r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12154
Expires: Fri, 02 Dec 2022 19:15:48 GMT
Date: Fri, 02 Dec 2022 15:53:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3131
Cache-Control: max-age=156612
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:23:26 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10138
Expires: Fri, 02 Dec 2022 18:42:12 GMT
Date: Fri, 02 Dec 2022 15:53:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 15:18:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2102
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pkl6W4iIw9j+NEMFqZeVc/DbRdGJnmpZtDdFY6OyANRk68voV0VwNP5IKDuxQkOCChWE6YqILhSHAH1jWfxEWQ==
x-amz-request-id: 3W9SZ1RYNQPEXDB4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 15:46:10 GMT
age: 424
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 15:53:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
192.185.105.9200 OK 65 kB URL HTTP/1.1 coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
GET /login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:14 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Last-Modified: Fri, 02 Dec 2022 15:08:45 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Last-Modified: Fri, 02 Dec 2022 15:08:45 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.citi.com/GPS/portal/css/cobrowse_overlay.css
104.110.15.25200 OK 1.6 kB URL HTTP/2 online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP 104.110.15.25:0
Hash 48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449
GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=DE65DF472E6FB5D20A8F494A94D49C15; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
104.110.15.25200 OK 3.7 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP 104.110.15.25:0
Hash 912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069
GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=17703A7C72E31FEAD9DF1B3C7E5E12D1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
216.58.211.4200 OK 92 kB URL HTTP/2 www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP 216.58.211.4:0
File type ASCII text, with very long lines (1560)
Hash 9aeb1c4b79656b106c74f75f0659e55e
fa088f735b11435c1898df5d8de153e32973ad4b
860254f9f9946d31e68a5864324badfd3bbb8dc8e8b95f7569cd911af2db602d
GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:11:22 GMT
expires: Wed, 29 Nov 2023 15:11:22 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 261712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
216.58.211.4200 OK 9.0 kB URL HTTP/2 www.google.com/cse/static/element/a57bc5975bc720b0/default+en.css
IP 216.58.211.4:0
Hash c7cbebedd348978dba3901d8cc83e90d
da9da15b749bbbea07de2147b1c09ff9cf6ee05b
8d6777b76a124d852a680f4d5e42f9b6abfefbc70253b120ed7f3a44aec9e1c2
GET /cse/static/element/a57bc5975bc720b0/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 16:53:54 GMT
expires: Thu, 30 Nov 2023 16:53:54 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/css
age: 169160
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/cse/static/style/look/v4/default.css
216.58.211.4200 OK 1.3 kB URL HTTP/2 www.google.com/cse/static/style/look/v4/default.css
IP 216.58.211.4:0
Hash b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132
GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 15:31:50 GMT
expires: Fri, 02 Dec 2022 16:21:50 GMT
cache-control: public, max-age=3000
age: 1284
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.citi.com/JSO/js/fp.min.js
104.110.15.25200 OK 4.3 kB URL HTTP/2 online.citi.com/JSO/js/fp.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (13962)
Hash 37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982
GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=F704B2DBC4FC71911455FB983CBF1B34; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/loginpage/styles/homePage.min.css
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/loginpage/styles/homePage.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (24793), with no line terminators
Hash 8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506
GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=0983304EEBEF82B28EF78A541F6FF3BE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
104.110.15.25200 OK 2.9 kB URL HTTP/2 online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5928)
Hash f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05
GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=CE3E242AC46656B2D623312C11E606D8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
104.110.15.25200 OK 337 B URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (1265), with no line terminators
Hash 7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b
GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=270ECAAA4B20593A967A07293AEBB0A1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
151.101.65.230200 OK 2.2 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP 151.101.65.230:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068
GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:53:14 GMT
via: 1.1 varnish
age: 901361
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669996395.858501,VS0,VE4
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
104.110.15.25200 OK 899 B URL HTTP/2 online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP 104.110.15.25:0
Hash 1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3
GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=E188FABD242F1C11313C31D140B6063B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
151.101.65.230200 OK 63 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP 151.101.65.230:0
File type Unicode text, UTF-8 text, with very long lines (44679)
Hash 2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3
GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:53:14 GMT
via: 1.1 varnish
age: 89996
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669996395.858418,VS0,VE4
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2
online.citi.com/personalization/peworkflow.min.js
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/personalization/peworkflow.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (5321), with no line terminators
Hash 1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78
GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=84BD0B8970948363E353B8B957E839E6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
104.110.15.25200 OK 65 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP 104.110.15.25:0
File type Unicode text, UTF-8 text, with very long lines (65509)
Hash 68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d
GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=658E266B04CD2AC60EBF9877FD5130E5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (32021)
Hash 4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090
GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=7688F98517EBB029E5A7403E399072BD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
104.110.15.25200 OK 18 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (65331), with no line terminators
Hash 2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439
GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=2FFDA77F77355AFBBCFC22A917B40D35; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/main.js
104.110.15.25200 OK 8.0 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/main.js
IP 104.110.15.25:0
File type HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Hash 6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee
GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=4469C02DE469DE04E0EE332D4E2E33E2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
104.110.15.25200 OK 1.0 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (3018), with no line terminators
Hash fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5
GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=36EC148C02A8815BA4504FD445D6B281; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
104.110.15.25200 OK 3.0 kB URL HTTP/2 online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP 104.110.15.25:0
Hash cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0
GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=FCDE8613236AED9494009AEC0A5C9445; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 15:11:15 GMT
cache-control: public,max-age=3600
age: 2520
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
online.citi.com/TMX/TMXProfiling.js
104.110.15.25200 OK 546 B URL HTTP/2 online.citi.com/TMX/TMXProfiling.js
IP 104.110.15.25:0
Hash 8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2
GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=FD1121630495D58A55C6AA9A0D8AB2FA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
104.110.15.25200 OK 678 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d
GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=1AB669FDE26271991E022E4F76B105B7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
104.110.15.25200 OK 758 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f
GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=D0FCECD919CEADB8163EE72A4F5FF182; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/lang.svg
104.110.15.25200 OK 1.4 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/lang.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784
GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=57C7026D020E98F05643881A8924C0F1; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
104.110.15.25200 OK 547 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb
GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=2ED29B8AD5EF7049C2E31C4A0624920D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
104.110.15.25200 OK 713 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP 104.110.15.25:0
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799
GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=A727F8317D9F072E405BFCB2E3593AD0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
104.110.15.25200 OK 917 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP 104.110.15.25:0
File type PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902
GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=BE31282648212D65E8DE05775595ED62; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
104.110.15.25200 OK 374 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2
GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=7C2706AC30094D3AFADC4A9388D2A40C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
104.110.15.25200 OK 515 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3
GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=829194724C4B96882F44C237DD660B31; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
104.110.15.25200 OK 399 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP 104.110.15.25:0
File type PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c
GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=8FF0D820A19379830F5EDCD356F97D0F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
104.110.15.25200 OK 822 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP 104.110.15.25:0
File type PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b
GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=75BE0B72EC7F0768229437D3348434D8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
104.110.15.25200 OK 894 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP 104.110.15.25:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0
GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=D0D1725BCFFCEA6BB961675D9208ADBD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
104.110.15.25200 OK 697 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP 104.110.15.25:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987
GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=363F7DE0F3C855B116468B5567D9CAC4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
104.110.15.25200 OK 819 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP 104.110.15.25:0
File type PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38
GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=45D3E8E7B1E6E935E1DA9BB162165616; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/search.png
104.110.15.25200 OK 540 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/search.png
IP 104.110.15.25:0
File type PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae
GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=DF9E70EF5AE4EF9111356BC032F60AAD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
104.110.15.25200 OK 137 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d
GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=26F79F77A4C4FD9ECEE5E4EA54195787; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
104.110.15.25200 OK 327 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0
GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=B2338E2F0830B4A359A45AA2511FB57E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
104.110.15.25200 OK 888 B URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58
GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=F9E09D709D7257AE830107CF622B9A03; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
104.110.15.25200 OK 1.3 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP 104.110.15.25:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a
GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=0EED8E063347DC76C6591AFA04A81AED; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3096
Cache-Control: max-age=151515
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:15 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:58:30 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
104.110.15.25200 OK 2.4 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP 104.110.15.25:0
File type C source, ASCII text, with very long lines (7615)
Hash e1577cfb2e8936a3c801851fff429693
1e861beca6b15a5f3d2ae277a95d7fd53e6256ec
95b8e61a19f61148c98e111e451ba37b8f27f55a415318e3fd49b56115c000a9
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2415
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=43703200B83A54CB52B9EF625A707CA5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
104.110.15.25200 OK 21 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash a7a9a73a978e579f64235bf7ce768235
fc2af74ed45ab50faf2c2e9393ff7218171c59e2
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=343AE16E4675294415962426E4730C4A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
104.110.15.25200 OK 344 B URL HTTP/2 online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (1035), with no line terminators
Hash 833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c
GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 344
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=2B36350A845BC7336E2515B278BA8B0C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
104.110.15.25200 OK 110 kB URL HTTP/2 online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], comment: "Optimized by JPEGmini 3.12.0.2 0x8e6e2aa3", baseline, precision 8, 2160x600, components 3\012- data
Size 110 kB (110256 bytes)
Hash adc640f5c974f259332776179906a9ba
88aa97730f84a70b8f3ec0df9763797293f6fef9
73bda4635bfa51c64ab47b1fba9a7cb20b6ab3ae44f7c1d2abf78041a9da0fee
GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=FA7889A46DDB709B7AEC6F764110A4CA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
104.110.15.25200 OK 45 kB URL HTTP/2 online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP 104.110.15.25:0
File type PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Hash d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0
GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=C440D33B00619B602603E7D2FA4E73E6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
104.110.15.25200 OK 46 kB URL HTTP/2 online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4
GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=FB391B46DC69214DDB6FAB6F0848744F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
104.110.15.25200 OK 35 kB URL HTTP/2 online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63
GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=CCB2ABDEAFF4CC98AD1E86194CF1E7DA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
104.110.15.25200 OK 329 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP 104.110.15.25:0
File type PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b
GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=CCA8412ED0405B8878EF8C072C21EC41; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
104.110.15.25200 OK 840 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP 104.110.15.25:0
File type PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5
GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=5F25E53F889D6D42029F106AA3F3021E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
104.110.15.25200 OK 808 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP 104.110.15.25:0
File type PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b
GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=56BB81227F5B77255001A4F0BFF04721; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP 104.110.15.25:0
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=4F4950C9AD03F82A980241A2A7EBF77B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/errorLogo.svg
104.110.15.25200 OK 584 B URL HTTP/2 online.citi.com/GFC/branding/img/errorLogo.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Hash 3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341
GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=006BC018F43D30E7873116B004494DD2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
104.110.15.25200 OK 47 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (900)
Hash c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd
GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=47CDE36C9D4CEE156B24065C6CDF9DD2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
104.110.15.25200 OK 70 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (53390)
Hash 1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851
GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=0FB998C27EB32F901460C520AF90DAB4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
104.110.15.25200 OK 62 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (7824)
Hash 72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
content-length: 61658
set-cookie: AKMTLTSID=73083B4EF4077E4C4F0629F2D4CCEB96; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
104.110.15.25200 OK 53 kB URL HTTP/2 online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Hash ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d
GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=D726F41985B29CA769F0CCAACC415E17; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
104.110.15.25200 OK 28 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP 104.110.15.25:0
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=4A3653BCAE73231F8072B7E3F0109F72; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
104.110.15.25200 OK 15 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (342)
Hash 7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae
GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=E9DF2EB81C119BAD6D3E344AE562B8C4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=1DA3FAD8819FD97D15FF3031DECB729E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
104.110.15.25200 OK 50 kB URL HTTP/2 online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80
GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=9BCC7C2375879AF39F460E32D3AE36D9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
104.110.15.25404 Not Found 5.1 kB URL HTTP/2 online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP 104.110.15.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568
GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=AF9168065CD5E529D11E42EE6114F386; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
104.110.15.25200 OK 748 kB URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP 104.110.15.25:0
File type ASCII text, with very long lines (57530)
Size 748 kB (747501 bytes)
Hash 9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92
GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
content-length: 747501
set-cookie: AKMTLTSID=B2D79ED15C8A8896B0C219F4B26465F3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.83.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.83.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ar9Mc33EQCff+m4vgjuKkg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qfycuClnFKd5RanpabB4BM9pY4E=
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
104.110.15.25200 OK 1.8 kB URL HTTP/2 online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP 104.110.15.25:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=BD9A9E754C8FE1A4C7A010DFD9C103DE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JFP/fonts/Interstate-Regular.ttf
104.110.15.25200 OK 80 kB URL HTTP/2 online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP 104.110.15.25:0
File type TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright (c) 2007 by The Font Bureau, Inc.. All rights reserved.RegularTheFontBureau,Inc:Inters\012- data
Hash 092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09
GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=CE8679319926A2E7039860D75CFE8323; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/loginpage/images/icons/svgs/close.svg
104.110.15.25200 OK 641 B URL HTTP/2 online.citi.com/loginpage/images/icons/svgs/close.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Hash dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8
GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=D4F19DD98088FDAC407CE5E7600E31C5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
104.110.15.25200 OK 148 kB URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP 104.110.15.25:0
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size 148 kB (148436 bytes)
Hash a9054b5be97affe8455c95515d6cc85b
5021d9785e3819c4ad4a2b78f387f0ec9f3a6bae
187395fde923214a57b5de0a691ca784ef64b2e06e3ff4117391821d9b9c7222
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=D0E8CBB9742000D393440FE344AE60EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
104.110.15.25200 OK 499 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP 104.110.15.25:0
File type gzip compressed data, from Unix\012- data
Hash d0d6851fdc21e63eb57af3709578a0dd
2140b733bc5e6a17cdb8537fa8759e06861cbaed
4145e83a3ccffc44dd543b258d3b9ce64e55ac66c56b8f3c8d15a36875a8fc67
GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:53:15 GMT
content-length: 71874
set-cookie: AKMTLTSID=8ACC3A46379EA7D55457B37BC070AA9D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP 104.110.15.25:0
File type PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Hash eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=60F0BB6D96F8A8B17A036E6461AFCEE0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
104.110.15.25200 OK 9.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP 104.110.15.25:0
File type PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a
GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=A38003CCC2231EDAD033C4705FB9E72D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
104.110.15.25200 OK 8.3 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP 104.110.15.25:0
File type PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47
GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=4CE3EEF52A5A536998635AA81F681778; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
104.110.15.25200 OK 496 B URL HTTP/2 online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP 104.110.15.25:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=166546F1CBC319ABB1A3C7E0F722D5C6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Cookie: cdContextId=1; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=01967656013b8b2fc98c8feee
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
35.190.60.146301 Moved Permanently 0 B URL HTTP/1.1 sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP 35.190.60.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Fri, 02 Dec 2022 15:53:16 GMT
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=423577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77353c035e62fac0-OSL
bid.g.doubleclick.net/xbbe/pixel?d=KAE
142.251.1.156200 OK 0 B URL HTTP/2 bid.g.doubleclick.net/xbbe/pixel?d=KAE
IP 142.251.1.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=KAE HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 15:53:16 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 16:08:16 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 15:53:16 GMT
cache-control: private
X-Firefox-Spdy: h2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.1.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.1.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 15:53:16 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1629-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669996396.160928,VS0,VE0
Strict-Transport-Security: max-age=31557600
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?
142.250.74.134200 OK 265 B URL HTTP/2 6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?
IP 142.250.74.134:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Hash 779b9f3c315255d0d62a1113bfcd7573
152c5e4fe3ab7191b5f2696c9dacaa12bbe33493
03c89c3c2b73e5cd1107d16c408edbd3abb6cecff1b2e78d41ea853cf46c32bb
GET /activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB? HTTP/1.1
Host: 6260004.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:53:16 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 265
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 16:08:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
184.24.45.23200 OK 71 B URL HTTP/2 stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP 184.24.45.23:0
File type HTML document text\012- HTML document, ASCII text
Hash 988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: a103
date: Fri, 02 Dec 2022 15:53:16 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
35.190.60.146451 Unavailable For Legal Reasons 0 B URL HTTP/2 sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP 35.190.60.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 15:53:16 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.1.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.1.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 15:53:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669996396.241595,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=01967656013b8b2fc98c8feee
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=01967656013b8b2fc98c8feee
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=01967656013b8b2fc98c8feee HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=1; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=598057154cc9b9453c89b4682
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
142.250.74.98200 OK 267 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (497), with no line terminators
Hash 3d0723e9b30991791d953c41256c98e3
62f93130c92c0141280617c746ec9ef54d69c7e1
7f566075b3d057193f85088cd5992b41d6cab6b96e20e07273fc2e6f99f0d14e
GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6260004.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:53:16 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=598057154cc9b9453c89b4682
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=598057154cc9b9453c89b4682
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=598057154cc9b9453c89b4682 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4f3e440741a52a0d3f8ac72d4
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Etag: "6388d6a7-1d7"
Last-Modified: Fri, 02 Dec 2022 15:48:20 GMT
Server: ECS (amb/6B82)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTk2Mzk0NDcxIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMzhhYjdlNWQtMGMxYWE3YzAzNDllMTM4LWM1MDU0MjUtMTQwMDAwLTE4NGQzOGFiN2U2MTc1IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jb3Byd2FuZGEuY29tL2xvZ2luLnBocD9wcmltYXJ5bWVtYmVyX2lkPTJjOTdmZjY3ZThiZDk0ZDJlZDg5MGZjYTEiLCJ3ZWJzaXRlSWQiOiA1MCwiZmVlZGJhY2tfdXVpZCI6IG51bGwsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImJjYjctOTYzNi1mOWIzLWUxZmMtMGQxNC0yZTk0LWRjMzEtOWIwMSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY5OTk2Mzk0MzE1Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDMzMiwia2FtcHlsZV92ZXJzaW9uIjogIjIuMzQuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuMzQuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2OTk5NjM5NDMxNiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTk2Mzk0NDcxIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMzhhYjdlNWQtMGMxYWE3YzAzNDllMTM4LWM1MDU0MjUtMTQwMDAwLTE4NGQzOGFiN2U2MTc1IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jb3Byd2FuZGEuY29tL2xvZ2luLnBocD9wcmltYXJ5bWVtYmVyX2lkPTJjOTdmZjY3ZThiZDk0ZDJlZDg5MGZjYTEiLCJ3ZWJzaXRlSWQiOiA1MCwiZmVlZGJhY2tfdXVpZCI6IG51bGwsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImJjYjctOTYzNi1mOWIzLWUxZmMtMGQxNC0yZTk0LWRjMzEtOWIwMSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY5OTk2Mzk0MzE1Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDMzMiwia2FtcHlsZV92ZXJzaW9uIjogIjIuMzQuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuMzQuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2OTk5NjM5NDMxNiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTk2Mzk0NDcxIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMzhhYjdlNWQtMGMxYWE3YzAzNDllMTM4LWM1MDU0MjUtMTQwMDAwLTE4NGQzOGFiN2U2MTc1IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jb3Byd2FuZGEuY29tL2xvZ2luLnBocD9wcmltYXJ5bWVtYmVyX2lkPTJjOTdmZjY3ZThiZDk0ZDJlZDg5MGZjYTEiLCJ3ZWJzaXRlSWQiOiA1MCwiZmVlZGJhY2tfdXVpZCI6IG51bGwsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImJjYjctOTYzNi1mOWIzLWUxZmMtMGQxNC0yZTk0LWRjMzEtOWIwMSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY5OTk2Mzk0MzE1Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDMzMiwia2FtcHlsZV92ZXJzaW9uIjogIjIuMzQuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuMzQuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2OTk5NjM5NDMxNiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:16 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-1rnj
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 1.3 kB URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1317), with no line terminators
Hash 18a9e1b4e1845474e994da4f7b7c65c0
9f0b5951d138a6f19edd1003584a7dc599d8c88b
01e82e0fe74c696fa25418b2a9f80b8ad0a84f0ad62d93eabf165fe103cc808d
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 1317
date: Fri, 02 Dec 2022 15:53:15 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: c0bf3364-9489-4b3d-a422-dc4ae6cc2460
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4f3e440741a52a0d3f8ac72d4
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4f3e440741a52a0d3f8ac72d4
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4f3e440741a52a0d3f8ac72d4 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=257420c8c3973adb5e0ab345b
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
142.250.74.130200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 15:53:16 GMT
expires: Fri, 02 Dec 2022 15:53:16 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=309411,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77353c07083db4f7-OSL
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
54.230.111.34200 OK 221 B URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP 54.230.111.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Fri, 02 Dec 2022 08:40:32 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: drHr7C6_NWlend5vtdywsrHRSXQx6C0OsMmjIdPilESHSeSTBfbX3w==
age: 25965
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=257420c8c3973adb5e0ab345b
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=257420c8c3973adb5e0ab345b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=257420c8c3973adb5e0ab345b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7109a97d27c55993e0e2d2783
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=418446,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77353c072afab50f-OSL
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
54.230.111.29200 OK 221 B URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP 54.230.111.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 15:49:15 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2Ah_Mi0oV9rnHl9wYTkbjX3piju3m-DBuriDP-mlYNji6FdpmzgiMg==
age: 242
X-Firefox-Spdy: h2
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
172.217.21.174200 OK 3.7 kB URL HTTP/1.1 cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP 172.217.21.174:0
File type ASCII text, with very long lines (3328)
Hash 815ff44dfae9729d72222822c7d34fb8
ca54a943b463a94e13d6bcdf4d8055b1e3c3bf10
b433d6c0525257cf00d20648a2ebf8170a2462dfa7ed61abaec49912d18fa2d5
GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: gws
Cache-Control: private
Content-Length: 3715
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 488ae2d5dfe09e6e60f015a2aee68e2c
b4e89be8882463d4415ff42b7f2bd66e4e43597e
fc07c95ad31735a244ec7a2f5e5a304b09051d5986190158597405230e65d792
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
35.244.174.68451 Unavailable For Legal Reasons 0 B URL HTTP/2 di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 15:53:16 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googleadservices.com/pagead/conversion_async.js
142.250.74.98200 OK 15 kB URL HTTP/2 www.googleadservices.com/pagead/conversion_async.js
IP 142.250.74.98:0
File type ASCII text, with very long lines (1654)
Hash f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921
GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 02 Dec 2022 15:53:16 GMT
expires: Fri, 02 Dec 2022 15:53:16 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6844
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:53:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6844
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:53:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 37981
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 18119
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 379a4a1b95d3aa3c5a4f8e7f9abb030f
d45dceb3dc58a07197aa5077582b5b1cd2ff791a
1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FhCtGsjgnq83-zRNBH-y9BHUh2IRaN0ahO-BCUw7bTWU8jAanBqdlA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:35 GMT
age: 64781
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 35548
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 65909
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
coprwanda.com/favicon.ico
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/favicon.ico
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
GET /favicon.ico HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=71092fb91f7130f916932fb7b
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a9bdfccd1df3e323e28d92aea1077409
4625fbbbbb614755a86dabddfaf40e99b3934ba6
8020fb77bd7e1b8cc3e2fed030e59d004e720c61162046fc93285c1ca07c0e66
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:53:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 64903
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f07d466e5636137d87db67fc37a6cea2
a93119333ee5d23a2478b0ee8de00ccd3c2a4566
e23351d29471681b4d657f516dc2cde485ae17dccefb3d60747025e022efccd8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 23:15:46 GMT
Expires: Thu, 08 Dec 2022 23:15:45 GMT
Etag: "a93119333ee5d23a2478b0ee8de00ccd3c2a4566"
Cache-Control: max-age=544348,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77353c073f17b503-OSL
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
54.230.111.127200 OK 221 B URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP 54.230.111.127:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 13:14:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dQRbb-RjU0UQKm73pGdfTZB_8_OXvIkUSB-x3gNGQkDzQrLwpeU5xA==
age: 9514
X-Firefox-Spdy: h2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.34200 OK 3.2 kB URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.34:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 23:01:12 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zWLj9be1FFHNvB2E9NaVI4NcsLQa4-m_7NowEZ4hUEsBfPcDC6yP_Q==
age: 60725
X-Firefox-Spdy: h2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.29200 OK 3.2 kB URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.29:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 15:49:16 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lHa-jOQdw6uc7I6lmwFzjyMaEbvKQCLBeAWM8xW1GIRyNbb2e8ZnPQ==
age: 241
X-Firefox-Spdy: h2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.127200 OK 3.2 kB URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.127:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jo5a893vc-QYQVVNCdAg9hopn9eWAvuHiVcJUenOoLxMVYj2uFzIWw==
age: 86389
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=423577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77353c07d926b4f7-OSL
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7109a97d27c55993e0e2d2783
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7109a97d27c55993e0e2d2783
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7109a97d27c55993e0e2d2783 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=be122c32b72b07306fac8c9fc
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 17e8b57e2ed803f201575cbf9698c46d
8e1ed4174e47647af89ddbc05e8435fcca63b783
3c7f4d3402133ea425f971977cddca84554c81e1113aa92388d89a6a64f7b5b9
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 15:53:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 20:34:38 GMT
Expires: Fri, 02 Dec 2022 20:34:38 GMT
ETag: "8e1ed4174e47647af89ddbc05e8435fcca63b783"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=423576,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77353c04af81fac0-OSL
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=be122c32b72b07306fac8c9fc
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=be122c32b72b07306fac8c9fc
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=be122c32b72b07306fac8c9fc HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=33fb36cfa03bfb7ae83f16a40
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/login.php?primarymember_id=71092fb91f7130f916932fb7b
192.185.105.9200 OK 65 kB URL HTTP/1.1 coprwanda.com/login.php?primarymember_id=71092fb91f7130f916932fb7b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Hash a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d
GET /login.php?primarymember_id=71092fb91f7130f916932fb7b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:53:17 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=33fb36cfa03bfb7ae83f16a40
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=33fb36cfa03bfb7ae83f16a40
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=33fb36cfa03bfb7ae83f16a40 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=729b566d1213a5c82987ad5ac
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash 2157cf82be372cc3c70e4e3ae910c30c
5f2e7601a2f2c599354b5bbd99baa655aa6d4a90
2ed087dcfc1b0a5084e18747d09486872619bb28feb1517de82a2d3fe4229533
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3268
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 15:53:16 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: eff5744b-5a60-4857-a5c2-79c299c9c5f2
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=729b566d1213a5c82987ad5ac
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=729b566d1213a5c82987ad5ac
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=729b566d1213a5c82987ad5ac HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=57916d786fe7687b0c1ce8a21
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57916d786fe7687b0c1ce8a21
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57916d786fe7687b0c1ce8a21
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=57916d786fe7687b0c1ce8a21 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1116a0b9118569737e80d8683
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1116a0b9118569737e80d8683
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1116a0b9118569737e80d8683
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1116a0b9118569737e80d8683 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f8e591f27436fd5d5bcd96711
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f8e591f27436fd5d5bcd96711
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f8e591f27436fd5d5bcd96711
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f8e591f27436fd5d5bcd96711 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=fa78d0adf530194a4002942a0
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fa78d0adf530194a4002942a0
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fa78d0adf530194a4002942a0
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fa78d0adf530194a4002942a0 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b250dfd4013ecb927d33dcc20
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b250dfd4013ecb927d33dcc20
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b250dfd4013ecb927d33dcc20
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b250dfd4013ecb927d33dcc20 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c36724e086df1888e0653d967
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c36724e086df1888e0653d967
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c36724e086df1888e0653d967
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c36724e086df1888e0653d967 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1d71711b01727e44ae73c7db7
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 558 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Hash 73d40e9fce02a373fc32bfdf6059689c
27b625ff07ab3634f8abd52fbb6716dea678b50e
99e00efbc19dc0793ed087ca7862143c4b3f26b9d616f8bf413503901a2b3c87
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1476
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 15:53:17 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 85759122-2f4f-4107-ad57-32728cbc86ff
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1d71711b01727e44ae73c7db7
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1d71711b01727e44ae73c7db7
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1d71711b01727e44ae73c7db7 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4cff1479d6e573843663749b3
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4cff1479d6e573843663749b3
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4cff1479d6e573843663749b3
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=4cff1479d6e573843663749b3 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e88d80575d8d6fa9200cbe0cc
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e88d80575d8d6fa9200cbe0cc
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e88d80575d8d6fa9200cbe0cc
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e88d80575d8d6fa9200cbe0cc HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=71f52ab905af6425eaa9cc79b
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=71f52ab905af6425eaa9cc79b
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=71f52ab905af6425eaa9cc79b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=71f52ab905af6425eaa9cc79b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=62388f1a19ae98fca5880a69a
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=62388f1a19ae98fca5880a69a
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=62388f1a19ae98fca5880a69a
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=62388f1a19ae98fca5880a69a HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=11eb03f86375123ce16a57030
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
13.89.105.232204 No Content 0 B URL HTTP/2 contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP 13.89.105.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/sendLogs?cid=cedric&cdsnum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 15:53:19 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=11eb03f86375123ce16a57030
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=11eb03f86375123ce16a57030
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=11eb03f86375123ce16a57030 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=297e6951dbc865d74c3a90d5f
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
Content-Length: 0
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=33125effba807bd679b01ab86
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=33125effba807bd679b01ab86
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=33125effba807bd679b01ab86
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=33125effba807bd679b01ab86 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bace8eaadd2e9601c0cf69f38
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bace8eaadd2e9601c0cf69f38
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bace8eaadd2e9601c0cf69f38
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=bace8eaadd2e9601c0cf69f38 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=efc83ca2f6a8239f2b0efde4f
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=efc83ca2f6a8239f2b0efde4f
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=efc83ca2f6a8239f2b0efde4f
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=efc83ca2f6a8239f2b0efde4f HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=db27ddd1e85bce47a64354da8
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=db27ddd1e85bce47a64354da8
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=db27ddd1e85bce47a64354da8
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=db27ddd1e85bce47a64354da8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=3c76f67924aa8309d980fc7d2
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=3c76f67924aa8309d980fc7d2
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=3c76f67924aa8309d980fc7d2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=3c76f67924aa8309d980fc7d2 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8e92cbee6cc13377ebd2ac74a
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8e92cbee6cc13377ebd2ac74a
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8e92cbee6cc13377ebd2ac74a
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=8e92cbee6cc13377ebd2ac74a HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=efc60fc7b60fdc94246f6c8d3
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=efc60fc7b60fdc94246f6c8d3
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=efc60fc7b60fdc94246f6c8d3
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=efc60fc7b60fdc94246f6c8d3 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:20 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e94818f308a47e1a6b8ee06ae
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e94818f308a47e1a6b8ee06ae
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e94818f308a47e1a6b8ee06ae
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=e94818f308a47e1a6b8ee06ae HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=16da80932b12d1b277deb8d37
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=16da80932b12d1b277deb8d37
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=16da80932b12d1b277deb8d37
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=16da80932b12d1b277deb8d37 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=783c8c5d090840bdee47c49a1
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=783c8c5d090840bdee47c49a1
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=783c8c5d090840bdee47c49a1
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=783c8c5d090840bdee47c49a1 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ab7b5ad546b1e45f6a0ed91d3
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ab7b5ad546b1e45f6a0ed91d3
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ab7b5ad546b1e45f6a0ed91d3
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ab7b5ad546b1e45f6a0ed91d3 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ead20b723d045c1a0d9930850
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ead20b723d045c1a0d9930850
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=ead20b723d045c1a0d9930850
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=ead20b723d045c1a0d9930850 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b35ec78d3f5bea166c2391740
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b35ec78d3f5bea166c2391740
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b35ec78d3f5bea166c2391740
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b35ec78d3f5bea166c2391740 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e2d3067c54322ff44e222d490
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e2d3067c54322ff44e222d490
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e2d3067c54322ff44e222d490
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=e2d3067c54322ff44e222d490 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c0046ab27f6f2db15584af298
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c0046ab27f6f2db15584af298
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=c0046ab27f6f2db15584af298
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=c0046ab27f6f2db15584af298 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6806bc24c4ae64c771f9096ea
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=6806bc24c4ae64c771f9096ea
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=6806bc24c4ae64c771f9096ea
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=6806bc24c4ae64c771f9096ea HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=dcee7d067c60a91729f4e7d2b
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=dcee7d067c60a91729f4e7d2b
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=dcee7d067c60a91729f4e7d2b
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=dcee7d067c60a91729f4e7d2b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a548ba10e53d7fea46bbbb9d2
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a548ba10e53d7fea46bbbb9d2
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a548ba10e53d7fea46bbbb9d2
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a548ba10e53d7fea46bbbb9d2 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8ca9b20cc8f7bea60c079ddff
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8ca9b20cc8f7bea60c079ddff
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8ca9b20cc8f7bea60c079ddff
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=8ca9b20cc8f7bea60c079ddff HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=34b03ccf9ba94d866855ddbd9
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=34b03ccf9ba94d866855ddbd9
192.185.105.9302 Moved Temporarily 0 B URL HTTP/1.1 coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=34b03ccf9ba94d866855ddbd9
IP 192.185.105.9:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - Citi
openphish Citigroup Inc.
fortinet Phishing
GET /US/REST/ManageTMXProfile/login.php?primarymember_id=34b03ccf9ba94d866855ddbd9 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=2c97ff67e8bd94d2ed890fca1
Connection: keep-alive
Cookie: cdContextId=2; bmuid=1669996393887-E794D67F-600E-42E3-9804-EAFE07223F90; PHPSESSID=bfbd08694f95ca2bfd63f4dd74238c5c; count=0; kampyle_userid=bcb7-9636-f9b3-e1fc-0d14-2e94-dc31-9b01; kampyleUserSession=1669996394315; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d38ab7e5d-0c1aa7c0349e138-c505425-140000-184d38ab7e6175; cdSNum=1669996396495-sjn0000641-317e4972-f04c-4fba-8089-8491ba91f3f5
HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 15:53:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c86633701c60184c5bb86ceaf
Content-Length: 0
Keep-Alive: timeout=5, max=34
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
online.citi.com/passivebio/BiocatchATO.js
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/passivebio/BiocatchATO.js
IP 104.110.15.25:0
GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=73FAE56C42AA31A423935A4977F5B80F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/css/main.css
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main.css
IP 104.110.15.25:0
GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=7A8C71516CCFBE62AA239D41042CE612; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP 104.110.15.25:0
GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:15 GMT
date: Fri, 02 Dec 2022 15:53:15 GMT
set-cookie: AKMTLTSID=404FC5D3944AC96F33745AD7D9ABF2FA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
104.110.15.25200 OK 0 B URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP 104.110.15.25:0
GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 21:53:14 GMT
date: Fri, 02 Dec 2022 15:53:14 GMT
set-cookie: AKMTLTSID=AC2FCFDD97B590BF631566AB0A92EAFF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2