r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13927
Expires: Fri, 02 Dec 2022 19:15:48 GMT
Date: Fri, 02 Dec 2022 15:23:41 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1303
Cache-Control: max-age=156557
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 10:52:58 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 15:18:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 329
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11911
Expires: Fri, 02 Dec 2022 18:42:12 GMT
Date: Fri, 02 Dec 2022 15:23:41 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: if2YSmydichcQSeaZv6cRElCRicxjDU696XvpMpx4BPy4jbfGq1YOY8TATqEYo1A3fW4AYlUilc=
x-amz-request-id: 7MMQ6DDY4ZGN2AA3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 14:46:44 GMT
age: 2217
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 15:23:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
192.185.105.9200 OK 65 kB URL HTTP/1.1 mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
Analyzer Verdict Alert fortinet Phishing
GET /login.php?primarymember_id=e4ce8e9ce691e19feafe92cff HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
104.110.15.25200 OK 3.7 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP 104.110.15.25:0
Hash 912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069
GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=72C6A4130AABEAEB138DE81FDD623206; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 621
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Last-Modified: Fri, 02 Dec 2022 15:13:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/loginpage/styles/homePage.min.css
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/loginpage/styles/homePage.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (24793), with no line terminators
Hash 8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506
GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=DCDFE5798B3CF13EBD1CA64CFFEBB3B9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
104.110.15.25200 OK 2.9 kB URL HTTP/2 online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5928)
Hash f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05
GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=05A5708D5809AB356CC1DDB94DFA13EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
142.250.74.132200 OK 92 kB URL HTTP/2 www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP 142.250.74.132:0
File type ASCII text, with very long lines (1560)
Hash 9aeb1c4b79656b106c74f75f0659e55e
fa088f735b11435c1898df5d8de153e32973ad4b
860254f9f9946d31e68a5864324badfd3bbb8dc8e8b95f7569cd911af2db602d
GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 10:27:45 GMT
expires: Thu, 30 Nov 2023 10:27:45 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 190556
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.citi.com/JSO/js/fp.min.js
104.110.15.25200 OK 4.3 kB URL HTTP/2 online.citi.com/JSO/js/fp.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (13962)
Hash 37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982
GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=4A6D1A3659F67BD29F195F9C8F6B51C9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
www.google.com/cse/static/style/look/v4/default.css
142.250.74.132200 OK 1.3 kB URL HTTP/2 www.google.com/cse/static/style/look/v4/default.css
IP 142.250.74.132:0
Hash b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132
GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 15:13:11 GMT
expires: Fri, 02 Dec 2022 16:03:11 GMT
cache-control: public, max-age=3000
age: 630
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
104.110.15.25200 OK 337 B URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (1265), with no line terminators
Hash 7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b
GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=244706186E1B5009425ADF73508C7C86; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
142.250.74.132200 OK 9.0 kB URL HTTP/2 www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
IP 142.250.74.132:0
Hash c7cbebedd348978dba3901d8cc83e90d
da9da15b749bbbea07de2147b1c09ff9cf6ee05b
8d6777b76a124d852a680f4d5e42f9b6abfefbc70253b120ed7f3a44aec9e1c2
GET /cse/static/element/a57bc5975bc720b0/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 20:58:58 GMT
expires: Mon, 27 Nov 2023 20:58:58 GMT
cache-control: public, max-age=31536000
age: 411883
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
104.110.15.25200 OK 65 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP 104.110.15.25:0
File type Unicode text, UTF-8 text, with very long lines (65509)
Hash 68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d
GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=5CF700E90515D920030DDC4E0A62847F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/passivebio/BiocatchATO.js
104.110.15.25200 OK 114 kB URL HTTP/2 online.citi.com/passivebio/BiocatchATO.js
IP 104.110.15.25:0
File type Unicode text, UTF-8 text, with very long lines (63756)
Size 114 kB (114417 bytes)
Hash 9248242d277a48e0e26b2b6aef3ce590
54c170a425a237fff13a351380d3ebc13eecb7fe
dffd94cd4d4979a7844ab3e348357a918ba4d92a07e1e20ce583295c136b6d88
GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3100C17B499924833819C29663728E77; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/passivebio/bcsid.js
104.110.15.25200 OK 427 B URL HTTP/2 online.citi.com/passivebio/bcsid.js
IP 104.110.15.25:0
Hash 62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd
GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
content-length: 427
set-cookie: AKMTLTSID=B410CDAA5175DABD63BEF0CDC03076E8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
104.110.15.25200 OK 678 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d
GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=6A96AB2E8388A11DF7555D8D78A4BC3B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
104.110.15.25200 OK 758 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f
GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3247764A92249140638E3C72E9C00658; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/lang.svg
104.110.15.25200 OK 1.4 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/lang.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784
GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=30030706D4E2A441053D229D7A8FD737; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
104.110.15.25200 OK 547 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb
GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=5FEA1C4E7F7B5640F56120290DD69B1F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
104.110.15.25200 OK 713 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799
GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=29598948CAB66FF88D0E8BDFBC10F069; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
151.101.65.230200 OK 2.2 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP 151.101.65.230:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068
GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:23:41 GMT
via: 1.1 varnish
age: 899588
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669994622.586393,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
151.101.65.230200 OK 63 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP 151.101.65.230:0
File type Unicode text, UTF-8 text, with very long lines (44679)
Hash 2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3
GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:23:41 GMT
via: 1.1 varnish
age: 88223
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669994622.586450,VS0,VE2
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
104.110.15.25200 OK 917 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP 104.110.15.25:0
File type PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902
GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A3F880E61493753BEE72AAE68F46B57B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
104.110.15.25200 OK 374 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2
GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=45FCB75F37EE71D6C080505EE20A9383; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
104.110.15.25200 OK 515 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3
GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=2719F9FDD70A686025830303CEE843BD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
104.110.15.25200 OK 399 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP 104.110.15.25:0
File type PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c
GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=8442DDB65311A49E26D58BF307DA1584; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
104.110.15.25200 OK 822 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP 104.110.15.25:0
File type PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b
GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=68221D1944A503EB6F953DAC33F4242A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
104.110.15.25200 OK 894 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0
GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=88388D028E1E49298701D1A70C634DEA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
104.110.15.25200 OK 697 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP 104.110.15.25:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987
GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=D0769FB20F68FD775363A0D1AB10EF99; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
104.110.15.25200 OK 819 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38
GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A9F4DC41852AB928DBE892027A1E04E5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/search.png
104.110.15.25200 OK 540 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/search.png
IP 104.110.15.25:0
File type PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae
GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3DA4E0875D862858328D416A22B0FB8D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
104.110.15.25200 OK 137 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d
GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=F7B589C4906E3781A7DA689C1AFCFAF4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
104.110.15.25200 OK 327 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0
GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=8B2C25B8F3A87D19761BF21B60CA558A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
104.110.15.25200 OK 888 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58
GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A4F181DFEB3B388D0EC9B7D1B55F90A0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
104.110.15.25200 OK 1.3 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a
GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=4760CB37E3F47C35BEA288AF48BB9EBE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 15:11:15 GMT
cache-control: public,max-age=3600
age: 746
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main.css
104.110.15.25200 OK 7.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (47574), with no line terminators
Hash 3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682
GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=47F39F7370BDFA5F0C411E7637C82097; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
104.110.15.25200 OK 15 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (342)
Hash 7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae
GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=3C9DBCA7A3E53DC26B6AE583505AD57C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
104.110.15.25200 OK 21 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash a7a9a73a978e579f64235bf7ce768235
fc2af74ed45ab50faf2c2e9393ff7218171c59e2
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=02516C0F40E671E7FA74AAB9E66ACF48; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
104.110.15.25200 OK 1.6 kB URL HTTP/2 online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP 104.110.15.25:0
Hash 48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449
GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=753AB07B3E69EB9616D845A2F1BC71DF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (32021)
Hash 4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090
GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=EC40F82C9EF5DAB6AFC8FB26378469CE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
104.110.15.25200 OK 18 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (65331), with no line terminators
Hash 2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439
GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=50E84D19E6022230D15C5170CEDF16F6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/main.js
104.110.15.25200 OK 8.0 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/main.js
IP 104.110.15.25:0
File type HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Hash 6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee
GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=514DD00C8E01102B26647A457FC6FD00; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
104.110.15.25200 OK 1.0 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (3018), with no line terminators
Hash fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5
GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=DC76744718F2CF4B876C04D34D26B0B2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
104.110.15.25200 OK 3.0 kB URL HTTP/2 online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP 104.110.15.25:0
Hash cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0
GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=38AB2953806F6D2084B9B36E81993D46; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/TMX/TMXProfiling.js
104.110.15.25200 OK 546 B URL HTTP/2 online.citi.com/TMX/TMXProfiling.js
IP 104.110.15.25:0
Hash 8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2
GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=F2ADF6F0F3C0B33D7F79F7D8B1808D64; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
104.110.15.25200 OK 31 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (368)
Hash 51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538
GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A6864E4E5AA27A1E1FA181DD644836F2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
104.110.15.25200 OK 45 kB URL HTTP/2 online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP 104.110.15.25:0
File type PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Hash d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0
GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=BEC0FCBCDC758DAEBB19DC71C01AC3E3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
104.110.15.25200 OK 329 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP 104.110.15.25:0
File type PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b
GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=B3A3FD51EF01A96A3FFDE591456FA26F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
104.110.15.25200 OK 840 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP 104.110.15.25:0
File type PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5
GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A708516D56DD6EDB5C7817F2E5F61064; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
104.110.15.25200 OK 808 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP 104.110.15.25:0
File type PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b
GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=5B1BA34E765DFC16EBB0AD18F349EF93; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP 104.110.15.25:0
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=2667620ADFF7F4028F04FDBF3FFC7E39; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
104.110.15.25200 OK 70 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (53390)
Hash 1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851
GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=A592B21E749A3495CE4F640E1EA3FB33; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
104.110.15.25200 OK 62 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (7824)
Hash 72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
content-length: 61658
set-cookie: AKMTLTSID=18A4E313C112C133671565D7190489BF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
104.110.15.25200 OK 53 kB URL HTTP/2 online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Hash ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d
GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=0BBC35559F4331EE52440E6CB848D486; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
104.110.15.25200 OK 46 kB URL HTTP/2 online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4
GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=781506126BA8D01F770A76D32C0D49F2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
104.110.15.25200 OK 35 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63
GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=AF1AD8A3CA569BC05A93414924AAF613; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
104.110.15.25200 OK 50 kB URL HTTP/2 online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80
GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=F201F39BEFD89E16D1298355A1F98E28; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
104.110.15.25200 OK 28 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP 104.110.15.25:0
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=2DF56827A1BBF415A0C527F50836D35D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1298
Cache-Control: max-age=151490
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:28:32 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
104.110.15.25200 OK 47 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (900)
Hash c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd
GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:42 GMT
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=F0AD2F5EDDD78BAFE6AB6AC7D65E6E13; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=AF314EB8C9972C9BE833F334BD45DE29; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
104.110.15.25200 OK 26 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (8207)
Hash 4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=773657A17643D69458632476B3E9D73F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
104.110.15.25200 OK 344 B URL HTTP/2 online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (1035), with no line terminators
Hash 833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c
GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 344
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:42 GMT
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=320FFCF0ADE55F1AA1653824BB7E2BCA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=DA49018EBF60A33BF477E2BA56D4A757; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=B2063A7CE657B322F542003D406C4736; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/errorLogo.svg
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/GFC/branding/img/errorLogo.svg
IP 104.110.15.25:0
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=23D818C1D122A9BF93E082C82B8808D2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.38.198.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.198.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o8+UtyuHjmocWdL1OBtTfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EdwgaOVRdpsT+sgQEevxrc1NaJU=
online.citi.com/JFP/fonts/Interstate-Regular.ttf
104.110.15.25200 OK 80 kB URL HTTP/2 online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP 104.110.15.25:0
File type TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright (c) 2007 by The Font Bureau, Inc.. All rights reserved.RegularTheFontBureau,Inc:Inters\012- data
Hash 092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09
GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=099E089C30163D41E2845B4B5AFB4DFA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/loginpage/images/icons/svgs/close.svg
104.110.15.25200 OK 641 B URL HTTP/2 online.citi.com/loginpage/images/icons/svgs/close.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Hash dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8
GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=C1EF580E99A9F287FD6B3E15DF39C672; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
104.110.15.25200 OK 145 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP 104.110.15.25:0
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size 145 kB (144772 bytes)
Hash 7d92ca85edb95254e68da10b9a487988
88d3215e6ecf682711b1e445b1c71f1683de62b6
f0d3dbeb2e3d5f9caa0ab5fb42dcaecdd12433c345dcad65eb051e561f2e4fd5
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=FDC5CA0C15ED7A07614712A60A7AF895; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
104.110.15.25200 OK 76 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP 104.110.15.25:0
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash e1b92482866ea052f3ffcdbff6e66ad5
ce7a650075da89bbd11e6a7b6743a410286d3973
3d4509cc1b1b3d560129ceff5ba770b0026e4aa2861349e0242cb4838855b584
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=E7444144380406A3A49C4C8645651D4B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP 104.110.15.25:0
File type PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Hash eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=49261A0AD92E0DC828A8BC165A47EA1D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
104.110.15.25200 OK 9.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP 104.110.15.25:0
File type PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a
GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=6C0D691C78E22FA622BA27B27768AC69; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
104.110.15.25200 OK 8.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP 104.110.15.25:0
File type PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47
GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=57D4CF9C865333CEB6A02259544DF23C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
104.110.15.25200 OK 496 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:23:42 GMT
set-cookie: AKMTLTSID=451F242FB95CC1D380DB2601377B6AF0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
35.190.60.146301 Moved Permanently 0 B URL HTTP/1.1 sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP 35.190.60.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Fri, 02 Dec 2022 15:23:42 GMT
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Cookie: cdContextId=1; cdContextId=1; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=09a5e7a40338f77e3cdacd79f
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.193.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.193.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 15:23:42 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1679-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669994623.660237,VS0,VE0
Strict-Transport-Security: max-age=31557600
bid.g.doubleclick.net/xbbe/pixel?d=KAE
142.251.1.156200 OK 0 B URL HTTP/2 bid.g.doubleclick.net/xbbe/pixel?d=KAE
IP 142.251.1.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=KAE HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 15:23:42 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 15:38:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 15:23:42 GMT
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
23.38.201.22200 OK 71 B URL HTTP/2 stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP 23.38.201.22:0
File type HTML document text\012- HTML document, ASCII text
Hash 988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: fa16
date: Fri, 02 Dec 2022 15:23:42 GMT
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
104.110.15.25200 OK 265 B URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP 104.110.15.25:0
Hash 779b9f3c315255d0d62a1113bfcd7573
152c5e4fe3ab7191b5f2696c9dacaa12bbe33493
03c89c3c2b73e5cd1107d16c408edbd3abb6cecff1b2e78d41ea853cf46c32bb
GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:23:41 GMT
date: Fri, 02 Dec 2022 15:23:41 GMT
content-length: 747501
set-cookie: AKMTLTSID=8F2B07D57A5937D74B5752A8A036AB3A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.193.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.193.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:23:42 GMT
via: 1.1 varnish
x-served-by: cache-bma1639-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669994623.749936,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=09a5e7a40338f77e3cdacd79f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=1; cdContextId=1; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f299c167e479cdb4044993814
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6112
Cache-Control: max-age=96521
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:42 GMT
Etag: "6388d6a7-1d7"
Expires: Sat, 03 Dec 2022 18:12:23 GMT
Last-Modified: Thu, 01 Dec 2022 16:30:31 GMT
Server: ECS (amb/6BB0)
X-Cache: HIT
Content-Length: 471
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP 104.110.15.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:23:41 GMT
set-cookie: AKMTLTSID=E5BB0872BDA225A9507633DF390E744C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f299c167e479cdb4044993814 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=938c7f906fc8b7337aa2321ac
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
142.250.74.130200 OK 267 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (497), with no line terminators
Hash 3d0723e9b30991791d953c41256c98e3
62f93130c92c0141280617c746ec9ef54d69c7e1
7f566075b3d057193f85088cd5992b41d6cab6b96e20e07273fc2e6f99f0d14e
GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6260004.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:23:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 1.3 kB URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1317), with no line terminators
Hash 68cffbf18dc82c7acf21385e34da4a53
0adf82878d0545052bf2be842a90567a263410eb
ee5e574ea0a388c716c64186d33a17e2233f1bf9dcf80b3a900b829054b3ccb9
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 1317
date: Fri, 02 Dec 2022 15:23:41 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: e5fa81dc-23a9-46f0-98aa-9859ba49f864
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=938c7f906fc8b7337aa2321ac HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0a81d91ce6e1274e73054fc1f
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash f07d466e5636137d87db67fc37a6cea2
a93119333ee5d23a2478b0ee8de00ccd3c2a4566
e23351d29471681b4d657f516dc2cde485ae17dccefb3d60747025e022efccd8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 23:15:46 GMT
Expires: Thu, 08 Dec 2022 23:15:45 GMT
Etag: "a93119333ee5d23a2478b0ee8de00ccd3c2a4566"
Cache-Control: max-age=546121,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510ba380efabc-OSL
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
54.230.111.12200 OK 221 B URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP 54.230.111.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 13:14:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RCBOSJYJnNnRyV5pqb9zNXCoa1ZXv--qlpn_AxACZ2URb4k_A3qeTQ==
age: 7741
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
216.58.207.226200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:23:43 GMT
expires: Fri, 02 Dec 2022 15:23:43 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.12200 OK 3.2 kB URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.12:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -8OuXzDLBVxmIJ-mO5mwMxyP4BBKdlXNPZ4NmXajvATWWGPgU2HcEg==
age: 84616
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0a81d91ce6e1274e73054fc1f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9a29df1bfd60de761e9ed713c
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 488ae2d5dfe09e6e60f015a2aee68e2c
b4e89be8882463d4415ff42b7f2bd66e4e43597e
fc07c95ad31735a244ec7a2f5e5a304b09051d5986190158597405230e65d792
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
142.250.74.174200 OK 3.7 kB URL HTTP/1.1 cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP 142.250.74.174:0
File type ASCII text, with very long lines (3328)
Hash dce96cf76ac4046c46944a52004058da
be33b60732e888482ec3c95c059fec8fd3ea0a7e
b09f4d61c5d867a130cd4a7f41a3ec13b74f876d246c1dfe93021d493497e2c1
GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: gws
Cache-Control: private
Content-Length: 3713
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion_async.js
142.250.74.130200 OK 15 kB URL HTTP/2 www.googleadservices.com/pagead/conversion_async.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (1654)
Hash f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921
GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:23:43 GMT
expires: Fri, 02 Dec 2022 15:23:43 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a9bdfccd1df3e323e28d92aea1077409
4625fbbbbb614755a86dabddfaf40e99b3934ba6
8020fb77bd7e1b8cc3e2fed030e59d004e720c61162046fc93285c1ca07c0e66
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:23:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=420219,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510ba3b070b69-OSL
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
54.230.111.21200 OK 221 B URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP 54.230.111.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g1YFoTECdbOMwwlW6wHOiJ4otQhWq9hZN7qbA6g8ew0l7xQejtSRaw==
age: 85597
X-Firefox-Spdy: h2
mail.coprwanda.com/favicon.ico
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/favicon.ico
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /favicon.ico HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=16a16060b99aa0b394a75accd
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=311184,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510ba4befb4e8-OSL
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9a29df1bfd60de761e9ed713c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
54.230.111.64200 OK 221 B URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP 54.230.111.64:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Fri, 02 Dec 2022 08:40:32 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1H98R4BvyXuXjN3qQ5gE-eHKY8RO2URJr98ZPtGYSLEwIarTPapGVg==
age: 24192
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510b75949fac4-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510bb189bfabc-OSL
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
35.244.174.68451 Unavailable For Legal Reasons 0 B URL HTTP/2 di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 15:23:43 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:23:43 GMT
Connection: keep-alive
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.21200 OK 3.2 kB URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.21:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XfJ0IBarirCJ-llo7U_R0aZkanKYESXrCEWJL_0M60c4kwvLHalN4A==
age: 85597
X-Firefox-Spdy: h2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.64200 OK 3.2 kB URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.64:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 23:01:12 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S2DNEte3_saaU32EM2LT2bdSn_E5dbu9SOw0ozGbnqYh8WPBv0SMyQ==
age: 58952
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 33775
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 16346
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
35.190.60.146451 Unavailable For Legal Reasons 0 B URL HTTP/2 sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP 35.190.60.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 15:23:43 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 62889
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 36208
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 64136
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 62993
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 17e8b57e2ed803f201575cbf9698c46d
8e1ed4174e47647af89ddbc05e8435fcca63b783
3c7f4d3402133ea425f971977cddca84554c81e1113aa92388d89a6a64f7b5b9
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 20:34:38 GMT
Expires: Fri, 02 Dec 2022 20:34:38 GMT
ETag: "8e1ed4174e47647af89ddbc05e8435fcca63b783"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f2a89bc94d7aa88ae37d874ff HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=77ac6b97edd9efafc8b12f986
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510bcedd40b69-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=425350,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773510bd3869b4e8-OSL
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=77ac6b97edd9efafc8b12f986 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=949d5198217cb849636d85ee2
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/login.php?primarymember_id=16a16060b99aa0b394a75accd
192.185.105.9200 OK 65 kB URL HTTP/1.1 mail.coprwanda.com/login.php?primarymember_id=16a16060b99aa0b394a75accd
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
Analyzer Verdict Alert fortinet Phishing
GET /login.php?primarymember_id=16a16060b99aa0b394a75accd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:23:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=949d5198217cb849636d85ee2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=955a0414e924ec0dc7796969b
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash 6a41558044c3aef50b0f76b6d94ba03b
070979d17453f23204054751253cb983a59d8aac
5bafd78fb0b7c019dea302ddd57627f60fee2d3195142474e3af8e420d0c0ad8
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3360
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 15:23:41 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: a18c1d42-c486-4e7c-9cb9-9212ffa2d9c8
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=955a0414e924ec0dc7796969b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b60b5374816e03c7bfc917574
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b60b5374816e03c7bfc917574 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=86934602894e1dd2df95de2ba
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=86934602894e1dd2df95de2ba HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57c3a0aa1527c2d58eb4229f1 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2fb844d81199e4dc9e4df47f2
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2fb844d81199e4dc9e4df47f2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9cc8dfc656ce028658f069534
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9cc8dfc656ce028658f069534 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:44 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ee2baa1c04e1123ecfe886c4d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=511519e707c1f7dad7fc0507f
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash ef94c80eda0ad333871949b941bd3e61
38095b11ee064cfa2d9e53dd6645f18019136817
476363414194e76fd4cc152fe9bd2bcb301f0860ec08afd4165d2142cc94bdbc
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1236
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 15:23:44 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 8c2e6d34-8166-4209-a67b-c2ef1c249b15
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=511519e707c1f7dad7fc0507f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a1ca3b32a7f674f02567f4359
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a1ca3b32a7f674f02567f4359 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f19bb91168959bb9cc876b589
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f19bb91168959bb9cc876b589 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7c85442d42b5358c6b6aea14a
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7c85442d42b5358c6b6aea14a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4d6f5eda4a30bb16d13ef000a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:45 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=87c04759847d2e941eb005100
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
13.89.105.232204 No Content 0 B URL HTTP/2 contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP 13.89.105.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/sendLogs?cid=cedric&cdsnum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 908
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 15:23:45 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
fortinet Phishing
POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
Content-Length: 0
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bc6d12168a088ebf08873d9c7
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bc6d12168a088ebf08873d9c7
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bc6d12168a088ebf08873d9c7
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=bc6d12168a088ebf08873d9c7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=75d51a79270be025b5d0c6bbb
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=75d51a79270be025b5d0c6bbb
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=75d51a79270be025b5d0c6bbb
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=75d51a79270be025b5d0c6bbb HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=4cd7efaed95edfa6a627b6aa6 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2022db571848fc2e76ace09a6
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2022db571848fc2e76ace09a6
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2022db571848fc2e76ace09a6
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=2022db571848fc2e76ace09a6 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=86ad0c491cfd7929360a5adcb
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=86ad0c491cfd7929360a5adcb
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=86ad0c491cfd7929360a5adcb
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=86ad0c491cfd7929360a5adcb HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9a288f9152e40291bb38240c2
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a288f9152e40291bb38240c2
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a288f9152e40291bb38240c2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=9a288f9152e40291bb38240c2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ed3d0ac3c790c786666c2c170
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ed3d0ac3c790c786666c2c170
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ed3d0ac3c790c786666c2c170
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ed3d0ac3c790c786666c2c170 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0f03c6cf0630892074acf2b2c
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0f03c6cf0630892074acf2b2c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0f03c6cf0630892074acf2b2c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0f03c6cf0630892074acf2b2c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9a587753ae88ad2a282de8c88
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a587753ae88ad2a282de8c88
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9a587753ae88ad2a282de8c88
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=9a587753ae88ad2a282de8c88 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0bb18fe44f72662799ca937ec
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0bb18fe44f72662799ca937ec
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0bb18fe44f72662799ca937ec
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0bb18fe44f72662799ca937ec HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f98337751cb8be0b15b149831
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f98337751cb8be0b15b149831
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f98337751cb8be0b15b149831
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=f98337751cb8be0b15b149831 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ae3f22b0fcda946b61a23e257
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ae3f22b0fcda946b61a23e257
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ae3f22b0fcda946b61a23e257
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ae3f22b0fcda946b61a23e257 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7922661570e7fab83faf24742
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=7922661570e7fab83faf24742
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=7922661570e7fab83faf24742
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=7922661570e7fab83faf24742 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=605782ad0dac240458c11269c
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=605782ad0dac240458c11269c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=605782ad0dac240458c11269c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=605782ad0dac240458c11269c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:47 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c401201a46159562c7ca2e90c
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c401201a46159562c7ca2e90c
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c401201a46159562c7ca2e90c
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c401201a46159562c7ca2e90c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c354b261ae162401595e7e22e
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c354b261ae162401595e7e22e
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c354b261ae162401595e7e22e
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c354b261ae162401595e7e22e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2c655aca38ded71232e51f9b9
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2c655aca38ded71232e51f9b9
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2c655aca38ded71232e51f9b9
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=2c655aca38ded71232e51f9b9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=89d54906a009ecb32f8c7d005
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=89d54906a009ecb32f8c7d005
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=89d54906a009ecb32f8c7d005
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=89d54906a009ecb32f8c7d005 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0a49063c0e0a49b7f720d322b
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0a49063c0e0a49b7f720d322b
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0a49063c0e0a49b7f720d322b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0a49063c0e0a49b7f720d322b HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0fc0c050f5c3c8b890cf95a60 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e4ce8e9ce691e19feafe92cff
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669994620470-AC499B3B-A160-40AA-97B6-F4B0F1810109; PHPSESSID=3b2d32fbb41e868517f37e81bf889ae2; count=0; kampyle_userid=59f8-21c8-b534-5ff1-3cd2-19c6-1588-50ca; kampyleUserSession=1669994620849; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d36fa83a66e-0096e0309f2543-c505425-140000-184d36fa83b480; cdSNum=1669994622969-sjn0000126-f1042e7e-7b35-4fb8-98b4-2d173f96d457
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:23:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4978d91db11b5accecccbfc46
Content-Length: 0
Keep-Alive: timeout=5, max=34
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8