Report - mail.coprwanda.com/login.php?primarymember

Report Overview

Submitted URL
mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
IP
192.185.105.9
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-12-02 15:25:52
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citi

Detections

urlquery
44
Network Intrusion Detection
0
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	106 kB	142.250.74.132
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	666 B	1.1 kB	216.58.207.226
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	6.3 kB	151.101.193.175
di.rlcdn.com	2196	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	192 B	35.244.174.68
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	6.1 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
online.citi.com	23902	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	29 kB	1.2 MB	104.110.15.25
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	8.4 kB	142.250.74.131
stags.bluekai.com	471	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	426 B	23.38.201.22
1.b406929acabac9b095f124c81bdfcf57f.com	75277	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.12
www.googleadservices.com	107	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	16 kB	142.250.74.130
bid.g.doubleclick.net	497	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	488 B	809 B	142.251.1.156
1.c81358859121583b7adf2ace89cb39f44.com	75217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.64
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	2.3 kB	192.124.249.23
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	902 B	67 kB	151.101.65.230
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	970 B	444 B	35.190.60.146
cse.google.com	2642	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	318 B	4.2 kB	142.250.74.174
1.a79ab95c1589a13f8a4cab612bc71f9f7.com	75111	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.21
contents1.00110.citi.com	34217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	216 B	13.89.105.232
mail.coprwanda.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	38 kB	146 kB	192.185.105.9
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.38.198.114
adservice.google.com	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	674 B	947 B	142.250.74.130
contents2.00110.citi.com	32534	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.6 kB	52.154.174.214
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.7 kB	104.18.32.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986	Phishing
2022-12-02	medium	mail.coprwanda.com/login.php?primarymember_id=16a16060b99aa0b394a75accd	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a	Phishing
2022-12-02	medium	mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (51)

	URL	Size	First Seen	Last Seen
	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js	9.1 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen23 Hash 828b253bebc00cf5985f885442fa5ea8 9f02b35e1acd3be7f6063693fd6e31d4fe010109 eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	60 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bc7247cf39fab48b4350f02e88aeb96f 4d23a7bf9ac7b5e035ae05b03ec4d332fc8feaf3 f44ae2b913df243a9f434e4843f12c6fbd219bafe09e404ee33c2099fd5a8d2f Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	494 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 0d581029ec07c06226cdb87413887e8c b43ebbb551358c7d2ffaced6599b09a4f471d635 68eb0c8baed5acd7a6f96d01c70ab092f24705d05f6ac63906e03281c8648da4 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	55 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fe2b22226d89eba331c98169afbe248 5d6863f5b3b2ead7cda62892a357f54453f32e9b 7f06045984d0bd219b82b6f040069ed2e2e1c06209db06ba3573a146628970b6 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.65.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.65.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js	1.0 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash e60f5e310d559ee60d3247be9d5ca100 34e78dc5b40ce2a94567389bfd6e04abf43b90b9 9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead Loading...

	1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html	87 B	2023-03-07	2023-04-05
Pretty URL 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html IP 54.230.111.12 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2023-04-05 01:48:21 Times Seen54 Hash 2e4d7d52e5909922bf021f1cc09b8932 dc20df92c388423464243e53c7a378f0016effc9 0242c236e7c83d9c9d5281fc2614b82c4bf516e7e2552c4e042ecbf9fcf45027 Loading...

	online.citi.com/GFC/branding/olab/js/oo_engine.min.js	43 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/olab/js/oo_engine.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 9cf707489677b29ec6136aa27089ba09 5b37eb42f3a40a12670240452ee73f62f92b2fb2 1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	51 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a3b9a45219bb8e76e0b6428a3c2252a7 f3acae083611bddf944dd5b99ffc9401ecb29411 d0a5a93cb1f2f7daefdf72c4da8680aab2c242b9cf555052afa9c0cd56917f07 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	1.4 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bd392e918e0e8f71f814f5a4553a6ead 2eb7f3a1108af3e041fbb338376a313c73611026 c8deb517a69abf7d437eba4b4e4915f30afd61faf052449f014e8cafc7129e15 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	78 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 349e88b7caa0dff4eaf84621885aa4f3 4d887106cc4facf29b36c387a6804f1cc9248654 9db261bd1461cfc312dd6f9c4bc524a49091d299e4391c63877032b55f2596a0 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	124 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a19f3867a2e4f194d61def3b27607ba6 70c9c6e28e1cadc1f6b5323e27193805d4eae52b 027658d5326a774db4e4a4980c91809057d23cfc74657a7afbab30f232f53862 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	861 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 3b39fb878bb8cc0ef702b00f28ce06a2 1800f2414e094aafbc22d21f887e2c2ae0936c39 1a26e59588d3cb2703eca3a097a8ea943076219db045142fdaa1079f5077326c Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	55 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d5f6a35c544a7ddd317d05e7269f2d91 261918e10ca6bcdb237e0721f18f9ff7bb17c661 c2cc4fb4f8c58dc26361fa9861e3f0a8c37f575e9a01ca6ab41918933a45f73c Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	3.8 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash b7c621311d20eb07f9505c83f2e93a78 7e88e8057e7ff83e4debfc93f9003ec7b6057de7 3e8e3a7b51aa3cb440686ef7fa0309f2bb8e348f89e37819481dc7629f7868c9 Loading...

	online.citi.com/passivebio/bcsid.js	947 B	2023-03-07	2024-03-02
Pretty URL online.citi.com/passivebio/bcsid.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen22 Hash 502011c839f5e3bbbdf1003b724e06be d038be2dc3b9e0472222e530a6939f7ebe1f474b 7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-08	2023-03-11
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.130 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:43 Last Seen2023-03-11 23:52:27 Times Seen1 Hash aa380446f88c1288203b55faad15a0df 6724fbaffe1828ffd0ffaa56769630709b2fdfad 4f0fa35c5a44677cc0a678f03795032aa862275dc29e978a84a2ee41ef267c10 Loading...

	www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D	310 kB	2023-03-08	2023-03-12
Pretty URL www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:46 Last Seen2023-03-12 17:38:18 Times Seen1 Hash cd4dcf60325693e64ff3fe71cfb84a58 e724160941156849e66b5cec3d0fd0dbfeefd266 535b8af88e270a20f4ae2174218d6b90ffd7fb780215a2f911629455d6c8201e Loading...

	1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js	3.2 kB	2023-03-07	2024-04-23
Pretty URL 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js IP 54.230.111.12 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2024-04-23 23:40:55 Times Seen5052 Hash 9ee48a4da9c402e8a23ad085fb71f28f f0c59306d6313f9bee02b53ca8903991bd24bfd7 9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	1.7 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d6d17a43da3e8376e35530332e97ca5a b4d7317b19925744db8006d3607847291b8c2d11 89d52e9a2628894ca01a5df1ae1e1837d8d1845687c97f70626835be863ef80f Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	6.5 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash f15ea50d63999ebf748246ffa6809deb 3ab1fd500e2c2ebaa7b6cacd40558f72b3db819a 145cd772b8f26c7980cc0e655ae0d338eba3e2c9312f98682c20fd5d52aa0a55 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	5.7 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 372c44408865733816a82d39409c0b30 85316d59e1d674e0dd03a7f0feb5d8c2b611001f 4f56b58340bbcff64bcbd1d6705293f8f68fdc68ae08c4d47f56522444cc7dd9 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	712 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash 71382f8e6ef9bf2ed5d915ae803c5c7f 0c64d7a89e77aa6b2325ca12b8fe87548d6b2850 2c2cdc3431ed006f6ec8457b9c0718d0e1ca18839e87b9de7fb3b3f1661b4329 Loading...

	online.citi.com/JSO/js/fp.min.js	15 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JSO/js/fp.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen40 Hash e0bd1cc6312c34c2d4a57142ef0a7b08 02ce3ece5c0f0a50f473c46380aee484467453d0 c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	487 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash eae83f0684e7579652eb0933e38369e9 12d00f19d6d36c928c9d2b70b4c6f7b2e6846e0a 2d71826129cbe83e37a07a4d9c204830f4973e601adcaa8683a741d992e96a24 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	169 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 41f78ec36c8e88fbf2baaf7035a8f84f 1545242efbd33a18adf2b0645decdc0c20d31e5d f22d5a40edfbfba3e5a6197f9eb94801f8402801e2ef2822dfd24ebb4022c49b Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	1.2 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 36aa1dfcdce2b986fd9f0db34c4fa706 d08814a707dec3e918bab14f17667fbd9d97d252 899f1b5bb146380ef5919bbc7e765fad6ee9ef236df7dff4db370dfb19e70f98 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	5.4 kB	2023-03-07	2023-03-26
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2023-03-26 11:20:09 Times Seen3 Hash ccc559ecd3592536380cada140c43a86 6c31ba55d693e0327c8be6aab39264045dfc89d0 9fadbb54ce0d3d5250f3a6e96ea0dbb5bc729f7936c56bdb606bb2310ede0b57 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	1.4 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 523300c546ce8ca360e71c0fb0dd814e 02f79ba80ee8c0382712f839f96bc756d26ccf00 aed2528851ae42ae6d46422c6ea1f1a4f80f5a12d8da6ba4faf47ba31d535f00 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	1.5 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 80225a3b19dfe27804d23ede3e982551 48bc3baa82a3339b937f30c04a30296654a1e998 ca689295a05fa095b9c7805118d78203b18020fcba72a0b84b819eaf52e042b1 Loading...

	online.citi.com/TMX/TMXProfiling.js	1.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/TMX/TMXProfiling.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen34 Hash 0ff04f7aa700fb377b4a1a7f9f431b21 32f63ce9172fad37c97fe3d680373a5247c2bd54 157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa Loading...

	nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js	14 kB	2023-03-07	2024-04-03
Pretty URL nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js IP 151.101.193.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:04 Last Seen2024-04-03 19:28:22 Times Seen175 Hash 80dd5e3be5152c5c72d552c6a26ef6ff a019565ce06f5b1c129af9ac0e9cfa82f52dcdea 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	684 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b380284e2b4750a3f8510c3f26e3b560 2283ef2ae152c81fb1a5d606562708d09ed4d19a 8d91289c12695cf4e74f0a67724c8d857f5dff3e39dbe51b9c7b7d1389c7814e Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 00:13:38 Times Seen37050895 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	online.citi.com/personalization/peworkflow.min.js	5.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/personalization/peworkflow.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash 95e4214ba481e0482f80ba7f16966e5b 59a2c377906e189d7f4a962f76f427eb6f1edc79 690146b8ff7699810daa66f43ce7d006f74a143dea4a27bb0cb9c054dddadeee Loading...

	online.citi.com/GFC/branding/responsivebranding/js/main.js	34 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/responsivebranding/js/main.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash c0ddec2b38e31940c334f2484005e156 6400269d39b45e4a70747dc53dee46a4847c5de3 9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda Loading...

	online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js	13 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 67fd9bb7be1fea04c09753fcdab15974 207b8cec60851c99ebdda47a19cd8a032acc0c47 b95fb980f8f91f1c113d3411d3fbf608e143bf4d10fe0706bb6d2231f13bd228 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	2.2 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8eedca5e0fcb1a64188322773e36df8f e432b6c6b69b3cacfb651c47ae491e0639ff451b 68c52647c1464b6ed288e2f0599fc247410d6f1aa1ef55f2f38a5b97b86cc704 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	359 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b12406eac48ade2690f28ac5c9f718dc 57c0461b4deb5149b8f0e858f5f5229458fc8b0c 142489ac6853636288983970739a610112ef91ac6043a389995fe55af272902f Loading...

	online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js	6.2 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen33 Hash 42dcf708ed86de23deaaea0446fd9c38 1d25fe5aea16f13a83452f02be95bec22af3b5ac 629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	357 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fbf9db9d94876430883163dc4daf526 750066ce478bbe33c8549eba66f1b5d904887cdd a48f476e46cb1bf35c51fd3d0e2bd13934be3d651578dfd92d58031a604f3ab9 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	435 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8c44d43f489e4df9faf23c5f7c082749 587508ee3c25156acd49c1c5381183cf28cde15d 4516f2146b415294de73a3cfdb656e831c1f768ed83e02e0523ab0e3b62ead7c Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	169 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 66ca5e714ab1f2abc641e1a7d48f8718 9c1e2c0ba39d05d105c37bf884bc1a3f2bc9cbc3 76dd133f3a42824740d3c84f9420ac45c4626dc34ae2fde827bc48c63361ee46 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff	8.8 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash 90f96fe21a87fad1db5e9400e1dd4992 04bf5396b008ed5c09f975a0ac4439daeb0a7c10 7281fd5f764158ae3ddd8d3745d09c71f32c8459ed2cb07cc9098279f06e9f5d Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js	3.0 kB	2023-03-07	2024-02-11
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-02-11 09:44:08 Times Seen1 Hash 1130041570009de4132935c54abacb7d 767afd3e881378ae9eee4c9f6e705022c17a358e 694c74b00db3aae929ade1622b456591187454fd61f06daef7fca081b01adc07 Loading...

	cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu	10 kB	2023-03-08	2023-03-08
Pretty URL cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:51 Last Seen2023-03-08 14:39:51 Times Seen1 Hash 553368c8b62642e6f17ac4598142c6b2 67ed2799cd74ccf311c6dd46468504053d012102 0a0e56b585f1739c4c2d7a0a2f15d92f0f49f81f9a7b45f24ed8f90fcf50cf8d Loading...

	online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js	65 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash ffa4ec65e36a6626d9494401fe52ad0c 50fde09885fdb9f1814b950fa25992e4d9a04ba6 f1821b3865a1008ba0c088f7dc5c7eeb6b81e414461885c40b8d0f48fcbc9341 Loading...

HTTP Transactions (183)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13927
Expires: Fri, 02 Dec 2022 19:15:48 GMT
Date: Fri, 02 Dec 2022 15:23:41 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1303
Cache-Control: max-age=156557
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 10:52:58 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 15:18:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 329
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11911
Expires: Fri, 02 Dec 2022 18:42:12 GMT
Date: Fri, 02 Dec 2022 15:23:41 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: if2YSmydichcQSeaZv6cRElCRicxjDU696XvpMpx4BPy4jbfGq1YOY8TATqEYo1A3fW4AYlUilc=
x-amz-request-id: 7MMQ6DDY4ZGN2AA3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 14:46:44 GMT
age: 2217
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 15:23:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?primarymember_id=e4ce8e9ce691e19feafe92cff HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css

104.110.15.25

200 OK

3.7 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.7 kB (3733 bytes)
Hash
912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=72C6A4130AABEAEB138DE81FDD623206; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

online.citi.com/loginpage/styles/homePage.min.css

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/loginpage/styles/homePage.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (24793), with no line terminators
Size
5.0 kB (5046 bytes)
Hash
8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506

HTTP Headers

GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=DCDFE5798B3CF13EBD1CA64CFFEBB3B9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

104.110.15.25

200 OK

2.9 kB

URL HTTP/2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5928)
Size
2.9 kB (2905 bytes)
Hash
f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05

HTTP Headers

GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=05A5708D5809AB356CC1DDB94DFA13EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D

142.250.74.132

200 OK

92 kB

URL HTTP/2
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1560)
Size
92 kB (92399 bytes)
Hash
9aeb1c4b79656b106c74f75f0659e55e
fa088f735b11435c1898df5d8de153e32973ad4b
860254f9f9946d31e68a5864324badfd3bbb8dc8e8b95f7569cd911af2db602d

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 10:27:45 GMT
expires: Thu, 30 Nov 2023 10:27:45 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 190556
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

online.citi.com/JSO/js/fp.min.js

104.110.15.25

200 OK

4.3 kB

URL HTTP/2
online.citi.com/JSO/js/fp.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (13962)
Size
4.3 kB (4322 bytes)
Hash
37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982

HTTP Headers

GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=4A6D1A3659F67BD29F195F9C8F6B51C9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

www.google.com/cse/static/style/look/v4/default.css

142.250.74.132

200 OK

1.3 kB

URL HTTP/2
www.google.com/cse/static/style/look/v4/default.css
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.3 kB (1345 bytes)
Hash
b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132

HTTP Headers

GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 15:13:11 GMT
expires: Fri, 02 Dec 2022 16:03:11 GMT
cache-control: public, max-age=3000
age: 630
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css

104.110.15.25

200 OK

337 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1265), with no line terminators
Size
337 B (337 bytes)
Hash
7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=244706186E1B5009425ADF73508C7C86; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css

142.250.74.132

200 OK

9.0 kB

URL HTTP/2
www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
9.0 kB (9032 bytes)
Hash
c7cbebedd348978dba3901d8cc83e90d
da9da15b749bbbea07de2147b1c09ff9cf6ee05b
8d6777b76a124d852a680f4d5e42f9b6abfefbc70253b120ed7f3a44aec9e1c2

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 20:58:58 GMT
expires: Mon, 27 Nov 2023 20:58:58 GMT
cache-control: public, max-age=31536000
age: 411883
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

104.110.15.25

200 OK

65 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (65509)
Size
65 kB (64910 bytes)
Hash
68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=5CF700E90515D920030DDC4E0A62847F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/BiocatchATO.js

104.110.15.25

200 OK

114 kB

URL HTTP/2
online.citi.com/passivebio/BiocatchATO.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (63756)
Size
114 kB (114417 bytes)
Hash
9248242d277a48e0e26b2b6aef3ce590
54c170a425a237fff13a351380d3ebc13eecb7fe
dffd94cd4d4979a7844ab3e348357a918ba4d92a07e1e20ce583295c136b6d88

HTTP Headers

GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3100C17B499924833819C29663728E77; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/bcsid.js

104.110.15.25

200 OK

427 B

URL HTTP/2
online.citi.com/passivebio/bcsid.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
427 B (427 bytes)
Hash
62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd

HTTP Headers

GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
content-length: 427
set-cookie: AKMTLTSID=B410CDAA5175DABD63BEF0CDC03076E8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/pl-profile.png

104.110.15.25

200 OK

678 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
678 B (678 bytes)
Hash
47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d

HTTP Headers

GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=6A96AB2E8388A11DF7555D8D78A4BC3B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg

104.110.15.25

200 OK

758 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
758 B (758 bytes)
Hash
2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3247764A92249140638E3C72E9C00658; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/lang.svg

104.110.15.25

200 OK

1.4 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/lang.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1434 bytes)
Hash
c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784

HTTP Headers

GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=30030706D4E2A441053D229D7A8FD737; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-know.png

104.110.15.25

200 OK

547 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
547 B (547 bytes)
Hash
7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb

HTTP Headers

GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=5FEA1C4E7F7B5640F56120290DD69B1F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-mail.png

104.110.15.25

200 OK

713 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
713 B (713 bytes)
Hash
d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799

HTTP Headers

GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=29598948CAB66FF88D0E8BDFBC10F069; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png

151.101.65.230

200 OK

2.2 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP
151.101.65.230:0
ASN
#54113 FASTLY

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2219 bytes)
Hash
f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068

HTTP Headers

GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:23:41 GMT
via: 1.1 varnish
age: 899588
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669994622.586393,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js

151.101.65.230

200 OK

63 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP
151.101.65.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (44679)
Size
63 kB (63129 bytes)
Hash
2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3

HTTP Headers

GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:23:41 GMT
via: 1.1 varnish
age: 88223
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669994622.586450,VS0,VE2
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/banking-savings.png

104.110.15.25

200 OK

917 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
917 B (917 bytes)
Hash
d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902

HTTP Headers

GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A3F880E61493753BEE72AAE68F46B57B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-calculator.png

104.110.15.25

200 OK

374 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
374 B (374 bytes)
Hash
2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2

HTTP Headers

GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=45FCB75F37EE71D6C080505EE20A9383; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-home.png

104.110.15.25

200 OK

515 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
515 B (515 bytes)
Hash
d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3

HTTP Headers

GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=2719F9FDD70A686025830303CEE843BD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-FP.png

104.110.15.25

200 OK

399 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
399 B (399 bytes)
Hash
4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=8442DDB65311A49E26D58BF307DA1584; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-MI.png

104.110.15.25

200 OK

822 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
822 B (822 bytes)
Hash
9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=68221D1944A503EB6F953DAC33F4242A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-II.png

104.110.15.25

200 OK

894 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
894 B (894 bytes)
Hash
ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=88388D028E1E49298701D1A70C634DEA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranch.png

104.110.15.25

200 OK

697 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
697 B (697 bytes)
Hash
5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=D0769FB20F68FD775363A0D1AB10EF99; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/WM-conce.png

104.110.15.25

200 OK

819 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
819 B (819 bytes)
Hash
e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38

HTTP Headers

GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A9F4DC41852AB928DBE892027A1E04E5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/search.png

104.110.15.25

200 OK

540 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/search.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
540 B (540 bytes)
Hash
2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae

HTTP Headers

GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3DA4E0875D862858328D416A22B0FB8D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/navigationMobile.png

104.110.15.25

200 OK

137 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
137 B (137 bytes)
Hash
895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d

HTTP Headers

GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=F7B589C4906E3781A7DA689C1AFCFAF4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/closeMobile.png

104.110.15.25

200 OK

327 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
327 B (327 bytes)
Hash
e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0

HTTP Headers

GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=8B2C25B8F3A87D19761BF21B60CA558A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png

104.110.15.25

200 OK

888 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
888 B (888 bytes)
Hash
2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A4F181DFEB3B388D0EC9B7D1B55F90A0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png

104.110.15.25

200 OK

1.3 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1300 bytes)
Hash
e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a

HTTP Headers

GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=4760CB37E3F47C35BEA288AF48BB9EBE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 15:11:15 GMT
cache-control: public,max-age=3600
age: 746
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/main.css

104.110.15.25

200 OK

7.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (47574), with no line terminators
Size
7.3 kB (7313 bytes)
Hash
3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682

HTTP Headers

GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=47F39F7370BDFA5F0C411E7637C82097; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css

104.110.15.25

200 OK

15 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (342)
Size
15 kB (15298 bytes)
Hash
7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3C9DBCA7A3E53DC26B6AE583505AD57C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

104.110.15.25

200 OK

21 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
21 kB (21180 bytes)
Hash
a7a9a73a978e579f64235bf7ce768235
fc2af74ed45ab50faf2c2e9393ff7218171c59e2
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

HTTP Headers

GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=02516C0F40E671E7FA74AAB9E66ACF48; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GPS/portal/css/cobrowse_overlay.css

104.110.15.25

200 OK

1.6 kB

URL HTTP/2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.6 kB (1597 bytes)
Hash
48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449

HTTP Headers

GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=753AB07B3E69EB9616D845A2F1BC71DF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/olab/js/oo_engine.min.js

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32021)
Size
12 kB (11704 bytes)
Hash
4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090

HTTP Headers

GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=EC40F82C9EF5DAB6AFC8FB26378469CE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js

104.110.15.25

200 OK

18 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (65331), with no line terminators
Size
18 kB (17670 bytes)
Hash
2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=50E84D19E6022230D15C5170CEDF16F6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/main.js

104.110.15.25

200 OK

8.0 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/main.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Size
8.0 kB (7957 bytes)
Hash
6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee

HTTP Headers

GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=514DD00C8E01102B26647A457FC6FD00; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js

104.110.15.25

200 OK

1.0 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3018), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=DC76744718F2CF4B876C04D34D26B0B2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js

104.110.15.25

200 OK

3.0 kB

URL HTTP/2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
3.0 kB (3030 bytes)
Hash
cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0

HTTP Headers

GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=38AB2953806F6D2084B9B36E81993D46; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/TMX/TMXProfiling.js

104.110.15.25

200 OK

546 B

URL HTTP/2
online.citi.com/TMX/TMXProfiling.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
546 B (546 bytes)
Hash
8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2

HTTP Headers

GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=F2ADF6F0F3C0B33D7F79F7D8B1808D64; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js

104.110.15.25

200 OK

31 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (368)
Size
31 kB (30559 bytes)
Hash
51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538

HTTP Headers

GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A6864E4E5AA27A1E1FA181DD644836F2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/card_art/8150_cardArt.png

104.110.15.25

200 OK

45 kB

URL HTTP/2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Size
45 kB (45386 bytes)
Hash
d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0

HTTP Headers

GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=BEC0FCBCDC758DAEBB19DC71C01AC3E3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png

104.110.15.25

200 OK

329 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
329 B (329 bytes)
Hash
15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=B3A3FD51EF01A96A3FFDE591456FA26F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png

104.110.15.25

200 OK

840 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
840 B (840 bytes)
Hash
766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A708516D56DD6EDB5C7817F2E5F61064; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png

104.110.15.25

200 OK

808 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
808 B (808 bytes)
Hash
89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=5B1BA34E765DFC16EBB0AD18F349EF93; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=2667620ADFF7F4028F04FDBF3FFC7E39; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

104.110.15.25

200 OK

70 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (53390)
Size
70 kB (69731 bytes)
Hash
1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A592B21E749A3495CE4F640E1EA3FB33; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js

104.110.15.25

200 OK

62 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (7824)
Size
62 kB (61658 bytes)
Hash
72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
content-length: 61658
set-cookie: AKMTLTSID=18A4E313C112C133671565D7190489BF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg

104.110.15.25

200 OK

53 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Size
53 kB (52559 bytes)
Hash
ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d

HTTP Headers

GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=0BBC35559F4331EE52440E6CB848D486; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/8763_M1-M7.jpg

104.110.15.25

200 OK

46 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
46 kB (45996 bytes)
Hash
d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4

HTTP Headers

GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=781506126BA8D01F770A76D32C0D49F2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg

104.110.15.25

200 OK

35 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
35 kB (35239 bytes)
Hash
5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63

HTTP Headers

GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=AF1AD8A3CA569BC05A93414924AAF613; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg

104.110.15.25

200 OK

50 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
50 kB (50031 bytes)
Hash
1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80

HTTP Headers

GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=F201F39BEFD89E16D1298355A1F98E28; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png

104.110.15.25

200 OK

28 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=2DF56827A1BBF415A0C527F50836D35D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1298
Cache-Control: max-age=151490
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:28:32 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

104.110.15.25

200 OK

47 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (900)
Size
47 kB (47322 bytes)
Hash
c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd

HTTP Headers

GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:42 GMT
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=F0AD2F5EDDD78BAFE6AB6AC7D65E6E13; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=AF314EB8C9972C9BE833F334BD45DE29; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js

104.110.15.25

200 OK

26 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (8207)
Size
26 kB (25945 bytes)
Hash
4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=773657A17643D69458632476B3E9D73F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

104.110.15.25

200 OK

344 B

URL HTTP/2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1035), with no line terminators
Size
344 B (344 bytes)
Hash
833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c

HTTP Headers

GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 344
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:42 GMT
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=320FFCF0ADE55F1AA1653824BB7E2BCA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=DA49018EBF60A33BF477E2BA56D4A757; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=B2063A7CE657B322F542003D406C4736; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/errorLogo.svg

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/GFC/branding/img/errorLogo.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=23D818C1D122A9BF93E082C82B8808D2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.38.198.114

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.198.114:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o8+UtyuHjmocWdL1OBtTfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EdwgaOVRdpsT+sgQEevxrc1NaJU=

online.citi.com/JFP/fonts/Interstate-Regular.ttf

104.110.15.25

200 OK

80 kB

URL HTTP/2
online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright (c) 2007 by The Font Bureau, Inc.. All rights reserved.RegularTheFontBureau,Inc:Inters\012- data
Size
80 kB (79753 bytes)
Hash
092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09

HTTP Headers

GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=099E089C30163D41E2845B4B5AFB4DFA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/loginpage/images/icons/svgs/close.svg

104.110.15.25

200 OK

641 B

URL HTTP/2
online.citi.com/loginpage/images/icons/svgs/close.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Size
641 B (641 bytes)
Hash
dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8

HTTP Headers

GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=C1EF580E99A9F287FD6B3E15DF39C672; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

104.110.15.25

200 OK

145 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
145 kB (144772 bytes)
Hash
7d92ca85edb95254e68da10b9a487988
88d3215e6ecf682711b1e445b1c71f1683de62b6
f0d3dbeb2e3d5f9caa0ab5fb42dcaecdd12433c345dcad65eb051e561f2e4fd5

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=FDC5CA0C15ED7A07614712A60A7AF895; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

104.110.15.25

200 OK

76 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (76037 bytes)
Hash
e1b92482866ea052f3ffcdbff6e66ad5
ce7a650075da89bbd11e6a7b6743a410286d3973
3d4509cc1b1b3d560129ceff5ba770b0026e4aa2861349e0242cb4838855b584

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=E7444144380406A3A49C4C8645651D4B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4952 bytes)
Hash
eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

HTTP Headers

GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=49261A0AD92E0DC828A8BC165A47EA1D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png

104.110.15.25

200 OK

9.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
9.3 kB (9255 bytes)
Hash
c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a

HTTP Headers

GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=6C0D691C78E22FA622BA27B27768AC69; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png

104.110.15.25

200 OK

8.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
8.3 kB (8272 bytes)
Hash
e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47

HTTP Headers

GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=57D4CF9C865333CEB6A02259544DF23C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

104.110.15.25

200 OK

496 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
496 B (496 bytes)
Hash
28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=451F242FB95CC1D380DB2601377B6AF0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

301 Moved Permanently

0 B

URL HTTP/1.1
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Fri, 02 Dec 2022 15:23:42 GMT
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Cookie: cdContextId=1; cdContextId=1; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=09a5e7a40338f77e3cdacd79f
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.193.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.193.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 15:23:42 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1679-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669994623.660237,VS0,VE0
Strict-Transport-Security: max-age=31557600

bid.g.doubleclick.net/xbbe/pixel?d=KAE

142.251.1.156

200 OK

0 B

URL HTTP/2
bid.g.doubleclick.net/xbbe/pixel?d=KAE
IP
142.251.1.156:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xbbe/pixel?d=KAE HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 15:23:42 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 15:38:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 15:23:42 GMT
cache-control: private
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064

23.38.201.22

200 OK

71 B

URL HTTP/2
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP
23.38.201.22:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
71 B (71 bytes)
Hash
988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

HTTP Headers

GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: fa16
date: Fri, 02 Dec 2022 15:23:42 GMT
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js

104.110.15.25

200 OK

265 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
data
Size
265 B (265 bytes)
Hash
779b9f3c315255d0d62a1113bfcd7573
152c5e4fe3ab7191b5f2696c9dacaa12bbe33493
03c89c3c2b73e5cd1107d16c408edbd3abb6cecff1b2e78d41ea853cf46c32bb

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
content-length: 747501
set-cookie: AKMTLTSID=8F2B07D57A5937D74B5752A8A036AB3A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.193.175

200 OK

5.2 kB

URL HTTP/2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.193.175:0
ASN
#54113 FASTLY

File type
C source, ASCII text, with very long lines (585)
Size
5.2 kB (5197 bytes)
Hash
a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:23:42 GMT
via: 1.1 varnish
x-served-by: cache-bma1639-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669994623.749936,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=1; cdContextId=1; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f299c167e479cdb4044993814
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6112
Cache-Control: max-age=96521
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Etag: "6388d6a7-1d7"
Expires: Sat, 03 Dec 2022 18:12:23 GMT
Last-Modified: Thu, 01 Dec 2022 16:30:31 GMT
Server: ECS (amb/6BB0)
X-Cache: HIT
Content-Length: 471

online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=E5BB0872BDA225A9507633DF390E744C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=938c7f906fc8b7337aa2321ac
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

142.250.74.130

200 OK

267 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (497), with no line terminators
Size
267 B (267 bytes)
Hash
3d0723e9b30991791d953c41256c98e3
62f93130c92c0141280617c746ec9ef54d69c7e1
7f566075b3d057193f85088cd5992b41d6cab6b96e20e07273fc2e6f99f0d14e

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6260004.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:23:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

1.3 kB

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (1317), with no line terminators
Size
1.3 kB (1317 bytes)
Hash
68cffbf18dc82c7acf21385e34da4a53
0adf82878d0545052bf2be842a90567a263410eb
ee5e574ea0a388c716c64186d33a17e2233f1bf9dcf80b3a900b829054b3ccb9

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 1317
date: Fri, 02 Dec 2022 15:23:41 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: e5fa81dc-23a9-46f0-98aa-9859ba49f864
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0a81d91ce6e1274e73054fc1f
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f07d466e5636137d87db67fc37a6cea2
a93119333ee5d23a2478b0ee8de00ccd3c2a4566
e23351d29471681b4d657f516dc2cde485ae17dccefb3d60747025e022efccd8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 23:15:46 GMT
Expires: Thu, 08 Dec 2022 23:15:45 GMT
Etag: "a93119333ee5d23a2478b0ee8de00ccd3c2a4566"
Cache-Control: max-age=546121,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510ba380efabc-OSL

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html

54.230.111.12

200 OK

221 B

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 13:14:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RCBOSJYJnNnRyV5pqb9zNXCoa1ZXv--qlpn_AxACZ2URb4k_A3qeTQ==
age: 7741
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

216.58.207.226

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:23:43 GMT
expires: Fri, 02 Dec 2022 15:23:43 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.12

200 OK

3.2 kB

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -8OuXzDLBVxmIJ-mO5mwMxyP4BBKdlXNPZ4NmXajvATWWGPgU2HcEg==
age: 84616
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9a29df1bfd60de761e9ed713c
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
488ae2d5dfe09e6e60f015a2aee68e2c
b4e89be8882463d4415ff42b7f2bd66e4e43597e
fc07c95ad31735a244ec7a2f5e5a304b09051d5986190158597405230e65d792

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

142.250.74.174

200 OK

3.7 kB

URL HTTP/1.1
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3328)
Size
3.7 kB (3713 bytes)
Hash
dce96cf76ac4046c46944a52004058da
be33b60732e888482ec3c95c059fec8fd3ea0a7e
b09f4d61c5d867a130cd4a7f41a3ec13b74f876d246c1dfe93021d493497e2c1

HTTP Headers

GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: gws
Cache-Control: private
Content-Length: 3713
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googleadservices.com/pagead/conversion_async.js

142.250.74.130

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15190 bytes)
Hash
f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:23:43 GMT
expires: Fri, 02 Dec 2022 15:23:43 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a9bdfccd1df3e323e28d92aea1077409
4625fbbbbb614755a86dabddfaf40e99b3934ba6
8020fb77bd7e1b8cc3e2fed030e59d004e720c61162046fc93285c1ca07c0e66

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=420219,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510ba3b070b69-OSL

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html

54.230.111.21

200 OK

221 B

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g1YFoTECdbOMwwlW6wHOiJ4otQhWq9hZN7qbA6g8ew0l7xQejtSRaw==
age: 85597
X-Firefox-Spdy: h2

mail.coprwanda.com/favicon.ico

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/favicon.ico
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=16a16060b99aa0b394a75accd
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=311184,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510ba4befb4e8-OSL

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html

54.230.111.64

200 OK

221 B

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Fri, 02 Dec 2022 08:40:32 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1H98R4BvyXuXjN3qQ5gE-eHKY8RO2URJr98ZPtGYSLEwIarTPapGVg==
age: 24192
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510b75949fac4-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510bb189bfabc-OSL

di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38

35.244.174.68

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP
35.244.174.68:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 15:23:43 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.21

200 OK

3.2 kB

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XfJ0IBarirCJ-llo7U_R0aZkanKYESXrCEWJL_0M60c4kwvLHalN4A==
age: 85597
X-Firefox-Spdy: h2

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.64

200 OK

3.2 kB

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 23:01:12 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S2DNEte3_saaU32EM2LT2bdSn_E5dbu9SOw0ozGbnqYh8WPBv0SMyQ==
age: 58952
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 33775
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8863 bytes)
Hash
156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 16346
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 15:23:43 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11443 bytes)
Hash
d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 62889
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 36208
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6564 bytes)
Hash
58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 64136
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10270 bytes)
Hash
4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 62993
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.23

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
17e8b57e2ed803f201575cbf9698c46d
8e1ed4174e47647af89ddbc05e8435fcca63b783
3c7f4d3402133ea425f971977cddca84554c81e1113aa92388d89a6a64f7b5b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 20:34:38 GMT
Expires: Fri, 02 Dec 2022 20:34:38 GMT
ETag: "8e1ed4174e47647af89ddbc05e8435fcca63b783"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=77ac6b97edd9efafc8b12f986
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510bcedd40b69-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510bd3869b4e8-OSL

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=949d5198217cb849636d85ee2
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/login.php?primarymember_id=16a16060b99aa0b394a75accd

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
mail.coprwanda.com/login.php?primarymember_id=16a16060b99aa0b394a75accd
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?primarymember_id=16a16060b99aa0b394a75accd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=955a0414e924ec0dc7796969b
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
6a41558044c3aef50b0f76b6d94ba03b
070979d17453f23204054751253cb983a59d8aac
5bafd78fb0b7c019dea302ddd57627f60fee2d3195142474e3af8e420d0c0ad8

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3360
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 15:23:41 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: a18c1d42-c486-4e7c-9cb9-9212ffa2d9c8
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b60b5374816e03c7bfc917574
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=86934602894e1dd2df95de2ba
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2fb844d81199e4dc9e4df47f2
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9cc8dfc656ce028658f069534
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=511519e707c1f7dad7fc0507f
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
ef94c80eda0ad333871949b941bd3e61
38095b11ee064cfa2d9e53dd6645f18019136817
476363414194e76fd4cc152fe9bd2bcb301f0860ec08afd4165d2142cc94bdbc

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1236
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 15:23:44 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 8c2e6d34-8166-4209-a67b-c2ef1c249b15
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a1ca3b32a7f674f02567f4359
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f19bb91168959bb9cc876b589
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7c85442d42b5358c6b6aea14a
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=87c04759847d2e941eb005100
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57

13.89.105.232

204 No Content

0 B

URL HTTP/2
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP
13.89.105.232:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/sendLogs?cid=cedric&cdsnum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 908
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Fri, 02 Dec 2022 15:23:45 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
Content-Length: 0

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bc6d12168a088ebf08873d9c7
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bc6d12168a088ebf08873d9c7

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bc6d12168a088ebf08873d9c7
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=bc6d12168a088ebf08873d9c7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=75d51a79270be025b5d0c6bbb
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=75d51a79270be025b5d0c6bbb

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=75d51a79270be025b5d0c6bbb
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=75d51a79270be025b5d0c6bbb HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2022db571848fc2e76ace09a6
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2022db571848fc2e76ace09a6

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2022db571848fc2e76ace09a6
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=2022db571848fc2e76ace09a6 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=86ad0c491cfd7929360a5adcb
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=86ad0c491cfd7929360a5adcb

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=86ad0c491cfd7929360a5adcb
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=86ad0c491cfd7929360a5adcb HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9a288f9152e40291bb38240c2
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a288f9152e40291bb38240c2

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a288f9152e40291bb38240c2
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=9a288f9152e40291bb38240c2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ed3d0ac3c790c786666c2c170
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ed3d0ac3c790c786666c2c170

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ed3d0ac3c790c786666c2c170
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ed3d0ac3c790c786666c2c170 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0f03c6cf0630892074acf2b2c
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0f03c6cf0630892074acf2b2c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0f03c6cf0630892074acf2b2c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0f03c6cf0630892074acf2b2c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9a587753ae88ad2a282de8c88
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a587753ae88ad2a282de8c88

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a587753ae88ad2a282de8c88
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=9a587753ae88ad2a282de8c88 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0bb18fe44f72662799ca937ec
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0bb18fe44f72662799ca937ec

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0bb18fe44f72662799ca937ec
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0bb18fe44f72662799ca937ec HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f98337751cb8be0b15b149831
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f98337751cb8be0b15b149831

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f98337751cb8be0b15b149831
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=f98337751cb8be0b15b149831 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ae3f22b0fcda946b61a23e257
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ae3f22b0fcda946b61a23e257

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ae3f22b0fcda946b61a23e257
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ae3f22b0fcda946b61a23e257 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7922661570e7fab83faf24742
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=7922661570e7fab83faf24742

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=7922661570e7fab83faf24742
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=7922661570e7fab83faf24742 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=605782ad0dac240458c11269c
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=605782ad0dac240458c11269c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=605782ad0dac240458c11269c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=605782ad0dac240458c11269c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c401201a46159562c7ca2e90c
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c401201a46159562c7ca2e90c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c401201a46159562c7ca2e90c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c401201a46159562c7ca2e90c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c354b261ae162401595e7e22e
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c354b261ae162401595e7e22e

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c354b261ae162401595e7e22e
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c354b261ae162401595e7e22e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2c655aca38ded71232e51f9b9
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2c655aca38ded71232e51f9b9

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2c655aca38ded71232e51f9b9
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=2c655aca38ded71232e51f9b9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=89d54906a009ecb32f8c7d005
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=89d54906a009ecb32f8c7d005

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=89d54906a009ecb32f8c7d005
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=89d54906a009ecb32f8c7d005 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0a49063c0e0a49b7f720d322b
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0a49063c0e0a49b7f720d322b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0a49063c0e0a49b7f720d322b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0a49063c0e0a49b7f720d322b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4978d91db11b5accecccbfc46
Content-Length: 0
Keep-Alive: timeout=5, max=34
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (51)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations