Report - coprwanda.com/login.php?primarymember

Report Overview

Submitted URL
coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
IP
192.185.105.9
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-12-02 03:40:14
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citi

Detections

urlquery
43
Network Intrusion Detection
0
Threat Detection Systems
84

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.165.176.211
stags.bluekai.com	471	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	426 B	23.38.201.22
1.b406929acabac9b095f124c81bdfcf57f.com	75277	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.12
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.8 kB	172.64.155.188
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	8.4 kB	142.250.74.131
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	45 kB	34.120.237.76
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	485 B	35.241.45.82
6260004.fls.doubleclick.net	87165	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	667 B	1.2 kB	142.250.74.38
di.rlcdn.com	2196	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439 B	192 B	35.244.174.68
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	892 B	67 kB	151.101.65.230
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	960 B	444 B	35.190.60.146
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	2.3 kB	192.124.249.41
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	705 B	6.3 kB	151.101.1.175
1.c81358859121583b7adf2ace89cb39f44.com	75217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.57
cse.google.com	2642	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	313 B	4.2 kB	142.250.74.174
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	5.4 kB	93.184.220.29
bid.g.doubleclick.net	497	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	483 B	809 B	64.233.162.154
contents2.00110.citi.com	32534	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.6 kB	52.154.174.214
adservice.google.com	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	674 B	947 B	142.250.74.34
1.a79ab95c1589a13f8a4cab612bc71f9f7.com	75111	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.21
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	106 kB	216.58.207.228
coprwanda.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	36 kB	146 kB	192.185.105.9
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	666 B	1.1 kB	142.250.74.162
online.citi.com	23902	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	30 kB	2.0 MB	104.110.15.25
www.googleadservices.com	107	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	16 kB	142.250.74.162
contents1.00110.citi.com	34217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	582 B	216 B	13.89.105.232

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.
2022-12-01	medium	coprwanda.com/	Citigroup Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1b8481e9d5e290b3ea8e276d8	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e74a6416d327d966fefc8a5ae	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1aeec9122a18888649fe8e7e3	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b4438a4406ce24ec9b2882601	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f3e43f92f97cd1f26a7ce6e96	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1b9143779c0841ea90d8dff79	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8a7bdbac2f0f950fb879a31a2	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=586bd8d3227643aca6ecded4f	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=338be2d22467225418c6402f8	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cb1182db993b362e6a58eb033	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=3c677673d9708275f327ea163	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=6fea524a73c2f3423ba6812f5	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b3745e0199f78d0493c7e17d9	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=98b0ebecf83a9a35989b3956f	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=74b0515666d111301401c02de	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1475e8f13eb976567ec2c137b	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=809132e0374994b7f64128de6	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c017e8289a27df35e395ceeab	Phishing
2022-12-02	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=01f631184c2d011a54d43b097	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (53)

	URL	Size	First Seen	Last Seen
	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	1.4 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 523300c546ce8ca360e71c0fb0dd814e 02f79ba80ee8c0382712f839f96bc756d26ccf00 aed2528851ae42ae6d46422c6ea1f1a4f80f5a12d8da6ba4faf47ba31d535f00 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	55 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d5f6a35c544a7ddd317d05e7269f2d91 261918e10ca6bcdb237e0721f18f9ff7bb17c661 c2cc4fb4f8c58dc26361fa9861e3f0a8c37f575e9a01ca6ab41918933a45f73c Loading...

	online.citi.com/passivebio/bcsid.js	947 B	2023-03-07	2024-03-02
Pretty URL online.citi.com/passivebio/bcsid.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen22 Hash 502011c839f5e3bbbdf1003b724e06be d038be2dc3b9e0472222e530a6939f7ebe1f474b 7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	51 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a3b9a45219bb8e76e0b6428a3c2252a7 f3acae083611bddf944dd5b99ffc9401ecb29411 d0a5a93cb1f2f7daefdf72c4da8680aab2c242b9cf555052afa9c0cd56917f07 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	60 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bc7247cf39fab48b4350f02e88aeb96f 4d23a7bf9ac7b5e035ae05b03ec4d332fc8feaf3 f44ae2b913df243a9f434e4843f12c6fbd219bafe09e404ee33c2099fd5a8d2f Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	124 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a19f3867a2e4f194d61def3b27607ba6 70c9c6e28e1cadc1f6b5323e27193805d4eae52b 027658d5326a774db4e4a4980c91809057d23cfc74657a7afbab30f232f53862 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	861 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 3b39fb878bb8cc0ef702b00f28ce06a2 1800f2414e094aafbc22d21f887e2c2ae0936c39 1a26e59588d3cb2703eca3a097a8ea943076219db045142fdaa1079f5077326c Loading...

	online.citi.com/JSO/js/fp.min.js	15 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JSO/js/fp.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen40 Hash e0bd1cc6312c34c2d4a57142ef0a7b08 02ce3ece5c0f0a50f473c46380aee484467453d0 c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61 Loading...

	online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js	209 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:33 Last Seen2024-03-02 02:18:10 Times Seen28 Hash ca8c30345e8e5414d93d3edc415a4661 3adf2e4eb7ca526a030af61b93e82b075d1d47fa f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8 Loading...

	online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js	65 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash ffa4ec65e36a6626d9494401fe52ad0c 50fde09885fdb9f1814b950fa25992e4d9a04ba6 f1821b3865a1008ba0c088f7dc5c7eeb6b81e414461885c40b8d0f48fcbc9341 Loading...

	1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js	3.2 kB	2023-03-07	2024-04-23
Pretty URL 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js IP 54.230.111.57 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2024-04-23 23:40:55 Times Seen5052 Hash 9ee48a4da9c402e8a23ad085fb71f28f f0c59306d6313f9bee02b53ca8903991bd24bfd7 9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	359 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b12406eac48ade2690f28ac5c9f718dc 57c0461b4deb5149b8f0e858f5f5229458fc8b0c 142489ac6853636288983970739a610112ef91ac6043a389995fe55af272902f Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	712 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash 71382f8e6ef9bf2ed5d915ae803c5c7f 0c64d7a89e77aa6b2325ca12b8fe87548d6b2850 2c2cdc3431ed006f6ec8457b9c0718d0e1ca18839e87b9de7fb3b3f1661b4329 Loading...

	online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js	1.0 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash e60f5e310d559ee60d3247be9d5ca100 34e78dc5b40ce2a94567389bfd6e04abf43b90b9 9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead Loading...

	nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js	14 kB	2023-03-07	2024-04-03
Pretty URL nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js IP 151.101.1.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:04 Last Seen2024-04-03 19:28:22 Times Seen175 Hash 80dd5e3be5152c5c72d552c6a26ef6ff a019565ce06f5b1c129af9ac0e9cfa82f52dcdea 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	357 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fbf9db9d94876430883163dc4daf526 750066ce478bbe33c8549eba66f1b5d904887cdd a48f476e46cb1bf35c51fd3d0e2bd13934be3d651578dfd92d58031a604f3ab9 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	684 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b380284e2b4750a3f8510c3f26e3b560 2283ef2ae152c81fb1a5d606562708d09ed4d19a 8d91289c12695cf4e74f0a67724c8d857f5dff3e39dbe51b9c7b7d1389c7814e Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	55 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fe2b22226d89eba331c98169afbe248 5d6863f5b3b2ead7cda62892a357f54453f32e9b 7f06045984d0bd219b82b6f040069ed2e2e1c06209db06ba3573a146628970b6 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-08	2023-03-11
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:43 Last Seen2023-03-11 23:52:27 Times Seen1 Hash aa380446f88c1288203b55faad15a0df 6724fbaffe1828ffd0ffaa56769630709b2fdfad 4f0fa35c5a44677cc0a678f03795032aa862275dc29e978a84a2ee41ef267c10 Loading...

	online.citi.com/GFC/branding/olab/js/oo_engine.min.js	43 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/olab/js/oo_engine.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 9cf707489677b29ec6136aa27089ba09 5b37eb42f3a40a12670240452ee73f62f92b2fb2 1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	1.7 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d6d17a43da3e8376e35530332e97ca5a b4d7317b19925744db8006d3607847291b8c2d11 89d52e9a2628894ca01a5df1ae1e1837d8d1845687c97f70626835be863ef80f Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	169 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 66ca5e714ab1f2abc641e1a7d48f8718 9c1e2c0ba39d05d105c37bf884bc1a3f2bc9cbc3 76dd133f3a42824740d3c84f9420ac45c4626dc34ae2fde827bc48c63361ee46 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	494 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 0d581029ec07c06226cdb87413887e8c b43ebbb551358c7d2ffaced6599b09a4f471d635 68eb0c8baed5acd7a6f96d01c70ab092f24705d05f6ac63906e03281c8648da4 Loading...

	online.citi.com/personalization/peworkflow.min.js	5.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/personalization/peworkflow.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash 95e4214ba481e0482f80ba7f16966e5b 59a2c377906e189d7f4a962f76f427eb6f1edc79 690146b8ff7699810daa66f43ce7d006f74a143dea4a27bb0cb9c054dddadeee Loading...

	online.citi.com/passivebio/BiocatchATO.js	617 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/passivebio/BiocatchATO.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen28 Hash 69a5130e035e64d16c66984a9d61d932 ee65b847792f3a0401e629e8e6a10ed2b39d1776 7075cd51e089027f92c8cbb5fa73d4df72bd8a58e112ea577133f4bc7667bada Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	435 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8c44d43f489e4df9faf23c5f7c082749 587508ee3c25156acd49c1c5381183cf28cde15d 4516f2146b415294de73a3cfdb656e831c1f768ed83e02e0523ab0e3b62ead7c Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	487 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash eae83f0684e7579652eb0933e38369e9 12d00f19d6d36c928c9d2b70b4c6f7b2e6846e0a 2d71826129cbe83e37a07a4d9c204830f4973e601adcaa8683a741d992e96a24 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	169 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 41f78ec36c8e88fbf2baaf7035a8f84f 1545242efbd33a18adf2b0645decdc0c20d31e5d f22d5a40edfbfba3e5a6197f9eb94801f8402801e2ef2822dfd24ebb4022c49b Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.65.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.65.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu	10 kB	2023-03-08	2023-03-08
Pretty URL cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:27:06 Last Seen2023-03-08 14:27:06 Times Seen1 Hash 7886b4adf4ca249e809e794f02776369 9940606752da1d1bb8bcdee6edac6be24ae9fc47 6c9f5e9425e1e863d334b3c22867d7369f0d4f8fe8c32ff0a3df5b4b86d4c7d9 Loading...

	online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js	6.2 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen33 Hash 42dcf708ed86de23deaaea0446fd9c38 1d25fe5aea16f13a83452f02be95bec22af3b5ac 629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js	9.1 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js IP 93.184.220.29 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen23 Hash 828b253bebc00cf5985f885442fa5ea8 9f02b35e1acd3be7f6063693fd6e31d4fe010109 eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	1.4 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bd392e918e0e8f71f814f5a4553a6ead 2eb7f3a1108af3e041fbb338376a313c73611026 c8deb517a69abf7d437eba4b4e4915f30afd61faf052449f014e8cafc7129e15 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	1.5 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 80225a3b19dfe27804d23ede3e982551 48bc3baa82a3339b937f30c04a30296654a1e998 ca689295a05fa095b9c7805118d78203b18020fcba72a0b84b819eaf52e042b1 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js	3.0 kB	2023-03-07	2024-02-11
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-02-11 09:44:08 Times Seen1 Hash 1130041570009de4132935c54abacb7d 767afd3e881378ae9eee4c9f6e705022c17a358e 694c74b00db3aae929ade1622b456591187454fd61f06daef7fca081b01adc07 Loading...

	online.citi.com/TMX/TMXProfiling.js	1.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/TMX/TMXProfiling.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen34 Hash 0ff04f7aa700fb377b4a1a7f9f431b21 32f63ce9172fad37c97fe3d680373a5247c2bd54 157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	3.8 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash b7c621311d20eb07f9505c83f2e93a78 7e88e8057e7ff83e4debfc93f9003ec7b6057de7 3e8e3a7b51aa3cb440686ef7fa0309f2bb8e348f89e37819481dc7629f7868c9 Loading...

	1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html	87 B	2023-03-07	2023-04-05
Pretty URL 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html IP 54.230.111.57 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2023-04-05 01:48:21 Times Seen54 Hash 2e4d7d52e5909922bf021f1cc09b8932 dc20df92c388423464243e53c7a378f0016effc9 0242c236e7c83d9c9d5281fc2614b82c4bf516e7e2552c4e042ecbf9fcf45027 Loading...

	online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js	13 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 67fd9bb7be1fea04c09753fcdab15974 207b8cec60851c99ebdda47a19cd8a032acc0c47 b95fb980f8f91f1c113d3411d3fbf608e143bf4d10fe0706bb6d2231f13bd228 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	78 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 349e88b7caa0dff4eaf84621885aa4f3 4d887106cc4facf29b36c387a6804f1cc9248654 9db261bd1461cfc312dd6f9c4bc524a49091d299e4391c63877032b55f2596a0 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	6.5 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash f15ea50d63999ebf748246ffa6809deb 3ab1fd500e2c2ebaa7b6cacd40558f72b3db819a 145cd772b8f26c7980cc0e655ae0d338eba3e2c9312f98682c20fd5d52aa0a55 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	5.7 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 372c44408865733816a82d39409c0b30 85316d59e1d674e0dd03a7f0feb5d8c2b611001f 4f56b58340bbcff64bcbd1d6705293f8f68fdc68ae08c4d47f56522444cc7dd9 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	8.8 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash 90f96fe21a87fad1db5e9400e1dd4992 04bf5396b008ed5c09f975a0ac4439daeb0a7c10 7281fd5f764158ae3ddd8d3745d09c71f32c8459ed2cb07cc9098279f06e9f5d Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	1.2 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 36aa1dfcdce2b986fd9f0db34c4fa706 d08814a707dec3e918bab14f17667fbd9d97d252 899f1b5bb146380ef5919bbc7e765fad6ee9ef236df7dff4db370dfb19e70f98 Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	5.4 kB	2023-03-07	2023-03-26
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2023-03-26 11:20:09 Times Seen3 Hash ccc559ecd3592536380cada140c43a86 6c31ba55d693e0327c8be6aab39264045dfc89d0 9fadbb54ce0d3d5250f3a6e96ea0dbb5bc729f7936c56bdb606bb2310ede0b57 Loading...

	www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D	310 kB	2023-03-08	2023-03-12
Pretty URL www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:46 Last Seen2023-03-12 17:38:18 Times Seen1 Hash cd4dcf60325693e64ff3fe71cfb84a58 e724160941156849e66b5cec3d0fd0dbfeefd266 535b8af88e270a20f4ae2174218d6b90ffd7fb780215a2f911629455d6c8201e Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 05:04:23 Times Seen37111426 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	online.citi.com/GFC/branding/responsivebranding/js/main.js	34 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/responsivebranding/js/main.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash c0ddec2b38e31940c334f2484005e156 6400269d39b45e4a70747dc53dee46a4847c5de3 9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda Loading...

	coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a	2.2 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8eedca5e0fcb1a64188322773e36df8f e432b6c6b69b3cacfb651c47ae491e0639ff451b 68c52647c1464b6ed288e2f0599fc247410d6f1aa1ef55f2f38a5b97b86cc704 Loading...

HTTP Transactions (186)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5070
Expires: Fri, 02 Dec 2022 05:04:31 GMT
Date: Fri, 02 Dec 2022 03:40:01 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5280
Cache-Control: max-age=116351
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:59:12 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 03:19:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1211
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2988
Expires: Fri, 02 Dec 2022 04:29:49 GMT
Date: Fri, 02 Dec 2022 03:40:01 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: FtR0sW7XZ5GnRuvJVJ7rabTQ9+wwCI1MGaRxG2GFxU0l66NhhMRct4uSM/YNL62YZyU422vdekg=
x-amz-request-id: BSXTCV3WJ9VV6KYC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 02:45:55 GMT
age: 3246
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 03:40:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css

216.58.207.228

200 OK

9.0 kB

URL HTTP/2
www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
9.0 kB (9032 bytes)
Hash
c7cbebedd348978dba3901d8cc83e90d
da9da15b749bbbea07de2147b1c09ff9cf6ee05b
8d6777b76a124d852a680f4d5e42f9b6abfefbc70253b120ed7f3a44aec9e1c2

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 16:53:54 GMT
expires: Thu, 30 Nov 2023 16:53:54 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/css
age: 125167
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D

216.58.207.228

200 OK

92 kB

URL HTTP/2
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1560)
Size
92 kB (92399 bytes)
Hash
9aeb1c4b79656b106c74f75f0659e55e
fa088f735b11435c1898df5d8de153e32973ad4b
860254f9f9946d31e68a5864324badfd3bbb8dc8e8b95f7569cd911af2db602d

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:11:22 GMT
expires: Wed, 29 Nov 2023 15:11:22 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 217719
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/cse/static/style/look/v4/default.css

216.58.207.228

200 OK

1.3 kB

URL HTTP/2
www.google.com/cse/static/style/look/v4/default.css
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.3 kB (1345 bytes)
Hash
b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132

HTTP Headers

GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 03:01:50 GMT
expires: Fri, 02 Dec 2022 03:51:50 GMT
cache-control: public, max-age=3000
age: 2291
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

HTTP Headers

GET /login.php?primarymember_id=665d2cfd64642626bdd5dc62a HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:01 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5066
Cache-Control: max-age=169436
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:43:57 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5066
Cache-Control: max-age=169436
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:43:57 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4930
Cache-Control: max-age=169300
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:41:41 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5066
Cache-Control: max-age=169436
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:43:57 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4930
Cache-Control: max-age=169300
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:01 GMT
Etag: "638952a3-1d7"
Expires: Sun, 04 Dec 2022 02:41:41 GMT
Last-Modified: Fri, 02 Dec 2022 01:19:31 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/css/main.css

104.110.15.25

200 OK

7.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (47574), with no line terminators
Size
7.3 kB (7313 bytes)
Hash
3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682

HTTP Headers

GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=749287800D28D9C3340DF4B1B6C1ADB3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css

104.110.15.25

200 OK

3.7 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.7 kB (3733 bytes)
Hash
912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=1DB50FE964E0CF7FE4FE66A9A48C26D8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png

151.101.65.230

200 OK

2.2 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP
151.101.65.230:0
ASN
#54113 FASTLY

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2219 bytes)
Hash
f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068

HTTP Headers

GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:40:01 GMT
via: 1.1 varnish
age: 857368
x-served-by: cache-bma1673-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669952402.814306,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2

online.citi.com/loginpage/styles/homePage.min.css

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/loginpage/styles/homePage.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (24793), with no line terminators
Size
5.0 kB (5046 bytes)
Hash
8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506

HTTP Headers

GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=863D6D4A92940B48EECF53B424BE6C89; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js

151.101.65.230

200 OK

63 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP
151.101.65.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (44679)
Size
63 kB (63129 bytes)
Hash
2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3

HTTP Headers

GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:40:01 GMT
via: 1.1 varnish
age: 46003
x-served-by: cache-bma1673-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669952402.814215,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2

online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

104.110.15.25

200 OK

2.9 kB

URL HTTP/2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5928)
Size
2.9 kB (2905 bytes)
Hash
f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05

HTTP Headers

GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=FCB17E7686AC324C3E4D31167D878F9A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JSO/js/fp.min.js

104.110.15.25

200 OK

4.3 kB

URL HTTP/2
online.citi.com/JSO/js/fp.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (13962)
Size
4.3 kB (4322 bytes)
Hash
37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982

HTTP Headers

GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=4D189B32F8A2A4D4186AC30AF45D69DD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css

104.110.15.25

200 OK

337 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1265), with no line terminators
Size
337 B (337 bytes)
Hash
7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=C04E85940A37DFD94F86CA85396EC1ED; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

104.110.15.25

200 OK

65 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (65509)
Size
65 kB (64910 bytes)
Hash
68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=72F1E6E30039D89FC35B4AD0FA63E091; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

104.110.15.25

200 OK

899 B

URL HTTP/2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
899 B (899 bytes)
Hash
1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3

HTTP Headers

GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=B544F4DBE5C06A87C770A7D2406A7743; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/personalization/peworkflow.min.js

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/personalization/peworkflow.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5321), with no line terminators
Size
1.8 kB (1806 bytes)
Hash
1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78

HTTP Headers

GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=F349C898A8600A46B07E27F3FA1B7385; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/olab/js/oo_engine.min.js

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32021)
Size
12 kB (11704 bytes)
Hash
4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090

HTTP Headers

GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=A61419EB83D3CC53FDF6720F6A02A506; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js

104.110.15.25

200 OK

31 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (368)
Size
31 kB (30559 bytes)
Hash
51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538

HTTP Headers

GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=8274E6225E5A1A6340ED3FC4896511BE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js

104.110.15.25

200 OK

18 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (65331), with no line terminators
Size
18 kB (17670 bytes)
Hash
2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=6AE8E607A93C0F75101C362027B1682C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 03:08:57 GMT
cache-control: public,max-age=3600
age: 1864
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/main.js

104.110.15.25

200 OK

8.0 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/main.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Size
8.0 kB (7957 bytes)
Hash
6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee

HTTP Headers

GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=D0AFA7E33B5405B28C9315C79576DA6F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js

104.110.15.25

200 OK

1.0 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3018), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=B811CDED6C7AB69D4706C7CA076C01ED; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/BiocatchATO.js

104.110.15.25

200 OK

114 kB

URL HTTP/2
online.citi.com/passivebio/BiocatchATO.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (63756)
Size
114 kB (114417 bytes)
Hash
9248242d277a48e0e26b2b6aef3ce590
54c170a425a237fff13a351380d3ebc13eecb7fe
dffd94cd4d4979a7844ab3e348357a918ba4d92a07e1e20ce583295c136b6d88

HTTP Headers

GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=28A4094C78E133A6E3D1A960117D4271; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js

104.110.15.25

200 OK

3.0 kB

URL HTTP/2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
3.0 kB (3030 bytes)
Hash
cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0

HTTP Headers

GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=B9CDC3FBC41EE2C2E8E058CB0A51E849; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/TMX/TMXProfiling.js

104.110.15.25

200 OK

546 B

URL HTTP/2
online.citi.com/TMX/TMXProfiling.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
546 B (546 bytes)
Hash
8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2

HTTP Headers

GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=E245F8263FE22FE03B24B33A971FE371; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GPS/portal/css/cobrowse_overlay.css

104.110.15.25

200 OK

1.6 kB

URL HTTP/2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.6 kB (1597 bytes)
Hash
48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449

HTTP Headers

GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
set-cookie: AKMTLTSID=D3A3625FB2E27ADA854B80F613693ED2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js

104.110.15.25

200 OK

62 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (7824)
Size
62 kB (61658 bytes)
Hash
72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:01 GMT
date: Fri, 02 Dec 2022 03:40:01 GMT
content-length: 61658
set-cookie: AKMTLTSID=93DB4BCA66EDC487FEC0A80DB61C5DBE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/bcsid.js

104.110.15.25

200 OK

427 B

URL HTTP/2
online.citi.com/passivebio/bcsid.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
427 B (427 bytes)
Hash
62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd

HTTP Headers

GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
content-length: 427
set-cookie: AKMTLTSID=BE90A52F8DC268851B8DFFB651291FB5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/pl-profile.png

104.110.15.25

200 OK

678 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
678 B (678 bytes)
Hash
47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d

HTTP Headers

GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=E69690D1C20C0D48150E941CC1FF89E6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg

104.110.15.25

200 OK

758 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
758 B (758 bytes)
Hash
2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=ADF86F238011777C9C9176AC7BB46C72; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/lang.svg

104.110.15.25

200 OK

1.4 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/lang.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1434 bytes)
Hash
c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784

HTTP Headers

GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=74C64207982B1098738411308989DB2A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-know.png

104.110.15.25

200 OK

547 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
547 B (547 bytes)
Hash
7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb

HTTP Headers

GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=20ADEBA8174C1FA044BADD4AE5D89A16; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-mail.png

104.110.15.25

200 OK

713 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
713 B (713 bytes)
Hash
d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799

HTTP Headers

GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=F0ADA4F2195422F7EE29D9DE35694C9C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/banking-savings.png

104.110.15.25

200 OK

917 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
917 B (917 bytes)
Hash
d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902

HTTP Headers

GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=5DEB11A652DE5F8706D10933CA738215; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-calculator.png

104.110.15.25

200 OK

374 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
374 B (374 bytes)
Hash
2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2

HTTP Headers

GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=EFDB6ACFE0162A284E7FB0F5E359BCF1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-home.png

104.110.15.25

200 OK

515 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
515 B (515 bytes)
Hash
d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3

HTTP Headers

GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=B4A290DCF6ED53FDD10B9540D4687557; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-FP.png

104.110.15.25

200 OK

399 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
399 B (399 bytes)
Hash
4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=EE94C23F340AEB0917022FA43160E67E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-MI.png

104.110.15.25

200 OK

822 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
822 B (822 bytes)
Hash
9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=010F2E72B78617CFCABF8470428434C7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-II.png

104.110.15.25

200 OK

894 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
894 B (894 bytes)
Hash
ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=A072CE76F3DC90D309CA21151C21B17D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranch.png

104.110.15.25

200 OK

697 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
697 B (697 bytes)
Hash
5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=092C217007A537ED29EF178A998B73A2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/WM-conce.png

104.110.15.25

200 OK

819 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
819 B (819 bytes)
Hash
e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38

HTTP Headers

GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=78E90E86C8A48ABE10E6250C3DE595BD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/search.png

104.110.15.25

200 OK

540 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/search.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
540 B (540 bytes)
Hash
2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae

HTTP Headers

GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=2298924822FC77BD619A4A3EFB38A112; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/navigationMobile.png

104.110.15.25

200 OK

137 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
137 B (137 bytes)
Hash
895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d

HTTP Headers

GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=DAD83E3E284CFBC42EBDB666C1B3CE90; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/closeMobile.png

104.110.15.25

200 OK

327 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
327 B (327 bytes)
Hash
e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0

HTTP Headers

GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=B12E70DE26A0FA70ACFCA0DED0B61A07; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png

104.110.15.25

200 OK

888 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
888 B (888 bytes)
Hash
2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=584CA04CA43D0DB934D5A4F4F5839DAB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png

104.110.15.25

200 OK

1.3 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1300 bytes)
Hash
e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a

HTTP Headers

GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=A77AB49D2B12A75EC85136E8EC2A8BC7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

104.110.15.25

200 OK

21 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
21 kB (21180 bytes)
Hash
a7a9a73a978e579f64235bf7ce768235
fc2af74ed45ab50faf2c2e9393ff7218171c59e2
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

HTTP Headers

GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=754EA5566DAC6C94703528C1FC641374; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg

104.110.15.25

200 OK

50 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
50 kB (50031 bytes)
Hash
1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80

HTTP Headers

GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=00CB7D1566D3DF10AACC3C550E280E02; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png

104.110.15.25

200 OK

329 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
329 B (329 bytes)
Hash
15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=61E2A1337CADD3183ED7E1B6BB9C0F76; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png

104.110.15.25

200 OK

840 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
840 B (840 bytes)
Hash
766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=25F36E0AB28D13559914FD731C02155F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png

104.110.15.25

200 OK

808 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
808 B (808 bytes)
Hash
89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=E7E278CB74B5774660D9CB5E67D79378; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js

93.184.220.29

200 OK

471 B

URL HTTP/1.1
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5276
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:02 GMT
Last-Modified: Fri, 02 Dec 2022 02:12:06 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png

104.110.15.25

200 OK

28 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=6B112EFFDB1FEEAB30C778DF2A4DDE5B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=C26D11F62AE81A8A799BD8E4069209B4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/errorLogo.svg

104.110.15.25

200 OK

584 B

URL HTTP/2
online.citi.com/GFC/branding/img/errorLogo.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Size
584 B (584 bytes)
Hash
3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341

HTTP Headers

GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=1D3FE68DA51DBBA294670AB8A1CF7B94; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css

104.110.15.25

200 OK

15 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (342)
Size
15 kB (15298 bytes)
Hash
7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=7767CF29BD7C9700FAEF9CF6FB03A854; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js

104.110.15.25

200 OK

26 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (8207)
Size
26 kB (25945 bytes)
Hash
4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=46DB185D7E55E135B87A9599154939A8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/8763_M1-M7.jpg

104.110.15.25

200 OK

46 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
46 kB (45996 bytes)
Hash
d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4

HTTP Headers

GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=8E9A548F451A39D793DA15403074D708; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg

104.110.15.25

200 OK

35 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
35 kB (35239 bytes)
Hash
5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63

HTTP Headers

GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=9409BB39AF71BC5FE57762F1607E68AE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

104.110.15.25

200 OK

47 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (900)
Size
47 kB (47322 bytes)
Hash
c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd

HTTP Headers

GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=75E60A3FB5F0EC45651EE1E04CB5A127; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

104.110.15.25

200 OK

344 B

URL HTTP/2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1035), with no line terminators
Size
344 B (344 bytes)
Hash
833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c

HTTP Headers

GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 344
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=A648DCAEEE44FE1FA7828F0440566EFA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

104.110.15.25

200 OK

70 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (53390)
Size
70 kB (69731 bytes)
Hash
1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=F490B3E77B3481CE3C33DD1F27ADE3C5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg

104.110.15.25

200 OK

53 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Size
53 kB (52559 bytes)
Hash
ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d

HTTP Headers

GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=61D2845ECE028A941FE7E985880691E4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg

104.110.15.25

200 OK

110 kB

URL HTTP/2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], comment: "Optimized by JPEGmini 3.12.0.2 0x8e6e2aa3", baseline, precision 8, 2160x600, components 3\012- data
Size
110 kB (110256 bytes)
Hash
adc640f5c974f259332776179906a9ba
88aa97730f84a70b8f3ec0df9763797293f6fef9
73bda4635bfa51c64ab47b1fba9a7cb20b6ab3ae44f7c1d2abf78041a9da0fee

HTTP Headers

GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=A6BACDE2A2257F97AF0890770D4F075C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js

104.110.15.25

200 OK

748 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (57530)
Size
748 kB (747501 bytes)
Hash
9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 09:40:02 GMT
date: Fri, 02 Dec 2022 03:40:02 GMT
content-length: 747501
set-cookie: AKMTLTSID=FB3672CCCDC21AABB02365FB2C480872; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=153B15F188B08C2D239CD57384FB6EED; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.165.176.211

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.165.176.211:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CQ6iHZplU1WNvjMn4YQCZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zPrrdjrTikhvvED38Cw2a7WSAEw=

online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=FAAC0190B596C83753CC4A19B3253C9D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=989A53F3EED1776E599A6451D6F3E2A9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=B2EC40EDA873E515D1272697EDE38F88; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/fonts/Interstate-Regular.ttf

104.110.15.25

200 OK

80 kB

URL HTTP/2
online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright (c) 2007 by The Font Bureau, Inc.. All rights reserved.RegularTheFontBureau,Inc:Inters\012- data
Size
80 kB (79753 bytes)
Hash
092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09

HTTP Headers

GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=B17A54A8C650ABC7C23CDD613833F7FE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/card_art/8150_cardArt.png

104.110.15.25

200 OK

76 kB

URL HTTP/2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

HTTP Headers

GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:02 GMT
set-cookie: AKMTLTSID=1F29A55C3DE2E64EB39764A226CE5231; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

104.110.15.25

200 OK

72 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 03:40:03 GMT
content-length: 71874
set-cookie: AKMTLTSID=0A61C46E08FBEBD962F1E304EB368A12; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/loginpage/images/icons/svgs/close.svg

104.110.15.25

200 OK

641 B

URL HTTP/2
online.citi.com/loginpage/images/icons/svgs/close.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Size
641 B (641 bytes)
Hash
dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8

HTTP Headers

GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=F09EC4CC1EA006C6684F4BF56EDBAB76; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/HP8564_M.jpg

104.110.15.25

200 OK

73 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/HP8564_M.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
73 kB (72898 bytes)
Hash
ca6fda0b33ffcd4733ba669c8d52c784
0232c5afd2b6fc6c079d1f15b046bb6a9cff07a9
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

HTTP Headers

GET /JRS/banners/modules/HP8564_M.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
accept-ranges: bytes
content-length: 72898
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=611EEB3B852346A0CCCD43509F6E40F2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg

104.110.15.25

200 OK

499 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
499 B (499 bytes)
Hash
d0d6851fdc21e63eb57af3709578a0dd
2140b733bc5e6a17cdb8537fa8759e06861cbaed
4145e83a3ccffc44dd543b258d3b9ce64e55ac66c56b8f3c8d15a36875a8fc67

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 499
content-type: image/svg+xml
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=B48597B8EF347E46AABF4B7EC8401254; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4952 bytes)
Hash
eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

HTTP Headers

GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=30E9D29634BD81F37CC6F069F4334572; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png

104.110.15.25

200 OK

9.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
9.3 kB (9255 bytes)
Hash
c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a

HTTP Headers

GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=13313A064E8DCBFB4AA42C9E94B2ED46; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png

104.110.15.25

200 OK

8.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
8.3 kB (8272 bytes)
Hash
e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47

HTTP Headers

GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=10D47F9D6BD3A17784B9E942BE4474A8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

104.110.15.25

200 OK

496 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
496 B (496 bytes)
Hash
28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Fri, 02 Dec 2022 03:40:03 GMT
set-cookie: AKMTLTSID=55FC9B628F6DA8279FE3EB7ED2A34DC3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Cookie: cdContextId=1; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:03 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=027210355173e9772a933c6b25a0b7b3; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=5e4a5062c209c535f8253aa70
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

301 Moved Permanently

0 B

URL HTTP/1.1
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Fri, 02 Dec 2022 03:40:03 GMT
Content-Type: text/html; charset=UTF-8

bid.g.doubleclick.net/xbbe/pixel?d=KAE

64.233.162.154

200 OK

0 B

URL HTTP/2
bid.g.doubleclick.net/xbbe/pixel?d=KAE
IP
64.233.162.154:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xbbe/pixel?d=KAE HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 03:40:03 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 03:55:03 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 03:40:03 GMT
cache-control: private
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.1.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 03:40:03 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1622-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669952404.535468,VS0,VE0
Strict-Transport-Security: max-age=31557600

6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?

142.250.74.38

200 OK

265 B

URL HTTP/2
6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?
IP
142.250.74.38:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Size
265 B (265 bytes)
Hash
779b9f3c315255d0d62a1113bfcd7573
152c5e4fe3ab7191b5f2696c9dacaa12bbe33493
03c89c3c2b73e5cd1107d16c408edbd3abb6cecff1b2e78d41ea853cf46c32bb

HTTP Headers

GET /activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB? HTTP/1.1
Host: 6260004.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 03:40:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 265
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 03:55:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.1.175

200 OK

5.2 kB

URL HTTP/2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type
C source, ASCII text, with very long lines (585)
Size
5.2 kB (5197 bytes)
Hash
a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 03:40:03 GMT
via: 1.1 varnish
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669952404.611647,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

142.250.74.34

200 OK

267 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (497), with no line terminators
Size
267 B (267 bytes)
Hash
3d0723e9b30991791d953c41256c98e3
62f93130c92c0141280617c746ec9ef54d69c7e1
7f566075b3d057193f85088cd5992b41d6cab6b96e20e07273fc2e6f99f0d14e

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6260004.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 03:40:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5e4a5062c209c535f8253aa70

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5e4a5062c209c535f8253aa70
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5e4a5062c209c535f8253aa70 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=1; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:03 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7492ec7ac50204b75813827f4
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11951
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:40:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11951
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:40:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11951
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:40:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11951
Expires: Fri, 02 Dec 2022 06:59:14 GMT
Date: Fri, 02 Dec 2022 03:40:03 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 21007
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7722 bytes)
Hash
cd78aa69439c995167f32b8a41a1f4f6
d07d6145182f312f3ed86ecf96b4ffa175416fa0
3b08cf3fad31ee0cf3ee25abc2484fb4283543865a42dfc568b14f9856fd3bb5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7722
x-amzn-requestid: 8d7c4800-6c06-43ed-afa1-94840d42f591
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGy2Gr1IAMFWeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e78-429ae3135d47e3b020c4c7a1;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z8thSamrCRejcAcQEGAp4WpSMzMEvstuZtVpKAjiCH4dyJyf1yihBA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:11 GMT
age: 20992
etag: "d07d6145182f312f3ed86ecf96b4ffa175416fa0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11443 bytes)
Hash
d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 20669
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.7 kB (3711 bytes)
Hash
89e1a735e16f55c78fa75ae434294029
6c56f4015305eff04a99cec9758cd40bf4e5f704
26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 68772438-16c4-40ab-a40e-860425d8301c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGyhHVsIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e76-21d27db6708228002e738938;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JOCSKxy4WUDbS22Gd9BlyN1gmcDsDNlNWnT57KITGlNwfOe_Iaco9g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:59 GMT
age: 21064
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5675 bytes)
Hash
89502a302863c914b4de5e8c6a7f6846
898d50ac6e372609656fccee27de3d036bc0281c
9bc1f83d570d70b7e17e5de7a1546885851431ea989d915852ae7130387c422f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5675
x-amzn-requestid: a47e049a-6f76-4af4-8064-fd7722bcfb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepGYEIAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-09e13afe27c4dc5b44e828be;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_3ah2pFrsQl9IVVqm9EVI99FnF79b9zOUFVBGX966JAjkDg6UF--A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 21127
etag: "898d50ac6e372609656fccee27de3d036bc0281c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7334 bytes)
Hash
498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 19825
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064

23.38.201.22

200 OK

71 B

URL HTTP/2
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP
23.38.201.22:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
71 B (71 bytes)
Hash
988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

HTTP Headers

GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: 487e
date: Fri, 02 Dec 2022 03:40:03 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 03:40:03 GMT
expires: Fri, 02 Dec 2022 03:40:03 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7492ec7ac50204b75813827f4

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7492ec7ac50204b75813827f4
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7492ec7ac50204b75813827f4 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:03 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1100ee62b3345c34f76643891
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTUyNDAxOTk1IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMGViNzI0ODIyMi0wN2RjOTNkMzAyMWUzYjgtYzUwNTQyNS0xNDAwMDAtMTg0ZDBlYjcyNDkyODkiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3ByaW1hcnltZW1iZXJfaWQ9NjY1ZDJjZmQ2NDY0MjYyNmJkZDVkYzYyYSIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYTliZC0zMTFmLWQyOTEtYzVjZC0zNGZkLWI3ZTgtNzA1Ny02MWQxIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5NTI0MDE4NTEiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMzMyLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zNC4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zNC4xIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTUyNDAxODUyLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTUyNDAxOTk1IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMGViNzI0ODIyMi0wN2RjOTNkMzAyMWUzYjgtYzUwNTQyNS0xNDAwMDAtMTg0ZDBlYjcyNDkyODkiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3ByaW1hcnltZW1iZXJfaWQ9NjY1ZDJjZmQ2NDY0MjYyNmJkZDVkYzYyYSIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYTliZC0zMTFmLWQyOTEtYzVjZC0zNGZkLWI3ZTgtNzA1Ny02MWQxIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5NTI0MDE4NTEiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMzMyLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zNC4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zNC4xIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTUyNDAxODUyLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTUyNDAxOTk1IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMGViNzI0ODIyMi0wN2RjOTNkMzAyMWUzYjgtYzUwNTQyNS0xNDAwMDAtMTg0ZDBlYjcyNDkyODkiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3ByaW1hcnltZW1iZXJfaWQ9NjY1ZDJjZmQ2NDY0MjYyNmJkZDVkYzYyYSIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYTliZC0zMTFmLWQyOTEtYzVjZC0zNGZkLWI3ZTgtNzA1Ny02MWQxIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5NTI0MDE4NTEiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMzMyLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zNC4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zNC4xIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTUyNDAxODUyLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:03 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-30nm
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1100ee62b3345c34f76643891

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1100ee62b3345c34f76643891
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1100ee62b3345c34f76643891 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:03 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ab4ca6aa76f134154643cb6e1
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:03 GMT
Etag: "6388d6a7-1d7"
Server: ECS (amb/6B9F)
Content-Length: 471

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

1.3 kB

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (1317), with no line terminators
Size
1.3 kB (1317 bytes)
Hash
e4d7081727cab1e0594e4b789d56b817
41f65bf844529e0f3a50e2fe989ab2322289c5c2
ff12aaf363819126fd3c831ce15b37344b80daecb552b21c2eb5a56058532880

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 1317
date: Fri, 02 Dec 2022 03:40:03 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: f85f496e-75fc-4599-9f71-0fb12ed73bfa
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ab4ca6aa76f134154643cb6e1

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ab4ca6aa76f134154643cb6e1
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ab4ca6aa76f134154643cb6e1 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f8612beda7a808f0fc8a3481f
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=467569,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773109fa2d44b511-OSL

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f8612beda7a808f0fc8a3481f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f8612beda7a808f0fc8a3481f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f8612beda7a808f0fc8a3481f HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=19f8e24b723b505c4ac41bb25
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8d42dbe45d28e98140b7b8e7337916c2
702722d1219f8037f75a0dc9e24936bf7d454533
987efb6ca64818d45978d4bb1ea0557f9531f57f757922ddecad760c854fc0ae

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38

35.244.174.68

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP
35.244.174.68:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 03:40:04 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 03:40:04 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

142.250.74.174

200 OK

3.7 kB

URL HTTP/1.1
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3328)
Size
3.7 kB (3714 bytes)
Hash
dc9379c280fe0182da5b6b7913097c77
089822dbfd67ec027ab31f76218f611ed94bbad0
93c6e708d7ba587f755e50a887981e7f571295b56674f6e75d7cecdfe749dc62

HTTP Headers

GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: gws
Cache-Control: private
Content-Length: 3714
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googleadservices.com/pagead/conversion_async.js

142.250.74.162

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15190 bytes)
Hash
f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 02 Dec 2022 03:40:04 GMT
expires: Fri, 02 Dec 2022 03:40:04 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

coprwanda.com/favicon.ico

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/favicon.ico
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0a1d5284b3d787c93a2b21b68
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=467569,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773109ff1dc6b503-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=353403,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773109fe8828b511-OSL

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html

54.230.111.57

200 OK

221 B

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:37:34 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Dfaq7JD5Rr4OhOm_hi9T7ZrgQQH2HSnQVQf0NnTYCp2WX3Cl2g-qsQ==
age: 68551
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2127bde04ad44ce578c974ce17014430
0671da7ac6281e7666378aec875006158b784931
e7353f4f5fdb557bbc3ed7b6c74c9a79d1bb7ef966f5bd471382feb82234bd93

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 03:40:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=19f8e24b723b505c4ac41bb25

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=19f8e24b723b505c4ac41bb25
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=19f8e24b723b505c4ac41bb25 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7e5e80d33253b964eb99646da
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.57

200 OK

3.2 kB

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 23:01:12 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uXO4MrEAcGQk50ga8HcjqPFiPffoAO1Y34PrmvIJhnAvg8qgCtG4jg==
age: 16733
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=462438,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773109febdaa0afe-OSL

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html

54.230.111.21

200 OK

221 B

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 09:33:10 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9PuUG-2u5rvk_G8yp1obM35P0Qln81q4RN4nablCM-wmO6U7gtEPfQ==
age: 65215
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=467569,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773109ff08df1c16-OSL

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7e5e80d33253b964eb99646da

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7e5e80d33253b964eb99646da
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7e5e80d33253b964eb99646da HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=58c0ba1887e12af707f528163
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.21

200 OK

3.2 kB

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:56:21 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LE2QSEJQ-6VNj3Yzh7tTmGiYvj3qCrwQ0YdgWQGCQgJE1Xxt-Ogv4g==
age: 67424
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f07d466e5636137d87db67fc37a6cea2
a93119333ee5d23a2478b0ee8de00ccd3c2a4566
e23351d29471681b4d657f516dc2cde485ae17dccefb3d60747025e022efccd8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 23:15:46 GMT
Expires: Thu, 08 Dec 2022 23:15:45 GMT
Etag: "a93119333ee5d23a2478b0ee8de00ccd3c2a4566"
Cache-Control: max-age=588340,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773109fefd3fb50b-OSL

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html

54.230.111.12

200 OK

221 B

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 07:42:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bI2cW6yrCPGosJcR5RqL2Rdv_kzRFMPDT8tEurGJDcPQJx4dHn7GTg==
age: 71842
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=58c0ba1887e12af707f528163

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=58c0ba1887e12af707f528163
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=58c0ba1887e12af707f528163 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c0a7721bfedc46242ec26e92d
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.godaddy.com/

192.124.249.41

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.41:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
17e8b57e2ed803f201575cbf9698c46d
8e1ed4174e47647af89ddbc05e8435fcca63b783
3c7f4d3402133ea425f971977cddca84554c81e1113aa92388d89a6a64f7b5b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 03:40:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 20:34:38 GMT
Expires: Fri, 02 Dec 2022 20:34:38 GMT
ETag: "8e1ed4174e47647af89ddbc05e8435fcca63b783"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.12

200 OK

3.2 kB

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UP9r6jsdDKpccsp2JqF8SgcevF_ExUi04Bz8HhEHRXOdT7r1-xf1Pw==
age: 42398
X-Firefox-Spdy: h2

coprwanda.com/login.php?primarymember_id=0a1d5284b3d787c93a2b21b68

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
coprwanda.com/login.php?primarymember_id=0a1d5284b3d787c93a2b21b68
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

HTTP Headers

GET /login.php?primarymember_id=0a1d5284b3d787c93a2b21b68 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 03:40:04 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c0a7721bfedc46242ec26e92d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c0a7721bfedc46242ec26e92d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c0a7721bfedc46242ec26e92d HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1c745004db95cba8537ca3644
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
35355c7c41e1287116519033640655f1
77966e581078d9f9f98217f490974e94689193de
f6c839fa20804c9b519a74fc998cd8b4ef0d7cbb2a60fe416218ede9ec70fbdc

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3296
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 03:40:04 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 00ade748-51cd-4983-a661-6d3d3f0159a5
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1c745004db95cba8537ca3644

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1c745004db95cba8537ca3644
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1c745004db95cba8537ca3644 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8f209e5cc05ca27ea0c4c5f5a
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=8f209e5cc05ca27ea0c4c5f5a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=8f209e5cc05ca27ea0c4c5f5a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=8f209e5cc05ca27ea0c4c5f5a HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=83fa2ab4dd279d98dfa8cf029
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=83fa2ab4dd279d98dfa8cf029

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=83fa2ab4dd279d98dfa8cf029
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=83fa2ab4dd279d98dfa8cf029 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1280e4eda2ad70b35a7502ec8
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1280e4eda2ad70b35a7502ec8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1280e4eda2ad70b35a7502ec8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1280e4eda2ad70b35a7502ec8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=59152c1d2bac7fd2d4aae91ae
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=59152c1d2bac7fd2d4aae91ae

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=59152c1d2bac7fd2d4aae91ae
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=59152c1d2bac7fd2d4aae91ae HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4c28424f34911f935af0845af
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4c28424f34911f935af0845af

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4c28424f34911f935af0845af
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4c28424f34911f935af0845af HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b3771fb38d55274a651b32ca6
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
2e2c12e5c3ae940c43c8a973425097a7
b6d55525d583943048501bc2d15a34f03edd2cba
6e7b434e0718c34cf0f1344fe3aeac45c90ecf1e24abfaefd7cd35f129596611

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1448
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 03:40:06 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: c905fce0-b976-497b-8ccb-9d26893f9a9f
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b3771fb38d55274a651b32ca6

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b3771fb38d55274a651b32ca6
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b3771fb38d55274a651b32ca6 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5815f854af00b45d52076c086
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5815f854af00b45d52076c086

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5815f854af00b45d52076c086
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5815f854af00b45d52076c086 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a045a08ef9c1aacce8d04e1e8
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a045a08ef9c1aacce8d04e1e8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a045a08ef9c1aacce8d04e1e8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a045a08ef9c1aacce8d04e1e8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=38792b66dcdd32278513dc7bb
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=38792b66dcdd32278513dc7bb

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=38792b66dcdd32278513dc7bb
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=38792b66dcdd32278513dc7bb HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=09280345c9e9a0eda813124a8
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09280345c9e9a0eda813124a8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09280345c9e9a0eda813124a8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09280345c9e9a0eda813124a8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=67824b49f4577c6aa0cb086ac
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57

13.89.105.232

204 No Content

0 B

URL HTTP/2
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP
13.89.105.232:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/sendLogs?cid=cedric&cdsnum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Fri, 02 Dec 2022 03:40:07 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00
Content-Length: 0

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1b8481e9d5e290b3ea8e276d8
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1b8481e9d5e290b3ea8e276d8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1b8481e9d5e290b3ea8e276d8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=1b8481e9d5e290b3ea8e276d8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e74a6416d327d966fefc8a5ae
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e74a6416d327d966fefc8a5ae

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e74a6416d327d966fefc8a5ae
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=e74a6416d327d966fefc8a5ae HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1aeec9122a18888649fe8e7e3
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1aeec9122a18888649fe8e7e3

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1aeec9122a18888649fe8e7e3
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=1aeec9122a18888649fe8e7e3 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b4438a4406ce24ec9b2882601
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b4438a4406ce24ec9b2882601

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b4438a4406ce24ec9b2882601
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b4438a4406ce24ec9b2882601 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f3e43f92f97cd1f26a7ce6e96
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f3e43f92f97cd1f26a7ce6e96

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f3e43f92f97cd1f26a7ce6e96
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=f3e43f92f97cd1f26a7ce6e96 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1b9143779c0841ea90d8dff79
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1b9143779c0841ea90d8dff79

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1b9143779c0841ea90d8dff79
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=1b9143779c0841ea90d8dff79 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8a7bdbac2f0f950fb879a31a2
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8a7bdbac2f0f950fb879a31a2

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8a7bdbac2f0f950fb879a31a2
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=8a7bdbac2f0f950fb879a31a2 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=586bd8d3227643aca6ecded4f
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=586bd8d3227643aca6ecded4f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=586bd8d3227643aca6ecded4f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=586bd8d3227643aca6ecded4f HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=338be2d22467225418c6402f8
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=338be2d22467225418c6402f8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=338be2d22467225418c6402f8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=338be2d22467225418c6402f8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=cb1182db993b362e6a58eb033
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cb1182db993b362e6a58eb033

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=cb1182db993b362e6a58eb033
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=cb1182db993b362e6a58eb033 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=3c677673d9708275f327ea163
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=3c677673d9708275f327ea163

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=3c677673d9708275f327ea163
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=3c677673d9708275f327ea163 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6fea524a73c2f3423ba6812f5
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=6fea524a73c2f3423ba6812f5

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=6fea524a73c2f3423ba6812f5
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=6fea524a73c2f3423ba6812f5 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b3745e0199f78d0493c7e17d9
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b3745e0199f78d0493c7e17d9

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b3745e0199f78d0493c7e17d9
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b3745e0199f78d0493c7e17d9 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=98b0ebecf83a9a35989b3956f
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=98b0ebecf83a9a35989b3956f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=98b0ebecf83a9a35989b3956f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=98b0ebecf83a9a35989b3956f HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=74b0515666d111301401c02de
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=74b0515666d111301401c02de

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=74b0515666d111301401c02de
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=74b0515666d111301401c02de HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1475e8f13eb976567ec2c137b
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1475e8f13eb976567ec2c137b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1475e8f13eb976567ec2c137b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=1475e8f13eb976567ec2c137b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=809132e0374994b7f64128de6
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=809132e0374994b7f64128de6

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=809132e0374994b7f64128de6
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=809132e0374994b7f64128de6 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c017e8289a27df35e395ceeab
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c017e8289a27df35e395ceeab

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c017e8289a27df35e395ceeab
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c017e8289a27df35e395ceeab HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=01f631184c2d011a54d43b097
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=01f631184c2d011a54d43b097

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=01f631184c2d011a54d43b097
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=01f631184c2d011a54d43b097 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=665d2cfd64642626bdd5dc62a
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669952401441-C2514013-16C9-4B4D-BB3D-503ADCEBFC9A; PHPSESSID=027210355173e9772a933c6b25a0b7b3; count=0; kampyle_userid=a9bd-311f-d291-c5cd-34fd-b7e8-7057-61d1; kampyleUserSession=1669952401851; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d0eb7248222-07dc93d3021e3b8-c505425-140000-184d0eb7249289; cdSNum=1669952404059-sjn0000896-1bb8d8c1-1ec9-4f7e-beb9-348f25314f00

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 03:40:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=eacbdbc94cf39cb49f4e6c301
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (53)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations