r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12162
Expires: Wed, 30 Nov 2022 23:50:20 GMT
Date: Wed, 30 Nov 2022 20:27:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5199
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:27:38 GMT
Last-Modified: Wed, 30 Nov 2022 19:00:59 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 20:18:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 575
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10797
Expires: Wed, 30 Nov 2022 23:27:35 GMT
Date: Wed, 30 Nov 2022 20:27:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: a0EuX3uZid1z75+QIQyi8k5reR6CV+zB1u8fhnHmIx0wO9/cMR58CeEHEmKGr+m9msn77lXqy1U=
x-amz-request-id: BQ0EKYYTW4EQ8AZK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 19:45:59 GMT
age: 2499
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
192.185.113.154200 OK 9.8 kB URL HTTP/1.1 ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5354), with CRLF line terminators
Hash 0f97ae2f020ced8b66e25d159f71463c
4b1516b1f31007c7176792d7bbcdbcbecf4f7a85
75db015279f09970760656bccd38b535c92e953da518add79751ad22b3a79c87
GET /citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso= HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9750
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:27:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ndioman.com/citizen/dist/main.css
192.185.113.154200 OK 1.4 kB URL HTTP/1.1 ndioman.com/citizen/dist/main.css
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 8a91e43aafc230c60d123299720a75ee
24b002415a41fcc4f47e981c75ed3e797aefcd90
5d6e8f8b3326fd124ec5f3f8903bf5c8c8d0b7db6c5282ded7714b1d5e0cd00f
GET /citizen/dist/main.css HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:38 GMT
Server: Apache
Last-Modified: Sat, 08 May 2021 18:27:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1419
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
nebula-cdn.kampyle.com/wu/356861/onsite/generic1605715620985.js
151.101.193.175200 OK 64 kB URL HTTP/2 nebula-cdn.kampyle.com/wu/356861/onsite/generic1605715620985.js
IP 151.101.193.175:0
File type Unicode text, UTF-8 text, with very long lines (44698)
Hash 9ab2acba3e832121cb6eb2535a0374e8
277400aaf8c6aedc9cc5df2aad2af8d63cfd1fa7
f48fb8d65aafadf9ccd03b7e87ec786aef78626d3ba29dcb8aa18276b4499b0c
GET /wu/356861/onsite/generic1605715620985.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p28EBmI1J1jW1bVPqoiZiFuIHZ/+fV6kNAVmpazRe0wYncHqkcZOKjacN124TqRs5YOr4cLxzhw=
x-amz-request-id: 2TV9X2RQNWTDYMTR
last-modified: Fri, 22 Jan 2021 10:08:30 GMT
etag: "079788c05f1a18b55c5634df96ee02b3"
x-amz-version-id: MRy7mnTroecc6ZYxFpW2EX5M5z2YPmgu
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Wed, 30 Nov 2022 20:27:38 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669840059.940980,VS0,VE4
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 64534
X-Firefox-Spdy: h2
ndioman.com/citizen/dist/jquery.mask.js
192.185.113.154200 OK 6.8 kB URL HTTP/1.1 ndioman.com/citizen/dist/jquery.mask.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 543cc4b16af6543e3b6871e7af119003
076330b37642031e4af4a5847a0ec11a7996cc9e
489a20c8a87b78b98c11acdc9ef44ead4d0e94d9fda7a16f694515a19a4b00c7
Analyzer Verdict Alert fortinet Phishing
GET /citizen/dist/jquery.mask.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 08 May 2021 18:27:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6847
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript
ndioman.com/citizen/js/vendor.a9b3eaea49845a795d2e.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/vendor.a9b3eaea49845a795d2e.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/vendor.a9b3eaea49845a795d2e.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=75
Content-Type: text/html
ndioman.com/citizen/js/pubsub.656957a73dc8f0166990.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/pubsub.656957a73dc8f0166990.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/pubsub.656957a73dc8f0166990.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/js/meta.d871cdced65fadf4f300.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/meta.d871cdced65fadf4f300.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/meta.d871cdced65fadf4f300.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=75
Content-Type: text/html
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 52fedd740a2f084442cb2fd3304a5b8d
d7a12d4e8f51aab398868608d96b60817e25a2a7
73dc0ec68b5d1db532af8546abe87bd41ec8b6a9b88068d0775b97b7cc13aed0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "73DC0EC68B5D1DB532AF8546ABE87BD41EC8B6A9B88068D0775B97B7CC13AED0"
Last-Modified: Wed, 30 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2621
Expires: Wed, 30 Nov 2022 21:11:20 GMT
Date: Wed, 30 Nov 2022 20:27:39 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 20:11:14 GMT
cache-control: public,max-age=3600
age: 985
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ndioman.com/citizen/vendor/jquery-3.2.1.min.js
192.185.113.154200 OK 38 kB URL HTTP/1.1 ndioman.com/citizen/vendor/jquery-3.2.1.min.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (32058), with CRLF line terminators
Hash e0c6dc6f7d0ee6482c317a201cd96441
e4ad56f02d5011a60704a111477e33b5f51e8d4b
72e7c00c7b83cd4e4f61dd00479b988d49ca297b66205dffe2db01b1d5a73d24
Analyzer Verdict Alert fortinet Phishing
GET /citizen/vendor/jquery-3.2.1.min.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 08 May 2021 18:27:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript
ndioman.com/citizen/dist/app.bundle.css
192.185.113.154200 OK 61 kB URL HTTP/1.1 ndioman.com/citizen/dist/app.bundle.css
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (59431), with CRLF line terminators
Hash 39852445d30c1a269b1b6f88f8822028
07273aff427dc5e766cbafa3d238713b7acd6d06
ae782415b8f0586967d15c5e883e702f75e537611aef77dc263965f0851e0551
GET /citizen/dist/app.bundle.css HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 08 May 2021 18:27:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
ndioman.com/efs/hhf/js/citizensHeaderFooter-citizensns.js?bid=1601921445249
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/js/citizensHeaderFooter-citizensns.js?bid=1601921445249
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /efs/hhf/js/citizensHeaderFooter-citizensns.js?bid=1601921445249 HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
www.citizensbank.com/assets/CB_media/images/feedback.png
104.110.12.116200 OK 824 B URL HTTP/2 www.citizensbank.com/assets/CB_media/images/feedback.png
IP 104.110.12.116:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
GET /assets/CB_media/images/feedback.png HTTP/1.1
Host: www.citizensbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 824
last-modified: Wed, 22 Jan 2020 18:38:44 GMT
accept-ranges: bytes
etag: "052b72c53d1d51:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/3.0
cache-control: max-age=600
date: Wed, 30 Nov 2022 20:27:39 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
x-robots-tag: none
X-Firefox-Spdy: h2
ndioman.com/citizen/js/app.ca16fac30797c1b114bf.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/app.ca16fac30797c1b114bf.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/app.ca16fac30797c1b114bf.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
104.110.3.220200 OK 5.3 kB URL HTTP/2 www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
IP 104.110.3.220:0
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "149d-5e848db420aa2"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1669530644172039
x-olb-req-duration: D=123
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=295468
expires: Sun, 04 Dec 2022 06:32:07 GMT
date: Wed, 30 Nov 2022 20:27:39 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2
ndioman.com/citizen/dist/jquery.mask.min.js
192.185.113.154200 OK 3.8 kB URL HTTP/1.1 ndioman.com/citizen/dist/jquery.mask.min.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (542)
Hash 3b8649b19ceb446c3741d3c138bd7c21
f50f1bdae08c6035a1384f419b1a636c5e2ef364
ee013eaadeb136962ef646ab2a9731b858917742f180c079472c237940cdf72a
Analyzer Verdict Alert fortinet Phishing
GET /citizen/dist/jquery.mask.min.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 08 May 2021 18:27:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3795
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: application/javascript
ndioman.com/libraries/f094be2c8no179d6ba951417ed8e54f
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/libraries/f094be2c8no179d6ba951417ed8e54f
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /libraries/f094be2c8no179d6ba951417ed8e54f HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e7de49da8836d1221462d949e6d9c902
f7bfa20592de96814622531d659c742de0c50edf
4e8405233bb5e4b03a04b6045987670a6e6cd651eafbe3af8378811113f68541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:39 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 04:31:52 GMT
Expires: Tue, 06 Dec 2022 04:31:51 GMT
Etag: "f7bfa20592de96814622531d659c742de0c50edf"
Cache-Control: max-age=460451,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772653325f47b529-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5197
Cache-Control: max-age=137149
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:27:39 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:33:28 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:23:40 GMT
etag: "26ce-5c06907e37700"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669840059347115
x-olb-req-duration: D=188
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=850
expires: Wed, 30 Nov 2022 20:41:49 GMT
date: Wed, 30 Nov 2022 20:27:39 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=155, origin; dur=73
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=2E1769E295348B7E1CA92653F5CDBA57~000000000000000000000000000000~YAAQnE8kF/uMT4SEAQAANTw5yhG1zQbtk1fcfus+nzJz9CSNxkqr+ZZiKcSlXyUE8IAc5IqsbwpDgGmjldefrNYDvBvQrdJRMYwfoTgBh3Kkpnv79WgqoTo6M0wfA9/NsiOLVRRr42w3sRarq12MWSVWitHJ/WpFCFLs04uFlnG8dbBojwKfvodszDgXEjXlj4ijXRnpnY8KdhoEIZg0VUN9yfX/+Snxe2QXFZvXeEVu/kGpMGzhuvvgnr1hjWFN51t6rk6IdTBqBDFl/EQYQsGNGGQPrNbTnq8Vd5PD2HJoe+12du8KNtc3vpOPg+ipUlIWr1p++e0+cmbQOzWPpPbZy954617aRhuHe+JP9nyh9zCXrQCzJ/umPbR5Ag3ZwLrtGioshzE6HY6R1FmB95xPYZdy; Domain=.citizensbankonline.com; Path=/; Expires=Wed, 30 Nov 2022 22:27:39 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www4.citizensbankonline.com/efs/hhf/css/citizensns.min.42588.css
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www4.citizensbankonline.com/efs/hhf/css/citizensns.min.42588.css
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /efs/hhf/css/citizensns.min.42588.css HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 16:53:49 GMT
etag: "26ce-5c06a4a4a4140"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669840059345504
x-olb-req-duration: D=234
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=830
expires: Wed, 30 Nov 2022 20:41:29 GMT
date: Wed, 30 Nov 2022 20:27:39 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=167, origin; dur=85
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=9C90DCE552753DF283A4095A33BFEEFD~000000000000000000000000000000~YAAQnE8kF/yMT4SEAQAARjw5yhG/4atHV8fBpxWFIwNOzN9zqx/SXg06EvtRfmmAZg8BdzE5NN+mj4UZvLEOsqq6sJh8mgj6o6Q1J8MTPG4K2/DBuc+tD6R3UrMtU6SJJfLWcOsm0Ufn7FFW6qvI9xZHwJkJO1ZV7Y5s7gmsBOrJ1es5TWVRCVORpEjYx+nTYrCyZJyW2F62Yw+gH27ga9BtybtaIW0TQDtcXGBE824HnMT4MiopQYFCzr8S+bF4N1n1dXEqo56GjPJ7sWYBI1lWpk5qeaBH0rG2D2+aDhBevbOUCrsHED3JRJBPowSz5PtVUy2w4h4KrVCKarC5jboSzFT4Q5pitRc3nxYdhIFvxTPHvq29KAy1Lo7vzO17xalRwYpwzZUHYuwsITCuVcBZAH+C; Domain=.citizensbankonline.com; Path=/; Expires=Wed, 30 Nov 2022 22:27:39 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
ndioman.com/efs/hhf/img/footer-follow-linkedin.png
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/footer-follow-linkedin.png
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/footer-follow-linkedin.png HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/img/fdicFooter.gif
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/fdicFooter.gif
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/fdicFooter.gif HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/img/elh.gif
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/elh.gif
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/elh.gif HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/img/footer-follow-facebook.png
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/footer-follow-facebook.png
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/footer-follow-facebook.png HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/img/footer-follow-twitter.png
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/footer-follow-twitter.png
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/footer-follow-twitter.png HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/img/footer-follow-youtube.png
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/footer-follow-youtube.png
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/footer-follow-youtube.png HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/font/citizen_roman.woff
192.185.113.154404 Not Found 12 kB URL HTTP/1.1 ndioman.com/citizen/font/citizen_roman.woff
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert fortinet Phishing
GET /citizen/font/citizen_roman.woff HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ndioman.com/citizen/dist/app.bundle.css
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/font/citizen_book.woff
192.185.113.154404 Not Found 12 kB URL HTTP/1.1 ndioman.com/citizen/font/citizen_book.woff
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert fortinet Phishing
GET /citizen/font/citizen_book.woff HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ndioman.com/citizen/dist/app.bundle.css
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/font/citiolb_icons.woff
192.185.113.154404 Not Found 12 kB URL HTTP/1.1 ndioman.com/citizen/font/citiolb_icons.woff
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash a8063bd37d3c8fb3176a6bf140558a4d
e32cf4b407db3d3773ded13ff64b70fdbad7735f
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
Analyzer Verdict Alert fortinet Phishing
GET /citizen/font/citiolb_icons.woff HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ndioman.com/citizen/dist/app.bundle.css
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Content-Length: 11816
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/js/meta.d871cdced65fadf4f300.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/meta.d871cdced65fadf4f300.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/meta.d871cdced65fadf4f300.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/img/equal-housing.gif
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/img/equal-housing.gif
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
GET /efs/hhf/img/equal-housing.gif HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
push.services.mozilla.com/
54.149.219.22101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.219.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: J3lIyL3e7mSJ7jkw/B4I8w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SoH+1jv9xHa/3S1xMqBvHb8hFTw=
ndioman.com/citizen/font/citizen_roman.ttf
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/font/citizen_roman.ttf
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/font/citizen_roman.ttf HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/dist/app.bundle.css
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/font/citizen_book.ttf
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/font/citizen_book.ttf
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/font/citizen_book.ttf HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/dist/app.bundle.css
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/js/vendor.a9b3eaea49845a795d2e.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/vendor.a9b3eaea49845a795d2e.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/vendor.a9b3eaea49845a795d2e.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/font/citiolb_icons.ttf
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/font/citiolb_icons.ttf
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/font/citiolb_icons.ttf HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/dist/app.bundle.css
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/js/pubsub.656957a73dc8f0166990.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/pubsub.656957a73dc8f0166990.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/pubsub.656957a73dc8f0166990.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:39 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/efs/hhf/js/citizensHeaderFooter-citizensns.js?bid=1601921445249
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/efs/hhf/js/citizensHeaderFooter-citizensns.js?bid=1601921445249
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /efs/hhf/js/citizensHeaderFooter-citizensns.js?bid=1601921445249 HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:40 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/libraries/f094be2c8no179d6ba951417ed8e54f
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/libraries/f094be2c8no179d6ba951417ed8e54f
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /libraries/f094be2c8no179d6ba951417ed8e54f HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:40 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html
ndioman.com/citizen/js/app.ca16fac30797c1b114bf.js
192.185.113.154404 Not Found 4.7 kB URL HTTP/1.1 ndioman.com/citizen/js/app.ca16fac30797c1b114bf.js
IP 192.185.113.154:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Hash e6aae2410885df2f2629465b60a2691d
859d3d883fb8ca2aadedf5753abcd7acce922479
a113d210f17827a95d9d1eee68bf4e0aa8bd39d67df1d9420ff5e9c0f49b1d48
Analyzer Verdict Alert fortinet Phishing
GET /citizen/js/app.ca16fac30797c1b114bf.js HTTP/1.1
Host: ndioman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/citizen/credit_verify.php?online_id=99073f62b9c7c8c10ffcbea05&country=&iso=
HTTP/1.1 404 Not Found
Date: Wed, 30 Nov 2022 20:27:40 GMT
Server: Apache
Last-Modified: Sat, 01 Oct 2022 14:54:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4677
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.193.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.193.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Wed, 30 Nov 2022 20:27:40 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1625-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669840060.327176,VS0,VE0
Strict-Transport-Security: max-age=31557600
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.193.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.193.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ndioman.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Wed, 30 Nov 2022 20:27:40 GMT
via: 1.1 varnish
x-served-by: cache-bma1657-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669840060.344120,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5ODQwMDU5MTA1IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjYTM5M2FkZjE3MC0wNWY3NzYyMmUxMzcwZTgtYzUwNTQyNS0xNDAwMDAtMTg0Y2EzOTNhZTA0MmQiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9uZGlvbWFuLmNvbS9jaXRpemVuL2NyZWRpdF92ZXJpZnkucGhwP29ubGluZV9pZD05OTA3M2Y2MmI5YzdjOGMxMGZmY2JlYTA1JmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0NmIzLTg0NDMtYzEzMS02YTQ0LTk2MjMtNGY1ZS01MzUyLWRlNjYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTg0MDA1OTA1NiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxODIsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk4NDAwNTkwNTgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5ODQwMDU5MTA1IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjYTM5M2FkZjE3MC0wNWY3NzYyMmUxMzcwZTgtYzUwNTQyNS0xNDAwMDAtMTg0Y2EzOTNhZTA0MmQiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9uZGlvbWFuLmNvbS9jaXRpemVuL2NyZWRpdF92ZXJpZnkucGhwP29ubGluZV9pZD05OTA3M2Y2MmI5YzdjOGMxMGZmY2JlYTA1JmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0NmIzLTg0NDMtYzEzMS02YTQ0LTk2MjMtNGY1ZS01MzUyLWRlNjYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTg0MDA1OTA1NiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxODIsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk4NDAwNTkwNTgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5ODQwMDU5MTA1IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjYTM5M2FkZjE3MC0wNWY3NzYyMmUxMzcwZTgtYzUwNTQyNS0xNDAwMDAtMTg0Y2EzOTNhZTA0MmQiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9uZGlvbWFuLmNvbS9jaXRpemVuL2NyZWRpdF92ZXJpZnkucGhwP29ubGluZV9pZD05OTA3M2Y2MmI5YzdjOGMxMGZmY2JlYTA1JmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0NmIzLTg0NDMtYzEzMS02YTQ0LTk2MjMtNGY1ZS01MzUyLWRlNjYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTg0MDA1OTA1NiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxODIsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk4NDAwNTkwNTgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ndioman.com/
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:40 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-xgz3
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash b42c6c3e7cab19419c38fcc079647d4b
ac6c552e1692314a1218c87a2f8468260e56c3db
3a084441ae31aadc066bb212b759452c3f233b5a53e9d22be8efdf60aaab2386
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3A084441AE31AADC066BB212B759452C3F233B5A53E9D22BE8EFDF60AAAB2386"
Last-Modified: Wed, 30 Nov 2022 14:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Wed, 30 Nov 2022 21:27:40 GMT
Date: Wed, 30 Nov 2022 20:27:40 GMT
Connection: keep-alive
content.citizensbankonline.com/fp/HP?session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
91.235.133.187200 OK 5.8 kB URL HTTP/1.1 content.citizensbankonline.com/fp/HP?session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
IP 91.235.133.187:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 21193219ad5584569df7776b21ddee21
357f8b49f7a6a6dce539960b73ab4bc051cd9c37
39770b154f4d7159d471002c2e633c74f0863f97af633587bc85d4f1ab75cf34
GET /fp/HP?session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx HTTP/1.1
Host: content.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5794
Keep-Alive: timeout=2, max=100
www3.citizensbankonline.com/img/mobile-desktop-icons/icon-normal.png
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/img/mobile-desktop-icons/icon-normal.png
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:23:40 GMT
etag: "26ce-5c06907e37700"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669840060627051
x-olb-req-duration: D=141
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=604772
expires: Wed, 07 Dec 2022 20:27:12 GMT
date: Wed, 30 Nov 2022 20:27:40 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=375, origin; dur=24
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=2305718504C0D4BAF29BCD7F1F92EDE6~000000000000000000000000000000~YAAQnE8kFxuNT4SEAQAAHkE5yhFWhLFOyqEL4B30U7z919Usa7T+puUM5E5CK4mqgTKxMXNbgWV0d8/Z5hzdjPOMsxcjCQ0/Bcjnh6NXon9APwtMA5VQduhc4d1lHYHwI6gbYMvbpLuTX7VAt9mQ0fxp8LKlu/WFmE+7Dul2IIjl5VuKmpOohuO4o7hrGvV2o+KxevJrM3M5A9RlnCNfp/5izReYP6e6VpB/+LeBrl6xyLaM32+Bz/p6eh2/SkHCL72k2+oDRl0g4JcD4oFnX6iREfbXMmbGwO87Ud/ZVM2w4WRohT4NcwmFeyg1YmpvDn/kqXjpKErVwS4hwzhqp8ctWcwhEpefjdvtQYc76jrbRGNvCCwiwOvSc7zuXG0UkWkgFI3odJ4KPQCqlYhTXoGsSTvB; Domain=.citizensbankonline.com; Path=/; Expires=Wed, 30 Nov 2022 22:27:40 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
www3.citizensbankonline.com/img/mobile-desktop-icons/icon-hires.png
104.110.3.220404 Not Found 9.9 kB URL HTTP/2 www3.citizensbankonline.com/img/mobile-desktop-icons/icon-hires.png
IP 104.110.3.220:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
GET /img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:23:40 GMT
etag: "26ce-5c06907e37700"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669840060636896
x-olb-req-duration: D=135
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=604788
expires: Wed, 07 Dec 2022 20:27:28 GMT
date: Wed, 30 Nov 2022 20:27:40 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=386, origin; dur=33
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=D9B177D8FBF411799CB6A2703B909615~000000000000000000000000000000~YAAQnE8kFxyNT4SEAQAAKUE5yhEX+lB2KJoHAZkNDRxYzapEtSA1k9pKRP3L23Op97BHWn5b47IQ392/HTS592bg4Ihb3WvDwRegGvupXQxwsrM7A6rIeyVOzwswyWFzQnV4oYzXliE2VmD9fNQpBJIZHS/MycxCT3ne57Gtpaf59Bi2Me/Ew2fE2KgFvoC9PQPLwfrLr22U8LNGR4xNcvFbzDzWyjQZDOUMHJXRskHE4UgK536h35KpGG39klnRlt94+z6JiV3ks+Et1Zwh+LzyVGiAevOXUXQj/mdznHHNMj8Pk5xYtTt5vPwOYDCUtNDmWcV8+zmwu2hY/mlyb954sHIWSlseY/UeU+9QrAg/DqaXZwWZQcGGgF8aZbNXAyYVJvQievWDTakUtGnuARB63//L; Domain=.citizensbankonline.com; Path=/; Expires=Wed, 30 Nov 2022 22:27:40 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
content.citizensbankonline.com/fp/check.js?&pageid=99998&session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5
91.235.133.187200 OK 29 kB URL HTTP/1.1 content.citizensbankonline.com/fp/check.js?&pageid=99998&session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5
IP 91.235.133.187:0
File type ASCII text, with very long lines (15506)
Hash 746a570d09b3b213a12274b3d189ad73
9c34fe7be7538fd14cb228762c879efa3c0c9abc
fc97429972079b8d67006c5dd673d6bfed33c8371e59db789a491c81af91e43d
GET /fp/check.js?&pageid=99998&session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5 HTTP/1.1
Host: content.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://content.citizensbankonline.com/fp/HP?session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 5576dfcf8f5e67b5
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15078
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:27:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15078
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:27:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15078
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:27:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15078
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:27:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15078
Expires: Thu, 01 Dec 2022 00:38:58 GMT
Date: Wed, 30 Nov 2022 20:27:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 81075
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 80334
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 55914
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 777ce44582c70bf01a31da4cab366f36
57e1d34f146d5ccd9943aa97bcc3158f7103bb07
fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
content-type: image/jpeg
age: 79848
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 81289
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e1a735e16f55c78fa75ae434294029
6c56f4015305eff04a99cec9758cd40bf4e5f704
26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 502d7eed-f24a-49e8-b14e-759778b717ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbWQSFNnIAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63879d9b-5eb88e757ff3eeaa26dd7de2;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 18:14:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hrGJk_aF0hgdEXNUAqj74wYkXby2ptGRqWKFi4sxlvs_QN9WhC6vOw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:25:55 GMT
age: 7305
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
content.citizensbankonline.com/fp/ARF;CIS3SID=FCEBBFAB1FF1CA9E0519773CCBFBC765?org_id=8s1rqgxh&session_id=bdfb23e6f24404411e0cccda8e286f79&nonce=5576dfcf8f5e67b5&pageid=99998&sera_parametere=U0UKB1EEBlYNA1dUDgMDVA0CAARTAwBUCgJRUA5UAAAAAg5QVlRQV10HBUNFRF9cW0VCQhdDUCIdUXdAAXNHBwVfRFMIAw4DVhJGQAVzRwJ3BRIBIENRVlAJRhFFElFxEAJ1E1MiRQJRW1ZdAwAEVlEDAlMBVFBSDVYMXABVAAMBVwICUVJaBVxWUwZQD1IHVwIRWAsIAAMFUwBSAFMEVlMNUQMBUFQEDUBfFgsHGlADVlNVBVNRBwgCUwcPDltXBwIHUFYEBgNaBFBVAA5TAVMDBQcAVlVAWQ8IVAYEVAMTXF4LSVdFFlFbDFwPDloTXV4KEAZbJQ9KA1MKThEAQwgEBwNCBAwVBSpcC0NPRFZXCENSHjkAB1QKVwRVXERQQQgOBw%3D%3D&count=0&max=0
91.235.133.187200 OK 61 B URL HTTP/1.1 content.citizensbankonline.com/fp/ARF;CIS3SID=FCEBBFAB1FF1CA9E0519773CCBFBC765?org_id=8s1rqgxh&session_id=bdfb23e6f24404411e0cccda8e286f79&nonce=5576dfcf8f5e67b5&pageid=99998&sera_parametere=U0UKB1EEBlYNA1dUDgMDVA0CAARTAwBUCgJRUA5UAAAAAg5QVlRQV10HBUNFRF9cW0VCQhdDUCIdUXdAAXNHBwVfRFMIAw4DVhJGQAVzRwJ3BRIBIENRVlAJRhFFElFxEAJ1E1MiRQJRW1ZdAwAEVlEDAlMBVFBSDVYMXABVAAMBVwICUVJaBVxWUwZQD1IHVwIRWAsIAAMFUwBSAFMEVlMNUQMBUFQEDUBfFgsHGlADVlNVBVNRBwgCUwcPDltXBwIHUFYEBgNaBFBVAA5TAVMDBQcAVlVAWQ8IVAYEVAMTXF4LSVdFFlFbDFwPDloTXV4KEAZbJQ9KA1MKThEAQwgEBwNCBAwVBSpcC0NPRFZXCENSHjkAB1QKVwRVXERQQQgOBw%3D%3D&count=0&max=0
IP 91.235.133.187:0
File type ASCII text, with no line terminators
Hash c09a6e52d53336b7dee1b99797e6d994
1986a10ab78fc1f036a7e4bdc290921d8175c0c5
9407082aef70c0f3667edac28a62a7a06eb2e2dc1124051cc49d06556cee2a1a
GET /fp/ARF;CIS3SID=FCEBBFAB1FF1CA9E0519773CCBFBC765?org_id=8s1rqgxh&session_id=bdfb23e6f24404411e0cccda8e286f79&nonce=5576dfcf8f5e67b5&pageid=99998&sera_parametere=U0UKB1EEBlYNA1dUDgMDVA0CAARTAwBUCgJRUA5UAAAAAg5QVlRQV10HBUNFRF9cW0VCQhdDUCIdUXdAAXNHBwVfRFMIAw4DVhJGQAVzRwJ3BRIBIENRVlAJRhFFElFxEAJ1E1MiRQJRW1ZdAwAEVlEDAlMBVFBSDVYMXABVAAMBVwICUVJaBVxWUwZQD1IHVwIRWAsIAAMFUwBSAFMEVlMNUQMBUFQEDUBfFgsHGlADVlNVBVNRBwgCUwcPDltXBwIHUFYEBgNaBFBVAA5TAVMDBQcAVlVAWQ8IVAYEVAMTXF4LSVdFFlFbDFwPDloTXV4KEAZbJQ9KA1MKThEAQwgEBwNCBAwVBSpcC0NPRFZXCENSHjkAB1QKVwRVXERQQQgOBw%3D%3D&count=0&max=0 HTTP/1.1
Host: content.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://content.citizensbankonline.com/fp/HP?session_id=bdfb23e6f24404411e0cccda8e286f79&org_id=8s1rqgxh&nonce=5576dfcf8f5e67b5&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:27:41 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked
lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.js?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&force=1&env=prod&isCrossDomain=true
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.js?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&force=1&env=prod&isCrossDomain=true
IP 178.249.97.98:0
GET /le_secure_storage/3.11.0.2-release_5036/storage.secure.min.js?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:27:39 GMT
content-type: application/javascript
last-modified: Tue, 29 Sep 2020 18:27:10 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Thu, 30 Nov 2023 20:27:39 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
178.249.97.98200 OK 0 B URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
IP 178.249.97.98:0
GET /le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ndioman.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:27:40 GMT
content-type: text/html
last-modified: Tue, 29 Sep 2020 18:27:10 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Thu, 30 Nov 2023 20:27:40 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/refererrestrictions?cb=lpCb53655x69844
178.249.97.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/refererrestrictions?cb=lpCb53655x69844
IP 178.249.97.99:0
GET /api/account/83789770/configuration/domainprotection/refererrestrictions?cb=lpCb53655x69844 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lpcdn.lpsnmedia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:27:40 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:28|g:aa1ea989-5a37-43d4-8481-74fd9843d05f; Max-Age=30; Expires=Wed, 30-Nov-2022 20:28:10 GMT; Path=/
ADRUM_BTa=R:28|g:aa1ea989-5a37-43d4-8481-74fd9843d05f|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Wed, 30-Nov-2022 20:28:10 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Wed, 30-Nov-2022 20:28:10 GMT; Path=/; Secure
ADRUM_BT1=R:28|i:2241648; Max-Age=30; Expires=Wed, 30-Nov-2022 20:28:10 GMT; Path=/
ADRUM_BT1=R:28|i:2241648|e:5; Max-Age=30; Expires=Wed, 30-Nov-2022 20:28:10 GMT; Path=/
vary: Accept
expires: Wed, 30 Nov 2022 20:28:40 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2