13.224.245.122200 OK 31 kB URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
IP 13.224.245.122:0
File type ASCII text, with very long lines (1970)
Hash 3d2d25ef325eac356d449d8df162c7e5
b181f4221b3190118630f334403a218e7887eb92
82b8253b53400a2508202f2329064ac51c74d09e8361d7ef393b87793199e858
GET /citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 12 Oct 2022 05:11:33 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 04:24:01 GMT
ETag: W/"7f943d1386ac8d666a04c5f7c1aca6a2"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: 7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1b5424f4e08ca48fc35e311bea9e9ff6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C3
X-Amz-Cf-Id: IstYH2AL0rXlC8fVRkoNPRgg83CGeXA0PXpl-Dzjh9JEjddJ7gV--A==
Age: 912196
nexus.ensighten.com/citizensbank/olbprod/code/0f6386a3b63d9bbb3a5a73b133de89a7.js?conditionId0=421909
13.224.245.122200 OK 4.5 kB URL HTTP/1.1 nexus.ensighten.com/citizensbank/olbprod/code/0f6386a3b63d9bbb3a5a73b133de89a7.js?conditionId0=421909
IP 13.224.245.122:0
File type ASCII text, with very long lines (564)
Hash fd603d97b40b9255bfad0347af30b289
4dbc7e969f3d64bd0e668bb424284a2cf1c134d5
9cf6e47fb2dfb89d2ffc01f75ffc38c7eac7d9ad07f11d39597ca329067c3f6f
GET /citizensbank/olbprod/code/0f6386a3b63d9bbb3a5a73b133de89a7.js?conditionId0=421909 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 12 Oct 2022 05:11:33 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 03:57:00 GMT
ETag: W/"42ede44761b41779f967c114c118aa3e"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: NiK352lECAFDggvv33Jq9naFD_ydY3Ez
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c168f60079706d202ff05ad02be79d3c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C3
X-Amz-Cf-Id: VtMJ5H-celYxlJndY6SkWyxRfL5VDS1ccm41E4UC4_kd4P76K_lT7A==
Age: 912196
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fca3b625928b8f0507cf1569d9c188cc
25efc79d4d6371040b33025fe9b3a60b3d431e1e
a6900cc898a42c36f943c2bea70b80a79ec827dbf31d8f50c2a941c8b085c12f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3794
Cache-Control: max-age=128122
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:48 GMT
Etag: "63537a70-1d7"
Expires: Mon, 24 Oct 2022 06:10:10 GMT
Last-Modified: Sat, 22 Oct 2022 05:06:56 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.231.36101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.231.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PDGqrULrbOoGKVD7AxShhg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0zBT1CawzKLUPvlLOFiRM+m04+o=
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808
54.77.35.16302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808
IP 54.77.35.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citizens-online-support.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v044-0722c3202.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=55225571734803115632532037716455636374; Max-Age=15552000; Expires=Thu, 20 Apr 2023 18:34:48 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ucL1Mpn/Qr0=
Content-Length: 0
Connection: keep-alive
cdn.appdynamics.com/adrum/adrum-latest.js?
18.165.201.17200 OK 40 kB URL HTTP/1.1 cdn.appdynamics.com/adrum/adrum-latest.js?
IP 18.165.201.17:0
File type ASCII text, with very long lines (644)
Hash cd86db0f552897dc33e8433d0cf9bad2
676df314ca85d1418ffb110f3979c31281da027d
fd30f76d2b4bebd4b4bd680793a8a993b46a15808c0cea0533e629fc2990889f
GET /adrum/adrum-latest.js? HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:13 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
timing-allow-origin: *
Content-Encoding: gzip
Date: Fri, 21 Oct 2022 17:25:06 GMT
Cache-Control: public, max-age=2678400, s-max-age=14400
ETag: W/"6317b609-1b2d9"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5059e7bd12388ef6673ed156d17eb756.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: uRBg60xCUTOeceOeULRKigZ_S1KFfnYp7HxcnVPVKpQX3poruie1Vw==
Age: 90582
dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808
54.77.35.16200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808
IP 54.77.35.16:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1666463702808 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://citizens-online-support.com
Content-Type: application/x-www-form-urlencoded
Referer: http://citizens-online-support.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citizens-online-support.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v044-0e9d243f4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: YqQVR3eXRQs=
Content-Length: 124
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e63e513dcf53ce7553e7b0823c6a14a4
339b57dfcff07274c5760a3eca84e85313801a13
0e2fa20095d3d2116bdabd8fcda346d45c6bca2c5aab1cc87811cc5ed62d72be
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 15:43:26 GMT
Expires: Sat, 29 Oct 2022 15:43:25 GMT
Etag: "339b57dfcff07274c5760a3eca84e85313801a13"
Cache-Control: max-age=593915,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e45447a88bb4f4-OSL
lptag.liveperson.net/tag/tag.js?site=89632304
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=89632304
IP 178.249.101.23:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd
GET /tag/tag.js?site=89632304 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
104.18.14.22301 Moved Permanently 167 B URL HTTP/1.1 cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP 104.18.14.22:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
X-Cache: Redirect from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PWqtMm8vX7gBYS-Iu4iO-LeRc7CqmlqqBRjfXeDR6QKfw0gxTBolwQ==
CF-Cache-Status: HIT
Age: 586
Expires: Sat, 22 Oct 2022 22:34:49 GMT
Cache-Control: public, max-age=14400
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75e454496cf7b509-OSL
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
18.165.201.17200 OK 20 kB URL HTTP/1.1 cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP 18.165.201.17:0
File type ASCII text, with very long lines (574)
Hash cca1b9c013b93bd73bf4f55b122ba8db
ed011720d910a5b69db06ebaabcd95d013255752
d5ef573c9770681c3a75ec78445d0c785ca6659a0cf25f145ddfbae414b0b77a
GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 01 Oct 2022 05:28:16 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:12 GMT
ETag: W/"6317b608-d132"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5059e7bd12388ef6673ed156d17eb756.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: WwtAyxoAmGTPRqP1lGrY-Pt9O2Tye9GCFD_old7cfst5j0QusxBsDQ==
Age: 1861593
nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
151.101.85.175200 OK 517 B URL HTTP/2 nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
IP 151.101.85.175:0
File type ASCII text, with very long lines (573)
Hash e8a4b8a535ad76225074264c54ea0715
ddac064bbfb77a8431cb810189043ff97b8e84fe
32a10a956e30f4b84dbaf4230037a1fd36c15bcdd345719b9393b9c2517f00b6
GET /wu/356861/onsite/embed.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ioqo2qnTXz9VPyGdm9U7px0r0c1Pgid1Py+qsRqCxp9kPiSNLtcKr3SrbhV53EloBo04Gq0y+98=
x-amz-request-id: T3BZVBR1VJB17J2B
last-modified: Wed, 05 Oct 2022 21:33:25 GMT
etag: "8b72f36bbd0721428f49dda9c3bd04ac"
x-amz-version-id: P0vUE_TJe.yQCf1POgYtfWkHzc0CIb7I
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Sat, 22 Oct 2022 18:34:49 GMT
via: 1.1 varnish
age: 1446288
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1666463689.236881,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 517
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1665005603563.js
151.101.85.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1665005603563.js
IP 151.101.85.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /us/wu/356861/onsite/generic1665005603563.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citizens-online-support.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1665005603563.js
Accept-Ranges: bytes
Date: Sat, 22 Oct 2022 18:34:49 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1665-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1666463689.297631,VS0,VE0
Strict-Transport-Security: max-age=31557600
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d89a4b4ba755569eb543022e0c46108b
5cae32d30c2d5928bf66be8c43601f21231c6935
02b872da64948f665f2bda563556b8f76fbe98b1c4b4e2b7a941df0f5576ddc5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=103827
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:49 GMT
Etag: "63532a5c-1d7"
Expires: Sun, 23 Oct 2022 23:25:16 GMT
Last-Modified: Fri, 21 Oct 2022 23:25:16 GMT
Server: nginx
Content-Length: 471
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1665005603563.js
151.101.85.175200 OK 114 kB URL HTTP/2 nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1665005603563.js
IP 151.101.85.175:0
File type Unicode text, UTF-8 text, with very long lines (53527)
Size 114 kB (114411 bytes)
Hash 875e1611678facfc534c2922ee9f04d1
d045b6a4a0bd45ae1eb134ca1365fe1ff576d8d2
b39dbd6935f69b4f403b183bad057b18b9df8e9c7ac7a3dcc2b123d66cdfbaab
GET /us/wu/356861/onsite/generic1665005603563.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citizens-online-support.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 9cQsV036v9UHxHIBBS6ddnOPtu7hupqDHYzTkS5r9D6ofic601WFFGZbpPC4Zcf0I2Hddoonung=
x-amz-request-id: 531P45J50X314A2H
last-modified: Wed, 05 Oct 2022 21:33:24 GMT
etag: "ba78af14d365f8ccbd56a01ca6bf1c05"
x-amz-version-id: sS15mP2HP1_gvO6GweV7zdqjZ8tqzGJg
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 22 Oct 2022 18:34:49 GMT
via: 1.1 varnish
age: 1445184
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1666463689.318316,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 114411
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=06015967020168812714116973086715041997&ts=1666463704210
54.77.35.16200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=06015967020168812714116973086715041997&ts=1666463704210
IP 54.77.35.16:0
File type JSON data\012- , ASCII text, with very long lines (3749), with no line terminators
Hash 959b6fd9aae1dd8e2cb444137ab9563d
ee186b91e7cab5eb6932dfb615af2a9e8d59cd82
e70127c0377b3e6d84851daec19aadc51cbd17f944c33077539ac6018d29f3bd
GET /id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=06015967020168812714116973086715041997&ts=1666463704210 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citizens-online-support.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v044-04c5fceec.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=06008072158303836324120053465197225642; Max-Age=15552000; Expires=Thu, 20 Apr 2023 18:34:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: MIgmn2SoSVg=
Content-Length: 1316
Connection: keep-alive
citizensbank.demdex.net/dest5.html?d_nsid=0
52.211.12.99200 OK 2.8 kB URL HTTP/1.1 citizensbank.demdex.net/dest5.html?d_nsid=0
IP 52.211.12.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: citizensbank.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 22 Oct 2022 18:34:49 GMT
DCS: dcs-prod-irl1-2-v044-0f7f1a203.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:47:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: tNcAtbSQTYk=
Content-Length: 2791
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
108.138.212.95200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.95:0
Hash bb043e61ac0670929773ae8023472fd6
7d2e7cde176070da47e7a6ca990f42b6f917bf72
4d0af8861597b19883a0175ec395d724910d1bfb7e689635ea94fd4f67166400
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=115884
Date: Sat, 22 Oct 2022 18:34:49 GMT
Etag: "63534ab2-1d7"
Expires: Mon, 24 Oct 2022 02:46:13 GMT
Last-Modified: Sat, 22 Oct 2022 01:43:14 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 ced85969afddede813acbcc2593f7a50.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: LfXYJuJqNLCwc8iIxgLEeaQPIuqaLCh_Ed1cMfPwHCVb-inbgo002Q==
Age: 3779
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash a37e83991546d6ad4bdee00d63458598
836d2050586105ce94f0541cc43745a803a2aba0
a9ecbb6c6a5a4bbe19d31cb6411cf448ab622c8d6ff2a6bb1875934ed1066240
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Sat, 29 Oct 2022 13:43:55 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "836d2050586105ce94f0541cc43745a803a2aba0"
Last-Modified: Sat, 22 Oct 2022 13:43:56 GMT
X-Proxy-Cache: HIT
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f%3A0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pv=2&f_cls_s=true
3.87.234.62200 OK 430 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f%3A0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pv=2&f_cls_s=true
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Hash 6aa2a807e1f18fb78b688e07004f5795
29c8e1e45a6f9b904ce11e1346b9e335eb8ac370
92deced6cd1aa7f331feb3e9f51ecfa99b3c824bd0be50ee47d74857d9f7b19a
GET /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f%3A0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pv=2&f_cls_s=true HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/json
Content-Length: 430
Connection: keep-alive
Set-Cookie: AWSALB=6OgAiDjhq/8H1dx6i2MhGHvFiBj/Haol5aNg19OJ2m6/W+6+WcFy8geAlDb1+/kWb7YA/iNNnrVcQsKYMOlE2IEmJyVgaCAoXiDgFoY7mwbS5Qxk1K4p8/ujdvMI; Expires=Sat, 29 Oct 2022 18:34:49 GMT; Path=/
AWSALBCORS=6OgAiDjhq/8H1dx6i2MhGHvFiBj/Haol5aNg19OJ2m6/W+6+WcFy8geAlDb1+/kWb7YA/iNNnrVcQsKYMOlE2IEmJyVgaCAoXiDgFoY7mwbS5Qxk1K4p8/ujdvMI; Expires=Sat, 29 Oct 2022 18:34:49 GMT; Path=/; SameSite=None; Secure
_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169; Secure; SameSite=None
_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0; Secure; SameSite=None
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://citizens-online-support.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vY2l0aXplbnMtb25saW5lLXN1cHBvcnQuY29tL2NpdGl6ZW5iYW5rL2xvZ2luLnBocD9vbmxpbmVfaWQ9NDkyMWY4MjdiOTY2MTc4NjE2MzQyYjYzNSZjb3VudHJ5PSZpc289IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NjY0NjM3MDQyNzEiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NDAwZmEyNGI3NDE1LTAwMjRjNjY5NzNhYzFjLTMwNmQ0NjRhLTE0MDAwMC0xODQwMGZhMjRiODRmYyIsImVudmlyb21lbnQiOiAicHJvZFVzT3JlZ29uIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cDovL2NpdGl6ZW5zLW9ubGluZS1zdXBwb3J0LmNvbS9jaXRpemVuYmFuay9sb2dpbi5waHA/b25saW5lX2lkPTQ5MjFmODI3Yjk2NjE3ODYxNjM0MmI2MzUmY291bnRyeT0maXNvPSIsIndlYnNpdGVJZCI6IDM1Njg2MSwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiZTJkNy00Mzk0LWYxOGUtYmUxMS1jODczLTU1N2QtMjE2ZS03MWJmIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjY0NjM3MDQyNjgiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDY3LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY2NDYzNzA0MjcxLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vY2l0aXplbnMtb25saW5lLXN1cHBvcnQuY29tL2NpdGl6ZW5iYW5rL2xvZ2luLnBocD9vbmxpbmVfaWQ9NDkyMWY4MjdiOTY2MTc4NjE2MzQyYjYzNSZjb3VudHJ5PSZpc289IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NjY0NjM3MDQyNzEiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NDAwZmEyNGI3NDE1LTAwMjRjNjY5NzNhYzFjLTMwNmQ0NjRhLTE0MDAwMC0xODQwMGZhMjRiODRmYyIsImVudmlyb21lbnQiOiAicHJvZFVzT3JlZ29uIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cDovL2NpdGl6ZW5zLW9ubGluZS1zdXBwb3J0LmNvbS9jaXRpemVuYmFuay9sb2dpbi5waHA/b25saW5lX2lkPTQ5MjFmODI3Yjk2NjE3ODYxNjM0MmI2MzUmY291bnRyeT0maXNvPSIsIndlYnNpdGVJZCI6IDM1Njg2MSwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiZTJkNy00Mzk0LWYxOGUtYmUxMS1jODczLTU1N2QtMjE2ZS03MWJmIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjY0NjM3MDQyNjgiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDY3LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY2NDYzNzA0MjcxLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vY2l0aXplbnMtb25saW5lLXN1cHBvcnQuY29tL2NpdGl6ZW5iYW5rL2xvZ2luLnBocD9vbmxpbmVfaWQ9NDkyMWY4MjdiOTY2MTc4NjE2MzQyYjYzNSZjb3VudHJ5PSZpc289IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NjY0NjM3MDQyNzEiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4NDAwZmEyNGI3NDE1LTAwMjRjNjY5NzNhYzFjLTMwNmQ0NjRhLTE0MDAwMC0xODQwMGZhMjRiODRmYyIsImVudmlyb21lbnQiOiAicHJvZFVzT3JlZ29uIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cDovL2NpdGl6ZW5zLW9ubGluZS1zdXBwb3J0LmNvbS9jaXRpemVuYmFuay9sb2dpbi5waHA/b25saW5lX2lkPTQ5MjFmODI3Yjk2NjE3ODYxNjM0MmI2MzUmY291bnRyeT0maXNvPSIsIndlYnNpdGVJZCI6IDM1Njg2MSwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiZTJkNy00Mzk0LWYxOGUtYmUxMS1jODczLTU1N2QtMjE2ZS03MWJmIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjY0NjM3MDQyNjgiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDY3LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY2NDYzNzA0MjcxLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-vv0s
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
108.138.212.95200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.95:0
Hash 4ac8ee6776b0cd89f9687d570b9073b3
fb6a810b5189cb0ab88f4f1999556b85f0466d49
a97d94db2c5cf6eebcf12d578912ec6185a7cd11ab35e3d6f7a8fde1c7e19737
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=156086
Date: Sat, 22 Oct 2022 18:34:49 GMT
Etag: "6353e98a-1d7"
Expires: Mon, 24 Oct 2022 13:56:15 GMT
Last-Modified: Sat, 22 Oct 2022 13:00:58 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 ced85969afddede813acbcc2593f7a50.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: tHMGmNowH_zjyWEVsti-EWRv_iXTSZguX6t3fMvgmc6pXdb6DEq-kw==
Age: 3318
cm.everesttech.net/cm/dd?d_uuid=06008072158303836324120053465197225642
34.248.32.199302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=06008072158303836324120053465197225642
IP 34.248.32.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=06008072158303836324120053465197225642 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y1Q3yQAAAEaHaQN6; Domain=.everesttech.net; Expires=Sun, 22-Oct-2023 18:34:49 GMT; Path=/
everest_session_v2=Y1Q3yQAAAEaHagN6; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y1Q3yQAAAEaHaQN6
Server: AMO-cookiemap/1.1
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9d0997d027597b317ab34fac7a3d966d
41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee
50eb027e15a718a6593b1f15a9b4123c959154eb2f1dc7dfa83d442d9c18ca3e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 16:31:53 GMT
Expires: Fri, 28 Oct 2022 16:31:52 GMT
Etag: "41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee"
Cache-Control: max-age=510422,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4544df886b4f4-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9d0997d027597b317ab34fac7a3d966d
41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee
50eb027e15a718a6593b1f15a9b4123c959154eb2f1dc7dfa83d442d9c18ca3e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 16:31:53 GMT
Expires: Fri, 28 Oct 2022 16:31:52 GMT
Etag: "41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee"
Cache-Control: max-age=510422,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4544e0b9bb505-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9d0997d027597b317ab34fac7a3d966d
41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee
50eb027e15a718a6593b1f15a9b4123c959154eb2f1dc7dfa83d442d9c18ca3e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 16:31:53 GMT
Expires: Fri, 28 Oct 2022 16:31:52 GMT
Etag: "41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee"
Cache-Control: max-age=510422,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4544e0b58fabc-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9d0997d027597b317ab34fac7a3d966d
41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee
50eb027e15a718a6593b1f15a9b4123c959154eb2f1dc7dfa83d442d9c18ca3e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 16:31:53 GMT
Expires: Fri, 28 Oct 2022 16:31:52 GMT
Etag: "41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee"
Cache-Control: max-age=510422,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4544e08051c12-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8445
Expires: Sat, 22 Oct 2022 20:55:35 GMT
Date: Sat, 22 Oct 2022 18:34:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8445
Expires: Sat, 22 Oct 2022 20:55:35 GMT
Date: Sat, 22 Oct 2022 18:34:50 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9d0997d027597b317ab34fac7a3d966d
41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee
50eb027e15a718a6593b1f15a9b4123c959154eb2f1dc7dfa83d442d9c18ca3e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 16:31:53 GMT
Expires: Fri, 28 Oct 2022 16:31:52 GMT
Etag: "41f87f15a5e827c6dfbfbec8dbfb00fe7a412fee"
Cache-Control: max-age=510421,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4544e2e14b50b-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -R91mOdVOCkUp-5vOpEyQactO7SrjtbYwxTsvbR1LP6fBlFZFDTP5A==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 74058
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hitgYm684zdpmL8IbPzFxhPWRrc2-VmnlofdTiPhJzkrc26mgXTTTA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:41 GMT
age: 74049
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bd5e942443ffd011faf10dc88d92081
beff4ae9e24599addce8a961c955788045c56645
2c59d984971e73d497975032c23700b5602fccf403f4683a8047f5f42d4e261f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: 081470ca-0107-4052-be55-9c713105bb27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aUr-TEKPoAMFZfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6351c05b-17199f8c0fc0fb7443a902f1;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 21:40:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C8HRcZnP8nrEFWU_vn1olwnkXdvlqUu2_w0YIED9MSXDtO3U2mKO-w==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:17:59 GMT
age: 73011
etag: "beff4ae9e24599addce8a961c955788045c56645"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cdaacab30d73a7d05180cc16f4a96a3f
6cc0e39e0decbc20c765f171f63affd85fc9e6da
f015c3b1d838bd7d100ee104551bed2bb06a512b20ce3e5ac419d54b747fadd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10720
x-amzn-requestid: 96267527-f482-4bfa-ba7a-12467408efe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-MvGutIAMFc8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b7-25f2624559b0fb7d62ced3a3;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4--AiSTKMMOm9HnJL_ervFnd5rkQ-WZfGM-FNkxXKO892SPw67cxXA==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:11:42 GMT
age: 73388
etag: "6cc0e39e0decbc20c765f171f63affd85fc9e6da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kV1qS7kI7-DRm5Su-p133YIf_m4n6i16uBSDrGdsbMDPxD_2v1a69Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:20:05 GMT
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
age: 72885
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26c47e4b0147f8dee3e71a53a8f2830c
381edb4758da428db5ffe884f8fb38bf11044f69
b507898359abbcb1f57821c147a58df66d7e81acc198afc997527b58cd835b39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ib4A9F4pA6k1iYdefeQokFkEkmqlEASJ2d20BQ6gqRYj3teYDu8Cyg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:14:20 GMT
age: 73230
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=Y1Q3yQAAAEaHaQN6
54.77.35.16302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y1Q3yQAAAEaHaQN6
IP 54.77.35.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y1Q3yQAAAEaHaQN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citizens-online-support.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v044-05525f3f4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1Q3yQAAAEaHaQN6
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=55949918823604096204445401465585911492; Max-Age=15552000; Expires=Thu, 20 Apr 2023 18:34:50 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Skkm+c+jTus=
Content-Length: 0
Connection: keep-alive
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb25335x14284
178.249.101.99200 OK 373 B URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb25335x14284
IP 178.249.101.99:0
Hash d7fe2c854e89d0a5915cd22855c15790
ae23e935f44c3783adae0049eca7348edef28b4b
ecafa03e2cfe4cc593ed011ebf0fc845d594c4967b6daed9be2246c34b893790
GET /api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb25335x14284 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lpcdn.lpsnmedia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:50 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:28|g:12fbe2ac-4fe4-4d9a-884c-4c37e85595bb; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:20 GMT; Path=/
ADRUM_BTa=R:28|g:12fbe2ac-4fe4-4d9a-884c-4c37e85595bb|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:20 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:20 GMT; Path=/; Secure
ADRUM_BT1=R:28|i:2241585; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:20 GMT; Path=/
ADRUM_BT1=R:28|i:2241585|e:7; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:20 GMT; Path=/
vary: Accept
expires: Sat, 22 Oct 2022 18:35:50 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.101.23200 OK 414 kB URL HTTP/2 lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.101.23:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 414 kB (413993 bytes)
Hash ac3e6f1e88739e49cc7cce4a0e483476
9e095c1a55d3f851e77a4c911d959b312cbf4b67
a3983804fba076ebe110ed655faa9d7571d836e1e51460f5a463c4e2e75e0782
GET /lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/x-javascript
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2Fcitizens-online-support.com&site=89632304&env=prod&isCrossDomain=true
178.249.97.98200 OK 16 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2Fcitizens-online-support.com&site=89632304&env=prod&isCrossDomain=true
IP 178.249.97.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32175)
Hash 2d5783392db55081ca489880f7631509
c5f2072bee30a29aff2417ed655ec10bbaf840b0
15f0c1a6604b3b489144f5bfd764de55fe73eeaadab27261a1f80b2e8d4d2538
GET /le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2Fcitizens-online-support.com&site=89632304&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:50 GMT
content-type: text/html
last-modified: Mon, 08 Aug 2022 03:15:58 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 22 Oct 2023 18:34:50 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 59fc99cc47caa4b6130aab98a9928a66
f69c09fc42619141fcaba7b824d611c484c5e118
01900b9b7fdda1c968ad78ff22f84d84d11bad28d782035c0835a5866b56e35f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 13:42:44 GMT
Expires: Wed, 26 Oct 2022 13:42:43 GMT
Etag: "f69c09fc42619141fcaba7b824d611c484c5e118"
Cache-Control: max-age=327472,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e454536f84b4f4-OSL
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pid=42043be1-b89e-4d5b-ace8-b55fc2a049b4&sn=3&cfg=27baeec&pv=2&aid=
3.87.234.62200 OK 140 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pid=42043be1-b89e-4d5b-ace8-b55fc2a049b4&sn=3&cfg=27baeec&pv=2&aid=
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4c572cf7038945d6076b921f8b59c2f3
038b8953750028d36004337868399f39d0e63b59
6a56613d22711a8b3055932389a71781153b02c8962130af833aec4ba9a6e036
POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pid=42043be1-b89e-4d5b-ace8-b55fc2a049b4&sn=3&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 577
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: http://citizens-online-support.com/
Cookie: _cls_v=e375cac4-195e-4dbb-9c44-33819c84e169; _cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0; _cls_cfgver=27baeec; AWSALBCORS=sRrAbPzGEQblxzVXby91aqyXQdS7GA/tA8wh9HH9u8xLweHl16d2dhe+kpmXrkxw+owczR2hSUcDVNUxt6rIXgkJCP4bkULzzfZCJv1z9qeS3CAK+PeL4l70Ynwh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:51 GMT
Content-Type: application/json
Content-Length: 140
Connection: keep-alive
Set-Cookie: AWSALB=fIk3iJqfEqUg10XY2EVqFWlsqpJFZeeTnlbtPFdjMHpDSw/xt1RGkMGogCExOzJKsKPVa+w6C38ig8wGv/g5mOxSLr2qTXjRnqaCFwx16CI+lkSTB2bpgEfg/2/0; Expires=Sat, 29 Oct 2022 18:34:51 GMT; Path=/
AWSALBCORS=fIk3iJqfEqUg10XY2EVqFWlsqpJFZeeTnlbtPFdjMHpDSw/xt1RGkMGogCExOzJKsKPVa+w6C38ig8wGv/g5mOxSLr2qTXjRnqaCFwx16CI+lkSTB2bpgEfg/2/0; Expires=Sat, 29 Oct 2022 18:34:51 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://citizens-online-support.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pid=42043be1-b89e-4d5b-ace8-b55fc2a049b4&sn=4&cfg=27baeec&pv=2&aid=
3.87.234.62200 OK 140 B URL HTTP/1.1 report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pid=42043be1-b89e-4d5b-ace8-b55fc2a049b4&sn=4&cfg=27baeec&pv=2&aid=
IP 3.87.234.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4c572cf7038945d6076b921f8b59c2f3
038b8953750028d36004337868399f39d0e63b59
6a56613d22711a8b3055932389a71781153b02c8962130af833aec4ba9a6e036
POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0&_cls_v=e375cac4-195e-4dbb-9c44-33819c84e169&pid=42043be1-b89e-4d5b-ace8-b55fc2a049b4&sn=4&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 329
Origin: http://citizens-online-support.com
Connection: keep-alive
Referer: http://citizens-online-support.com/
Cookie: _cls_v=e375cac4-195e-4dbb-9c44-33819c84e169; _cls_s=b168d46a-eb12-460e-935b-563fd9d9030f:0; _cls_cfgver=27baeec; AWSALBCORS=VDL1Z1Oxl9GoEoM1HZe0vPqeu0TevoX2wcb09NzbOQEcNRWCTl1tGALgz65Zdp7sgrGwDScPQwZMaRyWgI9qjDDJbJUuKhn3/lQJcnGdnqEWZ1JsvNbxiirTurMD
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:51 GMT
Content-Type: application/json
Content-Length: 140
Connection: keep-alive
Set-Cookie: AWSALB=QKhzROt7wbjaUXY2TJD5X4douBcqMv28ZcSnvpfPyLIQMpfvZdRlHFA7fGvfcgUIXYAGUYMpbbDuKJu5icOK/Jrv9hX+b9ivschDpk01V5cgcmHlHuTC/YFi+Zwl; Expires=Sat, 29 Oct 2022 18:34:51 GMT; Path=/
AWSALBCORS=QKhzROt7wbjaUXY2TJD5X4douBcqMv28ZcSnvpfPyLIQMpfvZdRlHFA7fGvfcgUIXYAGUYMpbbDuKJu5icOK/Jrv9hX+b9ivschDpk01V5cgcmHlHuTC/YFi+Zwl; Expires=Sat, 29 Oct 2022 18:34:51 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://citizens-online-support.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=http%3A%2F%2Fcitizens-online-support.com&site=89632304&force=1&env=prod&isCrossDomain=true
178.249.97.98200 OK 326 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=http%3A%2F%2Fcitizens-online-support.com&site=89632304&force=1&env=prod&isCrossDomain=true
IP 178.249.97.98:0
Size 326 kB (325590 bytes)
Hash 8e6908977c42a2a54ac1350ab58091f7
a28ac7b29fe0e74296207fb67f12f46ee0c9bc68
579e060b4692ec69c1bd061f683ce68d2a9881d9c091d3cc8bf814390fc930e1
GET /le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=http%3A%2F%2Fcitizens-online-support.com&site=89632304&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:50 GMT
content-type: application/javascript
last-modified: Mon, 08 Aug 2022 03:15:58 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 22 Oct 2023 18:34:50 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 913f1b27298f63f2a7fd4e4bd111c122
5b7617638b7cb79d235be543f55e2242de9329f7
3edb79be98abcf38d13935f26dd4432747020edf620904eaa8888db00820706a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 18:34:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 11:37:43 GMT
Expires: Fri, 28 Oct 2022 11:37:42 GMT
Etag: "5b7617638b7cb79d235be543f55e2242de9329f7"
Cache-Control: max-age=492770,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4545a292ab4f4-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b527845e4ef66e541722f05b967d3ab8
fae2f305648740155528de9488b4293ac3851613
aaf990706f177eceb80da0ed746955f908e748e061ddd06e7523226550bf278f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1985
Cache-Control: max-age=163417
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 18:34:56 GMT
Etag: "63540b68-1d7"
Expires: Mon, 24 Oct 2022 15:58:33 GMT
Last-Modified: Sat, 22 Oct 2022 15:25:28 GMT
Server: ECS (amb/6B9D)
X-Cache: HIT
Content-Length: 471
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
104.18.14.22200 OK 0 B URL HTTP/2 cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP 104.18.14.22:0
GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citizens-online-support.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
last-modified: Thu, 13 May 2021 10:48:21 GMT
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding: gzip
etag: W/"845173368b011e7fa14658b57426fe09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TjES7ym4ShstKtpj1GLznZjl8VeU-G2N0yGQlAXn4IB-OQXucq9_RQ==
cf-cache-status: HIT
age: 586
expires: Sat, 22 Oct 2022 22:34:49 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 75e45449aa30b4fa-OSL
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP 178.249.101.99:0
GET /api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:35|g:9607a889-065b-4f9c-b8ff-50557fda2fe8; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
ADRUM_BTa=R:35|g:9607a889-065b-4f9c-b8ff-50557fda2fe8|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/; Secure
ADRUM_BT1=R:35|i:2241585; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
ADRUM_BT1=R:35|i:2241585|e:7; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
vary: Accept
expires: Sat, 22 Oct 2022 18:35:49 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
IP 178.249.101.99:0
GET /api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:35|g:ec385b43-24fe-4132-9620-472e8c5deec1; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
ADRUM_BTa=R:35|g:ec385b43-24fe-4132-9620-472e8c5deec1|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/; Secure
ADRUM_BT1=R:35|i:2241585; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
ADRUM_BT1=R:35|i:2241585|e:11; Max-Age=30; Expires=Sat, 22-Oct-2022 18:35:19 GMT; Path=/
vary: Accept
expires: Sat, 22 Oct 2022 18:35:49 GMT
x-envoy-upstream-service-time: 2
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/UMSClientAPI.min.js?version=10.22.0.0-release_5548
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/UMSClientAPI.min.js?version=10.22.0.0-release_5548
IP 178.249.97.98:0
GET /le_unified_window/10.22.0.0-release_5548/UMSClientAPI.min.js?version=10.22.0.0-release_5548 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
last-modified: Sat, 01 Oct 2022 02:35:39 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 22 Oct 2023 18:34:49 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/ui-framework.js?version=10.22.0.0-release_5548
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/ui-framework.js?version=10.22.0.0-release_5548
IP 178.249.97.98:0
GET /le_unified_window/10.22.0.0-release_5548/ui-framework.js?version=10.22.0.0-release_5548 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
last-modified: Sat, 01 Oct 2022 02:35:40 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 22 Oct 2023 18:34:49 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/lpChatV3.min.js?version=10.22.0.0-release_5548
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/lpChatV3.min.js?version=10.22.0.0-release_5548
IP 178.249.97.98:0
GET /le_unified_window/10.22.0.0-release_5548/lpChatV3.min.js?version=10.22.0.0-release_5548 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:49 GMT
content-type: application/javascript
last-modified: Sat, 01 Oct 2022 02:35:39 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 22 Oct 2023 18:34:49 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/89632304?&cb=lpCb89452x69999&t=sp&ts=1666463705251&pid=3689134738&tid=8080834376&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fcitizens-online-support.com%2Fcitizenbank%2Flogin.php%3Fonline_id%3D4921f827b966178616342b635%26country%3D%26iso%3D&df=0&os=2&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22aa6a9853-a643-4df8-aa98-53a643cdf868%22%2C%22account%22%3A%2289632304%22%7D%5D
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/89632304?&cb=lpCb89452x69999&t=sp&ts=1666463705251&pid=3689134738&tid=8080834376&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fcitizens-online-support.com%2Fcitizenbank%2Flogin.php%3Fonline_id%3D4921f827b966178616342b635%26country%3D%26iso%3D&df=0&os=2&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22aa6a9853-a643-4df8-aa98-53a643cdf868%22%2C%22account%22%3A%2289632304%22%7D%5D
IP 208.89.12.87:0
GET /api/js/89632304?&cb=lpCb89452x69999&t=sp&ts=1666463705251&pid=3689134738&tid=8080834376&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fcitizens-online-support.com%2Fcitizenbank%2Flogin.php%3Fonline_id%3D4921f827b966178616342b635%26country%3D%26iso%3D&df=0&os=2&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22aa6a9853-a643-4df8-aa98-53a643cdf868%22%2C%22account%22%3A%2289632304%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:52 GMT
content-type: application/javascript
set-cookie: LPVisitorID=NmZmM2YWVhYmIxNTU1Y2Zi; Expires=Sun, 22-Oct-2023 18:34:52 GMT; Path=/; HttpOnly
LPSessionID=BbrFFll3Tm6vNt9GKkL6Dg; Path=/api/js/89632304; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/surveylogicinstance.min.js?version=10.22.0.0-release_5548
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.22.0.0-release_5548/surveylogicinstance.min.js?version=10.22.0.0-release_5548
IP 178.249.97.98:0
GET /le_unified_window/10.22.0.0-release_5548/surveylogicinstance.min.js?version=10.22.0.0-release_5548 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citizens-online-support.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 18:34:50 GMT
content-type: application/javascript
last-modified: Sat, 01 Oct 2022 02:35:41 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 22 Oct 2023 18:34:50 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2