r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2319
Expires: Fri, 24 Mar 2023 12:48:52 GMT
Date: Fri, 24 Mar 2023 12:10:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17328
Expires: Fri, 24 Mar 2023 16:59:01 GMT
Date: Fri, 24 Mar 2023 12:10:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 24 Mar 2023 11:15:15 GMT
content-type: application/json
age: 3298
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc2752d83fbed82852248898a132467a
b27a6b4af2e07663a58cafb641513f7224c7a7c3
ea7838393d83805a7b8a2b01bd09e4423617c4da285b983a11e9ba36266810d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA7838393D83805A7B8A2B01BD09E4423617C4DA285B983A11E9BA36266810D5"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11330
Expires: Fri, 24 Mar 2023 15:19:03 GMT
Date: Fri, 24 Mar 2023 12:10:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0O2M217dYhe6vi7dVfV+59VUvS4CP9C3P6tH2pJwfjp1HwZMPm8y5C4HvM9WAVALI+/uNH5c07GXU1qdNQQqHw==
x-amz-request-id: XXXBEYX5XMFF0Z9K
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 24 Mar 2023 12:00:21 GMT
age: 592
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 24 Mar 2023 12:10:13 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
us-citionline.com/ibank/
148.163.122.62200 OK 123 kB IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (43090)
Size 123 kB (122850 bytes)
Hash 57308a2826853de2edd048d6e20be067
2d1343dfe85b096454ad0baaf14d474c66b8e413
a16d742527fff58ba0c0e595b72e3fbb09171c5d3c330bfa7509a32f41cfab99
Analyzer Verdict Alert fortinet Phishing
GET /ibank/ HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:09:49 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 122850
date: Fri, 24 Mar 2023 12:10:13 GMT
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 74fa3f9dc11b3177fa7bffc3a67f743f
f8b82a342af963b0a0f931abb3e6f4b6179e36ab
29af481cf6d61ba9bb1bc96bb0b6d468c0a41f5864a3945400549f9e78dfb9ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3458
Cache-Control: max-age=133620
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:14 GMT
Etag: "641cec98-1d7"
Expires: Sun, 26 Mar 2023 01:17:14 GMT
Last-Modified: Fri, 24 Mar 2023 00:19:36 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
104.110.29.32200 OK 76 kB URL HTTP/1.1 www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
IP 104.110.29.32:0
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 75538
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Access-Control-Max-Age: 2147483647
Dclocation: SW1DMS
ETag: W/"12712-186f7570df8"
Last-Modified: Sun, 19 Mar 2023 00:48:43 GMT
Nonce: 3463890928371151
Referrer-Policy: no-referrer
Scope: VISITOR
Sid: 79debf7d-75a2-4a6b-b875-fb66032bbec2
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Uuid: 42cf3e8f-300e-4098-bd8a-9627bc832f4f
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: f2a94dac-3b2c-4bb9-44ab-107932780edf
X-Xss-Protection: 1 ; mode=block
X-Akamai-CITISITE: SWDC
Cache-Control: public, no-transform, max-age=21600
Expires: Fri, 24 Mar 2023 18:10:14 GMT
Date: Fri, 24 Mar 2023 12:10:14 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=DA78B2C7BBA027FFB75B3BBB82237DDC; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/clarity.js
148.163.122.62200 OK 19 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/clarity.js
IP 148.163.122.62:0
File type Unicode text, UTF-8 text, with very long lines (53759)
Hash c01c92075fc259291c5a7ad0a4796913
63a1096a12b1dde64926dc6108fd3a8c393dbb65
c17736ae7729593e32d876b79577234568be8d9abfdf468243d7d147e889b102
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/clarity.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 18972
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cool-2.js
148.163.122.62200 OK 5.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cool-2.js
IP 148.163.122.62:0
File type C source, ASCII text, with very long lines (585)
Hash 85193fbb4ee36d448f51af635bc4aadd
8f06df0c9f2f0eadce6fbcabcba8f9cf10779e0b
31b2237b46664ee621902f9bbd01a26788a65b12e4b9dd65bc1f1a4d55f0b7da
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cool-2.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:29 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5217
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/bat.js
148.163.122.62200 OK 11 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/bat.js
IP 148.163.122.62:0
File type Unicode text, UTF-8 text, with very long lines (38691), with no line terminators
Hash 72855286c62caef99c193e1de2ed0c9f
fb8922f59e2cbb9c4ad3c40859d950e675f8dba5
ed82ec75496475cdbc2925285c15051a9a99b891cf466e8805ece589be1adf9c
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/bat.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 11361
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_010
148.163.122.62200 OK 105 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_010
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 105 kB (105387 bytes)
Hash 3af7d6f1664aa9ebc2f665dda66520c1
40b6ed3c249220db69bf12b47d34b641cd2d36dd
435658502f9fcc7d4fba4552784dbd90400bf2d4babbc18e9dc77f832daa19b7
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_010 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:36 GMT
accept-ranges: bytes
content-length: 105387
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/conversion_async.js
148.163.122.62200 OK 15 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/conversion_async.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (2165)
Hash eb3a752a3444b8a245d577682dab75a6
52d2ecb929e3aed6c8bfcb1e1920e7834ca2f548
ab46f5338b2bc100d1ebc2066bdaa0f199ffdaeaaaa39529727d9d06287c503f
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/conversion_async.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:26 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 14928
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_005
148.163.122.62200 OK 106 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_005
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 106 kB (105617 bytes)
Hash 911539eb1d1d0a5baeec9f2eb63e4c52
43ed00dc2d68b756db74a1fa124093924ba3e3e0
82f0f2b96e0e66a5143c25e4ba1ab7ddb8944774d437c7fd3594adab0adf2064
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_005 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:08 GMT
accept-ranges: bytes
content-length: 105617
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_012
148.163.122.62200 OK 106 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_012
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 106 kB (105524 bytes)
Hash 57f088855ce21befe8c7121746c54751
50248a4e995f1dc298d6c1038044b0c5f1e1ae0c
9efdb3a0a89321a267421372d190e9c2be98da01079ca7fcb89f4b5322e8a117
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_012 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:42 GMT
accept-ranges: bytes
content-length: 105524
date: Fri, 24 Mar 2023 12:10:14 GMT
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 74fa3f9dc11b3177fa7bffc3a67f743f
f8b82a342af963b0a0f931abb3e6f4b6179e36ab
29af481cf6d61ba9bb1bc96bb0b6d468c0a41f5864a3945400549f9e78dfb9ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5890
Cache-Control: max-age=136052
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:14 GMT
Etag: "641cec98-1d7"
Expires: Sun, 26 Mar 2023 01:57:46 GMT
Last-Modified: Fri, 24 Mar 2023 00:19:36 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 74fa3f9dc11b3177fa7bffc3a67f743f
f8b82a342af963b0a0f931abb3e6f4b6179e36ab
29af481cf6d61ba9bb1bc96bb0b6d468c0a41f5864a3945400549f9e78dfb9ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5920
Cache-Control: max-age=136082
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:14 GMT
Etag: "641cec98-1d7"
Expires: Sun, 26 Mar 2023 01:58:16 GMT
Last-Modified: Fri, 24 Mar 2023 00:19:36 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 24 Mar 2023 11:14:33 GMT
age: 3341
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
104.110.29.32200 OK 79 kB URL HTTP/1.1 www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
IP 104.110.29.32:0
File type Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Hash b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 78762
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Access-Control-Max-Age: 2147483647
Dclocation: SW1DMS
ETag: W/"133aa-186f7570df8"
Last-Modified: Sun, 19 Mar 2023 00:48:43 GMT
Nonce: 4483326705398887
Referrer-Policy: no-referrer
Scope: VISITOR
Sid: 74d80a73-c436-4b8a-9333-1778a9533631
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Uuid: d645c050-4bc0-457d-8769-6eb8959a2f48
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: abe6db32-383e-4e68-6e3e-3e873c2fd860
X-Xss-Protection: 1 ; mode=block
X-Akamai-CITISITE: SWDC
Cache-Control: public, no-transform, max-age=21600
Expires: Fri, 24 Mar 2023 18:10:14 GMT
Date: Fri, 24 Mar 2023 12:10:14 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=7D54F44BE78742DF84C7DBCA5657956C; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
104.110.29.32200 OK 72 kB URL HTTP/1.1 www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP 104.110.29.32:0
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash 9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 71874
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Access-Control-Max-Age: 2147483647
Dclocation: SW1DMS
ETag: W/"118c2-186f7570df8"
Last-Modified: Sun, 19 Mar 2023 00:48:43 GMT
Nonce: 1060320749251250
Referrer-Policy: no-referrer
Scope: VISITOR
Sid: a5ce701f-6d4c-458c-9335-dcdadba929e4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Uuid: 1bb673e8-c72b-4102-ad41-ad5f41f98d5d
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 36a4d1bc-6725-4d50-5d06-30ca16d405dc
X-Xss-Protection: 1 ; mode=block
X-Akamai-CITISITE: SWDC
Cache-Control: public, no-transform, max-age=21600
Expires: Fri, 24 Mar 2023 18:10:14 GMT
Date: Fri, 24 Mar 2023 12:10:14 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=FA5ACEA15C8C1BC550C1BF1139411C80; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_015
148.163.122.62200 OK 105 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_015
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 105 kB (105387 bytes)
Hash 9f38fb46ccd0ec62af33aa818b70c6cd
76b73a12fb1a5a893e699ee665b57607ec4d3285
e9dc663562d24eaa02353a6a4fdacc31ec3a50a52752a133a9e611ffc32e5603
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_015 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:50 GMT
accept-ranges: bytes
content-length: 105387
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_004
148.163.122.62200 OK 106 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_004
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 106 kB (105524 bytes)
Hash 05eab279c5f56d7ab8b0b113b01cc1cf
881fe675f6d3508b5f6691ae62fb06e2d1ac839d
200cb4a2e9c25ea06eaac09b72f6dba04db1f604c7e47e74154c18c36a6fa9dc
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_004 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:00 GMT
accept-ranges: bytes
content-length: 105524
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/tc.js
148.163.122.62200 OK 6.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/tc.js
IP 148.163.122.62:0
File type C source, ASCII text, with very long lines (19497)
Hash 66996c0e4f956b57fa72671c833e6460
3aefd651251455e100a7f295d769430b587ef706
8d4b83d61e43a617b64659dab7155c389f192edf3829632a0ced988cf8d55446
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/tc.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:08:12 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6178
date: Fri, 24 Mar 2023 12:10:14 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 18b877ebbad1529e4bd91e12220d91c4
a3d64fb3d9cc1fe3a29b261c4ec9acfe134dfedc
7001d3ef847c7002ac15155f0dfcc0a369f19860e85c8e90530f1e7b2dd88f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4732
Expires: Fri, 24 Mar 2023 13:29:06 GMT
Date: Fri, 24 Mar 2023 12:10:14 GMT
Connection: keep-alive
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_006
148.163.122.62200 OK 106 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_006
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 106 kB (105524 bytes)
Hash 5cd9580e5dfd2ea55c8bbdcdb454c204
c547bc686ebbd9c5f687b5b25e01db39aaa18916
f5abd0bf62672898cfdcc0565fb23fee16d476f3065e3a66c8cf0c2fc05e6dfc
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_006 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:20 GMT
accept-ranges: bytes
content-length: 105524
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/dpm_pixel_min.js
148.163.122.62200 OK 32 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/dpm_pixel_min.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (60150)
Hash 641d334bcef18b0cbdfc265d8312af8b
2c04edf9d6afb0993b391c2a5ebb5b39db757f8e
a14f6ed6ccd7536f4a324633990a807fe037aadfef901f6521b2ccf1de7191f9
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/dpm_pixel_min.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:43 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 31990
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_002
148.163.122.62200 OK 105 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_002
IP 148.163.122.62:0
File type ASCII text, with very long lines (1714)
Size 105 kB (105387 bytes)
Hash 3fe490cda8e48e31b60e16c76d0ebf99
3eca7902ae9a826389903fcae8ec9c4ae08bc986
10c665ff7c86ff9bd236acc906fb83236973ea00515c84642c9669b824ebfe71
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_002 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:05:47 GMT
accept-ranges: bytes
content-length: 105387
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/bk-coretag.js
148.163.122.62200 OK 16 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/bk-coretag.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (42581)
Hash 8f61ea2b2c61c5a884ecebfc030d9c39
512c8938287ab65847b42645cbbe24336564f34f
23bd41c66c0678d3f5c18b19695725285e5afa082946e52349a52d42c00842b6
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/bk-coretag.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:14 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 15825
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js
148.163.122.62200 OK 95 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js
IP 148.163.122.62:0
File type ASCII text, with very long lines (1570)
Hash 5a62baa7485a1d76ca648289adb96b99
cb5d78fc12de8a66149a820c8e08c0e80a5612d5
1835dd9b3f2a9da1f8cca1cc12c760bc9087dbb1cefe9dcc9856c73d0d76bdcb
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:05:37 GMT
accept-ranges: bytes
content-length: 94807
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_009
148.163.122.62200 OK 95 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_009
IP 148.163.122.62:0
File type ASCII text, with very long lines (1570)
Hash cf5a8f6e2001dbbe0f4635ad7d016cce
09b99fc9125216480d08bb3721da42caded659a1
5e9b11bee597e928c810227a1e1a0f96bbd95e36c0a5352ad45c855089e5ee57
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_009 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:34 GMT
accept-ranges: bytes
content-length: 94807
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_008
148.163.122.62200 OK 95 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_008
IP 148.163.122.62:0
File type ASCII text, with very long lines (1570)
Hash e1fe2e31c05edbf99cdcdb2a2c74f68b
311fa3249ce493060bc02aebed14db03a774a8f9
65570de97a1c5b62410a59b42b5c41bed2bd8060b0fc8c55d74b8f919a1f6401
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_008 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:31 GMT
accept-ranges: bytes
content-length: 94807
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_013
148.163.122.62200 OK 95 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_013
IP 148.163.122.62:0
File type ASCII text, with very long lines (1570)
Hash 9674db1e65602e76f5fd87bf351ab20d
fa444c0eff00e22c41401cecf9245190e907dc9d
e3de2d0a194b2a7ad1981b17a1271a6192cebfab28b8aab4f53b63cc24e00a68
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_013 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:45 GMT
accept-ranges: bytes
content-length: 94807
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_014
148.163.122.62200 OK 95 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_014
IP 148.163.122.62:0
File type ASCII text, with very long lines (1570)
Hash 4460f79a3406d82fadf838c1b6ed5689
9efe17a9a231793218c2fceae206032e9f68a862
9b246abbe7a425dfcb7cca5c1d580cfab310a2e6dac69a56376da512e471e721
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_014 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:47 GMT
accept-ranges: bytes
content-length: 94786
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_003
148.163.122.62200 OK 95 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_003
IP 148.163.122.62:0
File type ASCII text, with very long lines (1570)
Hash 7f0539d883d4b28f30bcb4a566dd4010
6a7875aa5eab329c3d3bf3f6aab2bed8018f6f02
df347263b09196c82260a11af1b452bbb9f4c0475787d7ef5923be8e9eca1ecb
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_003 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:05:54 GMT
accept-ranges: bytes
content-length: 94786
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/3fac67bbed26d3e121bb84cefe395515.js
148.163.122.62200 OK 892 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/3fac67bbed26d3e121bb84cefe395515.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (518)
Hash 76ebde72d74c9467a24c0b0446406b21
1f9d059cd5e0f271f61200cab85126899001de2b
e70ba809881df577bb61fa1bcdcc9fe5b311efd2d3848d7d0f05ca866cba24a8
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/3fac67bbed26d3e121bb84cefe395515.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:02:55 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 892
date: Fri, 24 Mar 2023 12:10:15 GMT
push.services.mozilla.com/
52.10.247.29101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.10.247.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jrzRqxwcDgKNq5omW/gVCg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ap/8ricu+NeuC806Hktl/zIV/tA=
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/8e31a20960f50a1c34f7ccb1cd9737ec.js
148.163.122.62200 OK 248 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/8e31a20960f50a1c34f7ccb1cd9737ec.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (340), with no line terminators
Hash 44fc18dbd787381fcc97f443a1d75400
29afcca26b2d3b94047e18d892e75fa2960457bc
287bbcac133759be18793923b1fa3696a5e757d126688bb822b9e835bc1486b4
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/8e31a20960f50a1c34f7ccb1cd9737ec.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:09 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 248
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/96e0eb995483e83e7b3f71968eedeed1.js
148.163.122.62200 OK 123 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/96e0eb995483e83e7b3f71968eedeed1.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (965)
Size 123 kB (122597 bytes)
Hash 74016555803f59aef837c242a8840687
912c6b090fb4578db519bfc252523551858fd68a
56cd56cad0ef58f9ac2d5df2540bda2213ab82f497c55bad64d8300b7e4088db
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/96e0eb995483e83e7b3f71968eedeed1.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 122597
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d9242bb4689714e792142b57fb108642.js
148.163.122.62200 OK 8.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d9242bb4689714e792142b57fb108642.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (571)
Hash c741f30ba7ea808770f680de94437b86
04e61406a687368ef6f5a79dc45ba6f4267d12e2
1d0adab801075f64ce4fcc50e5fa10862530706bd6059b65d155cc77ea684063
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d9242bb4689714e792142b57fb108642.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8411
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/51aba9f62787efbaa13e53a8d1ae3892.js
148.163.122.62200 OK 648 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/51aba9f62787efbaa13e53a8d1ae3892.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (524)
Hash a698d68562d49c5cca76b51759f36162
04af3c5bd73f0aa00a85abad50895f07d81274f3
417c93b8aa0a998ec30f750bb022e95a5bc1f20da543f951964b678a44a76c96
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/51aba9f62787efbaa13e53a8d1ae3892.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:02:59 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 648
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/f21cacf863be4d08be1919c31c663fb2.js
148.163.122.62200 OK 35 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/f21cacf863be4d08be1919c31c663fb2.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (573)
Hash 57c5389b3b16c2a7f9b46f2fba286f87
5725b61ab95c539449e0be0be57bd562b1fac853
65cf840717ef7c36b3d6d2e1370be87ca935d6bbbe13b39cf1b837dcbbbd5a8d
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/f21cacf863be4d08be1919c31c663fb2.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:50 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 34596
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d74f82b561a6aa5d9247eaf72394131a.js
148.163.122.62200 OK 667 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d74f82b561a6aa5d9247eaf72394131a.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (549)
Hash ced08b9e16a3b586017444936768a173
12abd56c264ac12abeeb66947067ee4d163549ba
88f88006192ccdd8ffa819dade9baf9a647c1934c55b61993d04ab84f52fe495
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d74f82b561a6aa5d9247eaf72394131a.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 667
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/557566dc60916e3de69e006bef252459.js
148.163.122.62200 OK 759 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/557566dc60916e3de69e006bef252459.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (1964)
Hash b43c56033ed8fb0dbc6e444e2d1b66ab
a49552437e704680350e3b5051f7f5b5b774ec78
2f9a36d982014b340a554e3594e4d765a0c13464108473504c4cd10fb4b47ccb
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/557566dc60916e3de69e006bef252459.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:01 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 759
date: Fri, 24 Mar 2023 12:10:15 GMT
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash e8e9df586e04ceda623f2fec83d85223
df3066467926b530423d8700564ee06191ea579c
1ac8c5722cadfa33333fe91014938d35b0fb90de42d73e994cd66ffe4c4b815b
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111801
Date: Fri, 24 Mar 2023 12:10:15 GMT
Etag: "641c8fd2-1d7"
Expires: Sat, 25 Mar 2023 19:13:36 GMT
Last-Modified: Thu, 23 Mar 2023 17:43:46 GMT
Server: ECAcc (nya/789C)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: emUePPdVfolbXJLpPH8kVlZ9i3Fp8FCFxhatz5mnxo2_SnOw72Hg1A==
Age: 5390
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash e8e9df586e04ceda623f2fec83d85223
df3066467926b530423d8700564ee06191ea579c
1ac8c5722cadfa33333fe91014938d35b0fb90de42d73e994cd66ffe4c4b815b
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108601
Date: Fri, 24 Mar 2023 12:10:15 GMT
Etag: "641c8fd2-1d7"
Expires: Sat, 25 Mar 2023 18:20:16 GMT
Last-Modified: Thu, 23 Mar 2023 17:43:46 GMT
Server: ECAcc (nya/7968)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TyvHJZ1kxDL-doOcJ4zf-gTHoOhc87AGw7lgbV1t7cqJILsGTXRC3Q==
Age: 2190
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/da6191c2b2959a15b37bb1f025a35ecd.js
148.163.122.62200 OK 1.6 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/da6191c2b2959a15b37bb1f025a35ecd.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (537)
Hash 127a7d250dccbb0d79f87519d7bdea9c
ef2273c7f117169d38b1c396e7caf810b01634aa
e388ab75681c9b768a288e865e4598a1233af677b7f0247676030efaded64f10
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/da6191c2b2959a15b37bb1f025a35ecd.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1596
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d90ce1a791ada193ee0ca4e9ce66632d.js
148.163.122.62200 OK 1.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d90ce1a791ada193ee0ca4e9ce66632d.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (1194)
Hash d6e21985dba3ad8645fd449d44c2068c
7b86b228aa1ccc849a89e932dfa8bccfb5cbe365
12dcbd4da823b23a232490b44323b20373086922fb5ffa965bb84bbf00ffd438
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/d90ce1a791ada193ee0ca4e9ce66632d.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1197
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/b14642f8db56e2ea027f858eceeba7cd.js
148.163.122.62200 OK 3.8 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/b14642f8db56e2ea027f858eceeba7cd.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (536)
Hash 7b5880e7779642b6daae1329314386b9
2cd324a820a410e7feaae051adef9bcafaa8d8cd
ad017cf7b31917e4fbc6ef37f98e381260f793112b8e1a2bbebf4a49b6f053a3
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/b14642f8db56e2ea027f858eceeba7cd.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:41 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3797
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/fdf45a7c15c1cee06bb71e10dac4e26e.js
148.163.122.62200 OK 547 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/fdf45a7c15c1cee06bb71e10dac4e26e.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (524)
Hash ba7baf1326e4185590458dcfc9343587
bbe9309fecfc111fff797bd4a1fdda4968f69185
3d558f090c7636afcd2384783a2cd1977c1a0e2ab8deb3db01049542c723d3bd
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/fdf45a7c15c1cee06bb71e10dac4e26e.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 547
date: Fri, 24 Mar 2023 12:10:15 GMT
p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
52.73.116.211200 OK 0 B URL HTTP/2 p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
IP 52.73.116.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: p.tvpixel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://us-citionline.com/
Origin: http://us-citionline.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:15 GMT
content-length: 0
server: nginx
access-control-allow-origin: http://us-citionline.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 600
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/6c8322c7341eac98645c10e3d1d3c7ae.js
148.163.122.62200 OK 137 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/6c8322c7341eac98645c10e3d1d3c7ae.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (137317 bytes)
Hash 888f56dbf3ac33eaff13a19e791aa1c7
56ffbf612a4c4461eb008d2fd94e3b5eec272830
68190e4c3b57168cc09013400041b687143e4b69236b31b358a9a807d44a0158
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/6c8322c7341eac98645c10e3d1d3c7ae.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:07 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 137317
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/tagging.js
148.163.122.62200 OK 10 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/tagging.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (44670), with no line terminators
Hash 7d6999c05c38681f9be5b62e8efe40dd
c2920bbda4bd8be0067697f97300ed5e222a6632
655304e7163588065a3376c8b7ca758ad2725e39c7c74f3f633ff94138dbcaa3
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/tagging.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:08:10 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 10513
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/banner.js
148.163.122.62200 OK 5.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/banner.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (19365), with no line terminators
Hash 34193ac8d8b36536d584d7380b5e6176
b31c489c9f5a2decbe9c01c022a32fdc2d499f6d
5c004ecf8b227177351fe15243248cbd2afeda418cffaca4286e5a312d0bf608
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/banner.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:03:49 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5368
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/snare.js
148.163.122.62200 OK 11 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/snare.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (38552), with no line terminators
Hash b3343ccb664e8875c91e205efb82c655
bbb102ed6f2a15afc7b5e01a52bdf2dbd5ab99d1
f0e676be8920c9892b9685ce31774bdcf92def7d7bf7a336a8f4e64b858ddee4
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/snare.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:07:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 11040
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_011
148.163.122.62200 OK 2 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_011
IP 148.163.122.62:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_011 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:39 GMT
accept-ranges: bytes
content-length: 105503
date: Fri, 24 Mar 2023 12:10:14 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
148.163.122.62200 OK 156 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
IP 148.163.122.62:0
File type Unicode text, UTF-8 text, with very long lines (65017), with no line terminators
Size 156 kB (155755 bytes)
Hash 54316106459a0d02350161c6b1ac31ce
b337ca0ee87e31ea572ae5460407d33cd713e4bc
119432b729ffbda7f8e30d8bb260e7934264bb797a045a9cb4ae231157cd5da8
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: text/css
last-modified: Fri, 24 Mar 2023 11:08:08 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 155755
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Bootstrap.js
148.163.122.62200 OK 71 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Bootstrap.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (579)
Hash 8b9ef2d82d4d2c878d2cf7bc36cb7c01
af4124b6bdc315452c5a5f658cdc03e1da0fc9c4
8a37d41ea533ebfc2f18507d1cd7ec024d110c31999d201f25d1455cff54af65
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Bootstrap.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 70926
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cedric.js
148.163.122.62200 OK 115 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cedric.js
IP 148.163.122.62:0
File type Unicode text, UTF-8 text, with very long lines (63761)
Size 115 kB (114937 bytes)
Hash 7de09f511a40ea0ea8fe94bdc34f1ebd
aad12c45d6a7f9ca2fc665786629efaabfc611bd
54eb4d24d98fadef5d184f5c69ce3aeab6f79b8ac102a6fd42180b5e0efd0539
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cedric.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:11 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 114937
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/embed.js
148.163.122.62200 OK 677 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/embed.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (449)
Hash 7c40ffaa700e763b39e2c8ca4318766a
856680c97278585fa87743e01bd99817c8028f38
5c6b115ca3066f6d02c6b41d864c1668f2c621500dfb212948742989da7b22ee
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/embed.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:45 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 677
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16003743.js
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16003743.js
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16003743.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16001692.js
148.163.122.62200 OK 508 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16001692.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (887), with CRLF line terminators
Hash 5ab677de44debc65bbd6912b4c3f34ab
de744fa2f1d04d04989a835ba6e1700b355857c5
1eec583dd8e333b353241fd82f77be603ae10915e028eca78a6d016c7e52e182
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16001692.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:15 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:02:51 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 508
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_008
148.163.122.62200 OK 2.5 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_008
IP 148.163.122.62:0
File type ASCII text, with very long lines (2486), with no line terminators
Hash 3b971cadf976bb73c73cd69f6728ed9e
27416f05d79882aca6afa5469e705e691037a7dd
aef87022d6701770b561fb43338d8817b2e6e6e2687c00f2e6c8e6cce8e9c792
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_008 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:39 GMT
accept-ranges: bytes
content-length: 2486
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_006
148.163.122.62200 OK 2.5 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_006
IP 148.163.122.62:0
File type ASCII text, with very long lines (2484), with no line terminators
Hash 361f73f0485638c74d4ddf6549c7e673
d115301b5149944c9ecbbef4eb7b5e9c8ac741d3
5f09b60b83a4946e15eab9b02e9757aeb42eae5b4100ab84d72fe67e3340c045
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_006 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:35 GMT
accept-ranges: bytes
content-length: 2484
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_007
148.163.122.62200 OK 2.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_007
IP 148.163.122.62:0
File type ASCII text, with very long lines (2446), with no line terminators
Hash 8335a6f6eddce05be12c96af9c76d658
79cfd002ecb15bea6134b7493e424d93781d8324
7b58f7f0a5e1b64e0cfd01ba13c01a33323e1be67aac012d5c418cde551281b8
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_007 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:37 GMT
accept-ranges: bytes
content-length: 2446
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_003
148.163.122.62200 OK 2.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_003
IP 148.163.122.62:0
File type ASCII text, with very long lines (2446), with no line terminators
Hash ff470e91c748bc0a4ec9ce8bc75d9fa8
91b0ae81b93d3830ed028e8a45ca7b71eb74a5e6
000b9073feef6b62ad1a81a754ca1e5f67fa0d0aad38d86752151be7aaffb1f0
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_003 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:30 GMT
accept-ranges: bytes
content-length: 2446
date: Fri, 24 Mar 2023 12:10:15 GMT
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332
34.240.58.209302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332
IP 34.240.58.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://us-citionline.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-04ea58e04.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=49095336748827479790170267788971030586; Max-Age=15552000; Expires=Wed, 20 Sep 2023 12:10:15 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: JH+7MGOSQgM=
Content-Length: 0
Connection: keep-alive
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a
148.163.122.62200 OK 2.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a
IP 148.163.122.62:0
File type ASCII text, with very long lines (2446), with no line terminators
Hash ea93af33ebbd61ff6848a2c9c13fd825
6ada5a9a777f11f5b1dce520b8cc88aa97083868
abaa6d4fac89fb3d32c7db84e1bdd29fdd5cfb811fc048c750a02c80f78466f3
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:20 GMT
accept-ranges: bytes
content-length: 2446
date: Fri, 24 Mar 2023 12:10:15 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_002
148.163.122.62200 OK 2.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_002
IP 148.163.122.62:0
File type ASCII text, with very long lines (2446), with no line terminators
Hash f3cf17b0687c4dcc14d79bbb5bd488a2
d950def8df025845c8567dd41c1dde8fee120f35
87839747904f7332f22638ed1762eb3c67fa45c231e91ee2ef9da467d42c703f
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_002 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:27 GMT
accept-ranges: bytes
content-length: 2446
date: Fri, 24 Mar 2023 12:10:15 GMT
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332
34.240.58.209200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332
IP 34.240.58.209:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1679659826332 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://us-citionline.com
Content-Type: application/x-www-form-urlencoded
Referer: http://us-citionline.com/
Connection: keep-alive
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://us-citionline.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-03617f131.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: Qf37VTQyQcc=
Content-Length: 124
Connection: keep-alive
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_004
148.163.122.62200 OK 2.5 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_004
IP 148.163.122.62:0
File type ASCII text, with very long lines (2486), with no line terminators
Hash b9272a4e577ac158250ccf8efdf55784
46cf7488136b8db8574c3df0620b616a7746b083
a021d869839cf078f86c3acfffea51b13ee2f319d9118fb792a672164c7b808e
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_004 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:32 GMT
accept-ranges: bytes
content-length: 2486
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_005
148.163.122.62200 OK 2.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_005
IP 148.163.122.62:0
File type ASCII text, with very long lines (2444), with no line terminators
Hash 6d937a766c822bfef8b9c5d01ccc28f4
ab67fbb91d747676321014f2f4da3fdb170a8b71
f40030587ee27a415d0b2850e6be73ef38ac63969f9c7bb628d61866d5201d8b
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a_005 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:03:33 GMT
accept-ranges: bytes
content-length: 2444
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/fp.js
148.163.122.62200 OK 4.9 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/fp.js
IP 148.163.122.62:0
Hash eb59ad788e338ee05b54c54dad88f614
d686af7701c394c7e1b9384ac8bd4e4a4bd38886
6117b0090dfbd4d3d0965e9742ea61b2b7b9a1762e7399416c038fb54c643761
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/fp.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:04:57 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4850
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/runtime-es2015.js
148.163.122.62200 OK 1.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/runtime-es2015.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (2365), with no line terminators
Hash b1e0080cf13c4d5827fed22209d986e6
933389fa8e3f23d13652d5e33ee29ee1512883b5
fc87b0f53f8e5d8905b85a5dd40bee478dc1a2f4869d13b703dd4ccc4dbf73f7
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/runtime-es2015.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:07:49 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1208
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/polyfills-es2015.js
148.163.122.62200 OK 61 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/polyfills-es2015.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5e73e042303564b297f635d34f30c990
cd0f9e63c7a57cbeffe65e1f7139ff6fb8a770a8
a9e4a882bd6f7029af87ad6b26aa8f5ff433c9d90b30261b3cb17b9eabd104a8
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/polyfills-es2015.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:07:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 60570
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/scripts.js
148.163.122.62200 OK 14 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/scripts.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (50376), with no line terminators
Hash aa607a1480980a786cf3492727e5019c
508fd15458ed355e4328daee9d0659045bfad32b
c8e8f1b53d073ac58533a9e70419242af6ffde1750de632094c459371624f4ec
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/scripts.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:07:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 13475
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/jquery-3.js
148.163.122.62200 OK 31 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/jquery-3.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (65451)
Hash 21ab05a6dc4822c20e4f8e617d59503e
0431002ed053581f86ceeca6589f3b3fc039d1ee
d55c3c4566cd69b2af1ac0ef1f24f7d9e781bd67701c2e84a2300a8464636b34
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/jquery-3.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:05:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30970
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/qrsignon.js
148.163.122.62200 OK 2.6 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/qrsignon.js
IP 148.163.122.62:0
Hash 623a2e1991955779c06743221708ad86
8e36355f76abf819639f19f856f3a5830c58b773
1c274543f90a0613143a10a0b7cf5a8b600d3c25bc5223f0646d89fab3a8d60a
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/qrsignon.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:07:45 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2556
date: Fri, 24 Mar 2023 12:10:16 GMT
online.citi.com/JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg
104.110.15.25200 OK 12 kB URL HTTP/2 online.citi.com/JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x600, components 3\012- data
Hash 09cfa7b756b6a66e6ae88510b88fa592
ae487ba19f1d3f2465cfaec5e113cc222709e568
8eb4143c752b3ab868b3cc79fe6b3786c43ca465e0528a2c46683f2bff979f34
GET /JRS/banners/hero_background/Citi-futuristic-angles-bg-compressed.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 06 Oct 2021 21:34:27 GMT
accept-ranges: bytes
content-length: 11476
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 24 Mar 2023 12:10:16 GMT
set-cookie: AKMTLTSID=412BEAC10AAA1741619B40C1E9AC4A70; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/config.js
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/config.js
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/config.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/generic1645813044147.js
148.163.122.62200 OK 90 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/generic1645813044147.js
IP 148.163.122.62:0
File type Unicode text, UTF-8 text, with very long lines (53734)
Hash 057d14ccb8823aa64072da79c70a6487
9ed5ee0f802a7f0bb00db0a2ddf0ea476c7e717a
321b711a8bc969a6b43d02f70abfedb3b977c4d5a6952aee45f3a4de470d6824
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/generic1645813044147.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:05:04 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 89640
date: Fri, 24 Mar 2023 12:10:16 GMT
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 2f7941045c7575996d15581ca5c057ad
ab8eb829a8f365a3c2a40bb7657b0d0f2fc7ff1e
29d883ffe1ba54a739d826328fd18f2f963bf26168b9cef7a357710f8fe8562f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1561
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:16 GMT
Etag: "6419cd9b-1d7"
Last-Modified: Fri, 24 Mar 2023 11:44:16 GMT
Server: ECAcc (amb/6B53)
X-Cache: HIT
Content-Length: 471
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/main-es2015.js
148.163.122.62200 OK 688 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/main-es2015.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 688 kB (687718 bytes)
Hash 337dcf0b733b06f0b1c14f912ec5d171
3fcc34dfacce302ce385666eb1dbe2d0118e1fdf
6d8fec78701f7633c3abc638196c7e227c0e4e1a20a5023b9a3bc1b81f6206f7
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/main-es2015.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:07:11 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 687718
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16003743.js
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16003743.js
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/16003743.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/xmsdk.js
148.163.122.62200 OK 309 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/xmsdk.js
IP 148.163.122.62:0
File type ASCII text, with very long lines (33721)
Size 309 kB (309374 bytes)
Hash d751f4efe7b458c6cd3b2daadd035dd1
b82fa8d5190da3c5332da9e73060d1283f92247c
9e3921195a155feb463b74bbb9165ffdd3404c7767e24a9e71113a098316978e
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/xmsdk.js HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 11:08:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 309374
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7470
Expires: Fri, 24 Mar 2023 14:14:46 GMT
Date: Fri, 24 Mar 2023 12:10:16 GMT
Connection: keep-alive
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.65.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.65.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 24 Mar 2023 12:10:16 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1671-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1679659817.529008,VS0,VE0
Strict-Transport-Security: max-age=31557600
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F588b7484-3598-4d13-aaa7-b86cf3e62e45.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F588b7484-3598-4d13-aaa7-b86cf3e62e45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58c58176f0c5825828c8ca12e6471fe1
fe0f05aaa351cfcf5d00c6e96fcefefcdeb51480
c3a5d4595188ee57312b636e4c605b368088eeb8be2c86ae5f77e379f51b79f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F588b7484-3598-4d13-aaa7-b86cf3e62e45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7696
x-amzn-requestid: c4e2712e-c6f7-499a-980d-98120ede7b9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPt1Hv3oAMF5wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc658-6b5fc3f005b6d210710a267a;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:36:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: o9mJZed_h1-gITgHyFrt2GJ_N1jCIadpgm4dhEIKT4axJZwhKT8c0w==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:43:19 GMT
age: 52017
etag: "fe0f05aaa351cfcf5d00c6e96fcefefcdeb51480"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f46d765cbcbbcd9707a21eec12d80002
d9bab36f53de76263a67bc34364e33bed28d35cd
772e85ac55db0fc3ca75329e0197c7caeff466e90b5cf85df7ccb44a85a253f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48579581-7121-436c-a612-bb4c179f2542.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4438
x-amzn-requestid: ce3cbb97-2a19-4499-8ab7-18cf5f99b5ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK85SG3_oAMFQcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa83b-2750db5d028ac4ac54a865f8;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: s3be2clZAQ4R0f442UhQKzqwRKV4cO9mRaWArwIGHl42yU7N2JG36Q==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 13:45:06 GMT
age: 80710
etag: "d9bab36f53de76263a67bc34364e33bed28d35cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vOBDFA2LzOIp_0dMXApotrithfiToWtpM2xMRyx1pWAE86olKT6EpQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 02:36:43 GMT
age: 34413
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 1.4 kB URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1361), with no line terminators
Hash b8aea04cf2f677a6f523b004c39a3b4d
ba62ae17e7ee34de11411d3092901fa79acc4273
4d74e064fd01286840ffffc03e661e31b8eb83667459aae801f9612faf2c5138
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 1361
date: Fri, 24 Mar 2023 12:10:15 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 659d2db0-2df5-4f85-81cc-1198d1e39e8f
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 04db6085e8ec938c1385fb33b32ae036
0f173b8971723ec380a9610b3dda8f64890f6f37
873d5942c34057339f7a9c53a9d4cdc3a0b82f01223f851898da0ebbe0a628bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd11f3110-26b3-4e61-a4be-71f97e3d6614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7482
x-amzn-requestid: 843e4bba-1550-44c4-be10-dd333148f83d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHxFuuIAMFvmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-03f5d2675850409e70748490;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i3f56KYdhzWqiBtE9-vSMBC17mWa0qZfxQb3AmHcNvApYKse8O3DdQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:56:06 GMT
age: 51250
etag: "0f173b8971723ec380a9610b3dda8f64890f6f37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd357d16d-d40f-4b91-81cc-69aeb80f25fe.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd357d16d-d40f-4b91-81cc-69aeb80f25fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 68798f0963b37143bcbec5c6e08f2efe
00bb4ca04f3e52c8d9eacec7449a9cf49f6c312a
7c54bbd23a76d8b4c15e352b92e33c7164916899a5af71ba34a7af884b8a0944
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd357d16d-d40f-4b91-81cc-69aeb80f25fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6403
x-amzn-requestid: aab6628c-f612-4b57-9ae1-0017714e19c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPHyEIkIAMF4JA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc564-2110e0d35561ab794e44e966;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:32:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: V4F_j_MuQgkRSKgCVI8OaJH2ZUbo6FcSk6Qv-BB4uAfm84jsQ2qklg==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:43:19 GMT
age: 52017
etag: "00bb4ca04f3e52c8d9eacec7449a9cf49f6c312a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bb55b1044454d0db2324a4af956cd51
5aa34545aa2274453b301c74a083034273177cbd
fb7fa8b91ff7374ac6be2df05e1e98194f2adf3ce728b02a66323993145975ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d9f0256-f2a3-48d2-9cbe-230433c09812.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7405
x-amzn-requestid: 9865b715-ff9b-498d-95b3-c728fd3430be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CQPt7E46oAMF1Fg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641cc658-78b66faf317a7aaf689de782;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 21:36:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: EI1picNm6z4XmZxnCmqbdZv4ok9AqXNvYGy8CtENrRkWLuuLUuETlg==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 21:43:19 GMT
etag: "5aa34545aa2274453b301c74a083034273177cbd"
content-type: image/jpeg
age: 52017
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citilogoredesign.png
148.163.122.62200 OK 1.8 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citilogoredesign.png
IP 148.163.122.62:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citilogoredesign.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:04:15 GMT
accept-ranges: bytes
content-length: 1799
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/050-location2x.svg
148.163.122.62200 OK 761 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/050-location2x.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 85543620ad38e56e244712bb273cc762
026fe241f39ff19ddc789d2803d133ddcc9cf4b5
f8fdcf346192649aa2a56db9ff75914b81db8846c19b45f79af577277f0ddf86
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/050-location2x.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:02:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 761
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/icon_globe_med-grey2x.svg
148.163.122.62200 OK 1.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/icon_globe_med-grey2x.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 769292d9568b737a34073c73ebf39f33
46520223668e253c5b49011c3bcbd262a211b950
bf624c4c42485cd1755ccfa5f8653cea2ba55e0b4faaf4cad028714ffe1c2225
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/icon_globe_med-grey2x.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:05:21 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1430
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/cbol-pre-login-static-assets/citi-branding-assets/images/right-white-chevi.svg
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/cbol-pre-login-static-assets/citi-branding-assets/images/right-white-chevi.svg
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/cbol-pre-login-static-assets/citi-branding-assets/images/right-white-chevi.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/cbol-pre-login-static-assets/citi-branding-assets/images/search.svg
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/cbol-pre-login-static-assets/citi-branding-assets/images/search.svg
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/cbol-pre-login-static-assets/citi-branding-assets/images/search.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/googlePlay3x.png
148.163.122.62200 OK 25 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/googlePlay3x.png
IP 148.163.122.62:0
File type PNG image data, 390 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 27b0482f8ebba1e3cc92d2eee497497e
379e9e2ed883250c02736c151a47d38248285572
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/googlePlay3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:05:07 GMT
accept-ranges: bytes
content-length: 25077
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/appStore3x.png
148.163.122.62200 OK 20 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/appStore3x.png
IP 148.163.122.62:0
File type PNG image data, 351 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash d461f4d2e32e339372869b3f4be72007
d8e3a847a7d18c3948617f75622f6cd27bd4cd54
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/appStore3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:03:26 GMT
accept-ranges: bytes
content-length: 20047
date: Fri, 24 Mar 2023 12:10:16 GMT
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.65.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.65.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xk8/CQxij8C1EBMxuFx+gdfznNcX9zOGiwRIz3U41jGf1utmWvamxlZAe5czPABdgOvOfuHvWcA=
x-amz-request-id: FRPGP23FQKSKSMWE
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 24 Mar 2023 12:10:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1679659817.731969,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_facebook3x.png
148.163.122.62200 OK 445 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_facebook3x.png
IP 148.163.122.62:0
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_facebook3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:08:00 GMT
accept-ranges: bytes
content-length: 445
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_youtube3x.png
148.163.122.62200 OK 1.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_youtube3x.png
IP 148.163.122.62:0
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_youtube3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:08:03 GMT
accept-ranges: bytes
content-length: 1175
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/dest5.htm
148.163.122.62200 OK 2.8 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/dest5.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash 28a317d789e7ebc20d7d46578cc711df
6cf217419ace8f04ddbbf0649bafa482cc57f757
46604dc1ede8a7eacf569ef9e08b1265021953283f97496b39bc6417a262b16f
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/dest5.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:04:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2790
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_twitter3x.png
148.163.122.62200 OK 1.3 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_twitter3x.png
IP 148.163.122.62:0
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/social-media_twitter3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:16 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:08:02 GMT
accept-ranges: bytes
content-length: 1277
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/425466.htm
148.163.122.62200 OK 243 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/425466.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ce6fda5d072666f96edcac11fe851b2b
5a37e1b4823d88f9065f3b8b740b4abb12322c15
56f94bb47fde8f9f776088eec66e1e777830042b7129a98415efa00813a57994
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/425466.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:02:57 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 243
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi.htm
148.163.122.62200 OK 295 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0c6e27f10a92584dd5bf8c6751c361cd
24bc2cbd9d3efab2408deae050aed81a1b53ae3c
192cea76d8cbd389d892e1d08d0eb5b09909c781abfa2222ab4f22446c817c7b
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:03:23 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 295
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a.htm
148.163.122.62200 OK 107 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document, ASCII text
Hash 0b2a6e4cbbb4e1e5c2c2baea38e61fcb
d911df72fe11d3bc1a32465358c1de47e3a88af4
1df25d4bd4693b4d105b6aa0bbe82a9cb141b9db9e1285b4e0610ea53e378bc9
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/a.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:03:22 GMT
accept-ranges: bytes
content-length: 107
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/63068.htm
148.163.122.62200 OK 146 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/63068.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document, ASCII text
Hash ce94f6c07e636ac7a2c8e0c9c52f32be
cb1185bc423a0e282647f937e7b5e2e598b49538
ddef18735195b80597c5a298c32f27c1d8c9ac6789606155094f0eebc847dd01
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/63068.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:03:03 GMT
accept-ranges: bytes
content-length: 146
date: Fri, 24 Mar 2023 12:10:16 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Top.svg
148.163.122.62200 OK 1.3 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Top.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (559)
Hash c70b7ac1bfd4b82f54025396ad627101
06a0b6a000da61481e78b95c79e852864b099cca
151b62c864c69facb467d46c1ed3bc078caf621d1fe8257ae6dde4d4b5210bcd
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Top.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:08:16 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1317
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Bottom.svg
148.163.122.62200 OK 1.5 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Bottom.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1134)
Hash 629e3875e12dca5efe5e0155813b6822
b0faff6ac19fd48ec69cbd2a4b3ed0f638ed8763
21bc12072f50919b1e0dddb5cc49d6986919c228bbd3dc97fe7580fa001ad4ef
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Bottom.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:08:14 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1511
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Top_Grey.svg
148.163.122.62200 OK 956 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Top_Grey.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (552)
Hash 6037e31f1bfb7ce5d2ad71968b4474be
423413464bc14d64e7f3d204ff17aec6ee3939c6
32e08f4b86b250793ca53aa0eb94791fef56db5c4364a11f5604434fe5de1060
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Wave_Top_Grey.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:08:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 956
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/pixel_002.htm
148.163.122.62200 OK 107 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/pixel_002.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document, ASCII text
Hash 0b2a6e4cbbb4e1e5c2c2baea38e61fcb
d911df72fe11d3bc1a32465358c1de47e3a88af4
1df25d4bd4693b4d105b6aa0bbe82a9cb141b9db9e1285b4e0610ea53e378bc9
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/pixel_002.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:07:35 GMT
accept-ranges: bytes
content-length: 107
date: Fri, 24 Mar 2023 12:10:17 GMT
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc5NjU5ODI3NDU4IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODcxMzg3MDEwMDE2OS0wZTA2NWRkZTNjNmY5NS1jNTA1NDI1LTE0MDAwMC0xODcxMzg3MDEwMTM5NCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdXMtY2l0aW9ubGluZS5jb20vaWJhbmsvIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjQxM2MtNzMzNi0xYzQ3LWQ2YTctZTNlMy0yYWQ5LTMwNmEtYjgxNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjc5NjU5ODI2ODkwIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDM5NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDIuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDIuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3OTY1OTgyNjg5MiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc5NjU5ODI3NDU4IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODcxMzg3MDEwMDE2OS0wZTA2NWRkZTNjNmY5NS1jNTA1NDI1LTE0MDAwMC0xODcxMzg3MDEwMTM5NCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdXMtY2l0aW9ubGluZS5jb20vaWJhbmsvIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjQxM2MtNzMzNi0xYzQ3LWQ2YTctZTNlMy0yYWQ5LTMwNmEtYjgxNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjc5NjU5ODI2ODkwIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDM5NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDIuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDIuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3OTY1OTgyNjg5MiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc5NjU5ODI3NDU4IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODcxMzg3MDEwMDE2OS0wZTA2NWRkZTNjNmY5NS1jNTA1NDI1LTE0MDAwMC0xODcxMzg3MDEwMTM5NCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdXMtY2l0aW9ubGluZS5jb20vaWJhbmsvIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjQxM2MtNzMzNi0xYzQ3LWQ2YTctZTNlMy0yYWQ5LTMwNmEtYjgxNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjc5NjU5ODI2ODkwIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDM5NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDIuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDIuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3OTY1OTgyNjg5MiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 12:10:17 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-88t2
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Light.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Light.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
online.citi.com/JRS/banners/modules/HP5904_M.jpg
104.110.15.25200 OK 61 kB URL HTTP/2 online.citi.com/JRS/banners/modules/HP5904_M.jpg
IP 104.110.15.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 1ac3fc43f7e5d714ae464ce7fbb98613
a35cfd4baed1cd5ff864e3d4b3b8cb6b6cf8edff
e3ab69de7f3d187207fe5547bc46fd675b89f6747e75170690a8dcd2966cfdc4
GET /JRS/banners/modules/HP5904_M.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:53 GMT
accept-ranges: bytes
content-length: 61097
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 24 Mar 2023 12:10:17 GMT
set-cookie: AKMTLTSID=C89C9295343CEDCEC0C700B60A17B1DE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/memberfdic.png
148.163.122.62200 OK 3.6 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/memberfdic.png
IP 148.163.122.62:0
File type PNG image data, 92 x 56, 8-bit colormap, non-interlaced\012- data
Hash 06f9182eaba97e7bb11957e00b602114
b7dbc5acfb4cbd262dc85889828f3afc36e25315
dd785f8f2c8aedd3c6e165633948ba26d178485f2cf2d0d8f747005472e7cf90
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/memberfdic.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:07:28 GMT
accept-ranges: bytes
content-length: 3594
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Bold.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Bold.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/1440_Citi-PLT3x.png
148.163.122.62200 OK 28 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/1440_Citi-PLT3x.png
IP 148.163.122.62:0
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/1440_Citi-PLT3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:02:48 GMT
accept-ranges: bytes
content-length: 28149
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/EqualHousing.png
148.163.122.62200 OK 1.6 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/EqualHousing.png
IP 148.163.122.62:0
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 83a5bb8d054fc7b4adab0615c487dc25
8a26d8e39da754c8f63d2a3122ed87a6e4a7f369
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/EqualHousing.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:04:47 GMT
accept-ranges: bytes
content-length: 1606
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Regular.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Regular.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Regular.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Regular.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Light.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Light.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/1592741950571_CTA_Feedbackfinal.png
148.163.122.62200 OK 2.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/1592741950571_CTA_Feedbackfinal.png
IP 148.163.122.62:0
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/1592741950571_CTA_Feedbackfinal.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:02:50 GMT
accept-ranges: bytes
content-length: 2196
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004.htm
148.163.122.62200 OK 292 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 22dce66fe2461e7843c2ed83dd67e061
6bfb61bbd3854b43bf8a982d1f750411a5942fd7
a45e411675e3db4917db72286a48fd47856af34ac97dfb6ae3056b6792f2da7f
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi.htm
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:02:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 292
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Bold.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Bold.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Regular.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Regular.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/cds-assets/fonts/interstate/Interstate-Regular.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 28b21826fdc4fd812dab1b0ed057df02
bcaf94f2f4b60e58df694cfd6c7815d5abbc8fa8
0d7ad725e564c0e15403a73e06233ab173153433e5db958f5aec9eaa815460f9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 12:10:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 12:17:24 GMT
Expires: Wed, 29 Mar 2023 12:17:23 GMT
Etag: "bcaf94f2f4b60e58df694cfd6c7815d5abbc8fa8"
Cache-Control: max-age=431825,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7acecf635e5cb52d-OSL
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
54.230.111.21200 OK 221 B URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP 54.230.111.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 24 Mar 2023 02:28:11 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pxOPV2vIF-oywRZLEn3-4Bmtq37LLqplUOJqHCCC52-1Fqq3LxLjjw==
age: 34927
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Regular.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Regular.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Regular.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Hero_Credit_Cards_Offer.png
148.163.122.62200 OK 52 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Hero_Credit_Cards_Offer.png
IP 148.163.122.62:0
File type PNG image data, 483 x 306, 8-bit colormap, non-interlaced\012- data
Hash b43045f704be45598b82dc4ceee836df
2c39ae26a5a298ecf381f14e7191b3b3eb30b5c2
b989462b5bf7e58b9162ede531dbffe7411f1f9eca5bdeb4c0f299314dabc839
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/Hero_Credit_Cards_Offer.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:05:09 GMT
accept-ranges: bytes
content-length: 51580
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP417_M.jpg
148.163.122.62200 OK 54 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP417_M.jpg
IP 148.163.122.62:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash bb69813ac5199203a71e6bd7509bd2e2
d943c654a737aedf4c280bfc78ed9dc573fe4565
ac158808d02f456a1dd7c1b9672d75c04565db6b3ec8e3558e64038e1496e44f
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP417_M.jpg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/jpeg
last-modified: Fri, 24 Mar 2023 11:05:13 GMT
accept-ranges: bytes
content-length: 53959
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP_277_Generic_3UP_M1M7_Image.jpg
148.163.122.62200 OK 55 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP_277_Generic_3UP_M1M7_Image.jpg
IP 148.163.122.62:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Hash 2aa2d6cd9ce04ef66afcb9c94e03bd1b
cf517cbc341212fd85f1bf18840e222385c62e3b
a841fe7049f72ba229af9ba6e4a770b7b3c887b8a8a37ecc655f7b5b21fe9179
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP_277_Generic_3UP_M1M7_Image.jpg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/jpeg
last-modified: Fri, 24 Mar 2023 11:05:19 GMT
accept-ranges: bytes
content-length: 55089
date: Fri, 24 Mar 2023 12:10:17 GMT
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 915ea04b4fd99e9baaa7a988a1f9b6bf
bc9fd9d02f19fc9b4dc75c77dd96f0d9e9be76c4
dd71f0d4d9f944726d643cee5e2274d824b4194d3ad6824f0ddfaa9b8bf2a664
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 12:10:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 06:00:11 GMT
Expires: Tue, 28 Mar 2023 06:00:10 GMT
Etag: "bc9fd9d02f19fc9b4dc75c77dd96f0d9e9be76c4"
Cache-Control: max-age=322792,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7acecf638be0b503-OSL
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.21200 OK 3.2 kB URL HTTP/2 1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.21:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 23 Mar 2023 13:07:30 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rlVcjUq_A0_bdkL4TgP6YgdFZyUz_GI58erhTX9_tNTylQ1L7iAI1A==
age: 82968
X-Firefox-Spdy: h2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
54.230.111.34200 OK 221 B URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP 54.230.111.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 24 Mar 2023 03:09:11 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 416KKjW60-lOy36uDVoYxaDP71WEUj5mIgX7whFYmGNsRiXPo0O6qQ==
age: 32467
X-Firefox-Spdy: h2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.34200 OK 3.2 kB URL HTTP/2 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.34:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 23 Mar 2023 23:33:03 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -xNYQH9KInicnrPOkCswE8hcL82MWWCEOvbwXRy62fgIz7_8nsXfRw==
age: 45435
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Light.woff
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Light.woff
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004_data/src6260004.htm
148.163.122.62200 OK 226 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004_data/src6260004.htm
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e5ca5f882bf3f1f0d82e87db3ede1270
59b123b8a2b33c38f6d5ab676109dc8d94e2c6b1
c175957fc580c2755c52506286309838ac048667818a243d760635f8904d319d
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004_data/src6260004.htm HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/activityi_data/src6260004.htm
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Fri, 24 Mar 2023 11:02:39 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 226
date: Fri, 24 Mar 2023 12:10:17 GMT
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e3e52f6884736cd01e9defda9561b12f
34e736e688596345a054e0b39a9c6c2c8a301c91
bddb8dfac35a4f734fd4f9b5801186b0077df8b8de265e1d429aad7b8eb9c2cb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 12:10:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 23:15:50 GMT
Expires: Thu, 30 Mar 2023 23:15:49 GMT
Etag: "34e736e688596345a054e0b39a9c6c2c8a301c91"
Cache-Control: max-age=557731,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7acecf63589eb4f4-OSL
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
54.230.111.46200 OK 221 B URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP 54.230.111.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Thu, 23 Mar 2023 14:48:54 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xfPLJ_w8O_mr8WO-fnUdy113sgwR_Y2EJDrCwYhSr5QWaIEpPWyXzA==
age: 76884
X-Firefox-Spdy: h2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
54.230.111.46200 OK 3.2 kB URL HTTP/2 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP 54.230.111.46:0
File type ASCII text, with very long lines (3227), with no line terminators
Hash 9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 23 Mar 2023 14:44:31 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: opbvYEPioL_-Stk57csCHqGM08DefkN7LrlNbLSRRVHl4JSlNC-D4g==
age: 77147
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citiKT.svg
148.163.122.62200 OK 1.4 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citiKT.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2516)
Hash ad1c059a915b8baf135a995dd1d99b62
33ce6d76a45a1392ad281b24982b68d4f6dc6b63
2cd11aa2358c56f979499f3fee7f3a9fad8c13f78c2c83c2f905318efba6c723
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citiKT.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:04:13 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1370
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg
148.163.122.62200 OK 36 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg
IP 148.163.122.62:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Hash 828a87bf98784f50f064562fdc53b062
152a1c4c9b44cbf38f502adc905f46ebea41c98d
77793ec25b490750a8db0f5d2b8fc262ed16008b99f83ff6c12cc2da8923377e
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/HP_1615_Rewards_Plus_3Up-module-new_card_art.jpg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/jpeg
last-modified: Fri, 24 Mar 2023 11:05:17 GMT
accept-ranges: bytes
content-length: 36429
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/savings.svg
148.163.122.62200 OK 2.1 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/savings.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (3665)
Hash d549984d6949c0d0ef60581d48d004c1
023a29163e329d52da3c75aba52277849b29b227
7805e59289c0c648bf046a772719530ebdf9177edfebe48c498f03df22a6f866
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/savings.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:07:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2052
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/mail.svg
148.163.122.62200 OK 739 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/mail.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (710)
Hash 5fd3d163b6eaa56317d3b366f1edc799
85654ca34c8e07e2ecf35915b0da07c61ac45606
fb52387f767aaf28b39536a324ed7e81235987005185bdd45dbbd4a3dbeced07
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/mail.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:07:01 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 739
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citi_bonus_offers.svg
148.163.122.62200 OK 1.7 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citi_bonus_offers.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (3718)
Hash 44c2230176ffb3ea920ec6c1bb502944
4487648cb663292e8eab8036228a309423156a19
ac61651e93c890d5a077301a0aa713422e25b6a836893883e0094ae5e17192e4
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/citi_bonus_offers.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:04:17 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1662
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Light.ttf
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Light.ttf
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/styles.css
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19441%7CvVersion%7C3.1.2; cdContextId=1; bmuid=1679659826411-F96FA367-92EF-4E17-8407-4AA60291ED43; mdLogger=false; kampyle_userid=413c-7336-1c47-d6a7-e3e3-2ad9-306a-b815; kampyleUserSession=1679659826890; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f; cd_user_id=18713870100169-0e065dde3c6f95-c505425-140000-18713870101394
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:17 GMT
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 626 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (626), with no line terminators
Hash 97bc24cf52f68cd912928b3338f1b503
3db0cf41007ee55cf7a02a5e117f7a0560ccf267
99358dd273a65f0f33cbf6ebbcf8bbbb9eb0c0c104f4474481e3e9c6213d4345
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1410
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 626
date: Fri, 24 Mar 2023 12:10:17 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: d63fb2ac-236b-4d22-b545-948c1d02d903
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/calculator.svg
148.163.122.62200 OK 1.0 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/calculator.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1649)
Hash a71f9310f957d42f0145a86e948f4cc1
6e3986f7cf3ea99a9abab46532cd45524489ba68
28e6b1658783941914d8067480bb39ec57ffc0191557d6399aa11b14f3b8f7f3
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/calculator.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:04:01 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1013
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/home.svg
148.163.122.62200 OK 818 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/home.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1266)
Hash 395741019a89ea74327c9fd6699348ec
7dfceb5fc3a998de760ed9e3e55302063cf7e623
ac63a49f6cee9fe777fe74fb6def9f2f23999ca8a2664feeeae669a2b30cfcd5
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/home.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:05:11 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 818
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/mortage-learning-center1x.png
148.163.122.62200 OK 829 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/mortage-learning-center1x.png
IP 148.163.122.62:0
File type PNG image data, 20 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 33b2062b82b686301ad7b7d9b6cb12da
561e6040162f2e3a29202c7b4f55d9ad6925baba
bd6124aa009720569f3745f3513e09a65678daa849cbff24daf0ab0f0acf7854
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/mortage-learning-center1x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:07:29 GMT
accept-ranges: bytes
content-length: 829
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/finDocument.svg
148.163.122.62200 OK 932 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/finDocument.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1499)
Hash 3cdb5198f5d33217e05b44cf961b8985
ebebfc3a4aaa5fa62c9871f9d1e13783ebb1a69a
4d3ae2e5777da1a75823d3fb1c1f53c841926ca9cba64c0dfdfa658bc32295af
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/finDocument.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:04:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 932
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/idea.svg
148.163.122.62200 OK 924 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/idea.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1448)
Hash 7f1ea16d73b871b0e5c700bff1f951b7
6d3ec4314f30f58e5437a69a56d4206887f95a94
653597d54f13482cb4dfa5536f146e1c06fb1ecc32299abd8a2b40098e3f3239
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/idea.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:05:23 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 924
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/line-data.svg
148.163.122.62200 OK 959 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/line-data.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1117)
Hash df40f6ffe2604d4063f37e9465481f61
08f5bb03f59d789652e92d5c34a4d77b256406d9
36941f84c8b4b4fe271486f102bfd5500692d392eb9d7087db1ce0c62e09f6cb
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/line-data.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:06:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 959
date: Fri, 24 Mar 2023 12:10:17 GMT
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 2d01bc104ef787693292755d8f2bc59e
3ba9c8ea401c82e9ef498b083750587b2859272c
379a63b6e6f40ee743c255ce6a42a7c984fa93017f4a06c1eff5191fc934d609
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 24 Mar 2023 12:10:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 24 Mar 2023 06:38:31 GMT
Expires: Sat, 25 Mar 2023 06:38:31 GMT
ETag: "3ba9c8ea401c82e9ef498b083750587b2859272c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/location-blue.svg
148.163.122.62200 OK 840 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/location-blue.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 4815d54574fb61848184ce95465943e6
b11f075237d1246614d49eb9ed092c262c32b8e8
dcf3054f98ff025803821fd49a4759b8af25bb2d94d0c8a0cf3d0a0f0703b4fb
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/location-blue.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:06:57 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 840
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/profile-service.svg
148.163.122.62200 OK 1.2 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/profile-service.svg
IP 148.163.122.62:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1453)
Hash 75a8ce2fb275438d323ef42e373ca8eb
247fc74be6751469b8a30b2febd796d2934f342c
f3b13b99ad82f2fea480c3521bb2f1e0d3d4d4e613e6d4ecbf9036bdc3855c6b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/profile-service.svg HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Mar 2023 11:07:43 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1160
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/laptop-and-phone-pairing.png
148.163.122.62200 OK 17 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/laptop-and-phone-pairing.png
IP 148.163.122.62:0
File type PNG image data, 396 x 252, 8-bit/color RGBA, non-interlaced\012- data
Hash 6d0e7226247c70358d9ada28a5f64ee9
66730b4a915c1350f8b92b39975a711cd5dd5fb4
ff5150ab5741a5c8345bc7861cb1cab8f574fe17f2cdb2fbc2058311f3d65817
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/laptop-and-phone-pairing.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:06:52 GMT
accept-ranges: bytes
content-length: 17241
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/phone.png
148.163.122.62200 OK 9.9 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/phone.png
IP 148.163.122.62:0
File type PNG image data, 396 x 270, 8-bit/color RGBA, non-interlaced\012- data
Hash 448436abd4bc903abc9a9c53cdd2fe5e
1f3731747ded20c04b25009d3a570d1164ddf1ed
5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/phone.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:17 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:07:31 GMT
accept-ranges: bytes
content-length: 9873
date: Fri, 24 Mar 2023 12:10:17 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/laptop-and-phone-success.png
148.163.122.62200 OK 13 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/laptop-and-phone-success.png
IP 148.163.122.62:0
File type PNG image data, 396 x 252, 8-bit/color RGBA, non-interlaced\012- data
Hash 2dac3e6df8ce052ea7efd874dce5303d
c4fff620aeec502e0d399d3a6d2cb8e44df6b83e
bb1fdd5be17ce6cbeb21411a9ba10b99f11bbe232a93b34bec7c4722d763bf52
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/laptop-and-phone-success.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:18 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:06:54 GMT
accept-ranges: bytes
content-length: 13305
date: Fri, 24 Mar 2023 12:10:18 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/qrsignon.png
148.163.122.62200 OK 741 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/qrsignon.png
IP 148.163.122.62:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash a5ee9c25c190474a2efe66a609a2ca19
890832b6a7115abd51f480dce8e74206f06a428a
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/qrsignon.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:18 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:07:47 GMT
accept-ranges: bytes
content-length: 741
date: Fri, 24 Mar 2023 12:10:18 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/320_Citi-PLT3x.png
148.163.122.62200 OK 12 kB URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/320_Citi-PLT3x.png
IP 148.163.122.62:0
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/320_Citi-PLT3x.png HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 31 Mar 2023 12:10:18 GMT
content-type: image/png
last-modified: Fri, 24 Mar 2023 11:02:53 GMT
accept-ranges: bytes
content-length: 11562
date: Fri, 24 Mar 2023 12:10:18 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0.txt
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0.txt
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0.txt HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:18 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_003.txt
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_003.txt
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_003.txt HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:18 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_002.txt
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_002.txt
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_002.txt HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:18 GMT
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_004.txt
148.163.122.62404 Not Found 708 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_004.txt
IP 148.163.122.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/0_004.txt HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Fri, 24 Mar 2023 12:10:18 GMT
nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Apr%2005%2018:06:22%20GMT%202022&ClientID=1129&PageID=http%3A%2F%2Fus-citionline.com%2Fibank%2F
54.230.111.14200 OK 533 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Apr%2005%2018:06:22%20GMT%202022&ClientID=1129&PageID=http%3A%2F%2Fus-citionline.com%2Fibank%2F
IP 54.230.111.14:0
File type ASCII text, with very long lines (1155)
Hash 7e1fec99df0b2dade7f2f6e432674560
ef89c8d8e14ea245efc657423c031d4315323797
31ccabddf2c7da1f5d9b7d9ad2f82731d2d7bca16f908db5fe2766f5d03ebcb6
GET /citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Apr%2005%2018:06:22%20GMT%202022&ClientID=1129&PageID=http%3A%2F%2Fus-citionline.com%2Fibank%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: CloudFront
Date: Fri, 24 Mar 2023 12:10:18 GMT
Expires: Fri, 24 Mar 2023 12:10:17 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rLnB1KOW040rr8aMmR5yud0Hu9b4BcWTeyuT0uuL3xrXBU6hUOkbkw==
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608321b2d7d9f849b46e7fb22419d291
6d6d7ea8959a3ac466cbb69b5e08547ad1bc6207
da8bf75801fbc541fccc8c44d03b9ceba2f92bddeafe0c54f260072eabb28d81
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608321b2d7d9f849b46e7fb22419d291
6d6d7ea8959a3ac466cbb69b5e08547ad1bc6207
da8bf75801fbc541fccc8c44d03b9ceba2f92bddeafe0c54f260072eabb28d81
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608321b2d7d9f849b46e7fb22419d291
6d6d7ea8959a3ac466cbb69b5e08547ad1bc6207
da8bf75801fbc541fccc8c44d03b9ceba2f92bddeafe0c54f260072eabb28d81
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5c5c0747b2915e61d5d8388fc239e669
4882f875646af073c13e333c035eb10d0a8fb6ae
79ae06d3764904ef15140f013f036703b1e7edc6560becbbecd7b533424abb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5c5c0747b2915e61d5d8388fc239e669
4882f875646af073c13e333c035eb10d0a8fb6ae
79ae06d3764904ef15140f013f036703b1e7edc6560becbbecd7b533424abb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/695231162/?random=1649658218166&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2381956043&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/695231162/?random=1649658218166&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2381956043&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/695231162/?random=1649658218166&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2381956043&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/960621875/?random=1649658218111&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=419529844&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/960621875/?random=1649658218111&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=419529844&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1649658218111&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=419529844&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/819500023/?random=1649658218175&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=733938959&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/819500023/?random=1649658218175&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=733938959&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1649658218175&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=733938959&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash ee193ce2724c6190973ae9741c5bbb0a
2c97a6e7484bcec19e66da3badceb5b29d1018a7
cf1da82cf5c746964e2bc58dfb8d2389e8c429598123bb762c98384f4b59cf90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3406
Cache-Control: max-age=92458
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Etag: "641c4c06-1d7"
Expires: Sat, 25 Mar 2023 13:51:16 GMT
Last-Modified: Thu, 23 Mar 2023 12:54:30 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
www.google.com/pagead/1p-user-list/975701947/?random=1649658218160&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194157361&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/975701947/?random=1649658218160&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194157361&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1649658218160&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194157361&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/959299794/?random=1649658218155&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4269116542&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/959299794/?random=1649658218155&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4269116542&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1649658218155&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4269116542&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/916451471/?random=1649658218097&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3520684578&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/916451471/?random=1649658218097&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3520684578&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1649658218097&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3520684578&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/695231162/?random=1649658218166&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2381956043&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/695231162/?random=1649658218166&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2381956043&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/695231162/?random=1649658218166&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2381956043&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/644574043/?random=1649658218143&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3677980286&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/644574043/?random=1649658218143&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3677980286&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/644574043/?random=1649658218143&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3677980286&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/819500023/?random=1649658218175&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=733938959&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/819500023/?random=1649658218175&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=733938959&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1649658218175&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=733938959&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/916451471/?random=1649658218097&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3520684578&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/916451471/?random=1649658218097&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3520684578&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1649658218097&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3520684578&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/959299794/?random=1649658218155&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4269116542&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/959299794/?random=1649658218155&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4269116542&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1649658218155&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4269116542&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/830907969/?random=1649658218150&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3726529474&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/830907969/?random=1649658218150&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3726529474&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/830907969/?random=1649658218150&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3726529474&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.citi.com/cbol-pre-login-static-assets/assets/favicon.ico
104.110.29.32200 OK 8.1 kB URL HTTP/1.1 www.citi.com/cbol-pre-login-static-assets/assets/favicon.ico
IP 104.110.29.32:0
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash 7408f1858b7d67263a001f84022b33a4
89161c6255a5559cc1282c5a9c7d4d84623bd12f
0cffb7ed99266581c5b90b6b2d8c758232f6746f9784ead6ae85725806691eb6
GET /cbol-pre-login-static-assets/assets/favicon.ico HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Content-Type: image/x-icon
Content-Length: 8116
Accept-Ranges: bytes
Access-Control-Max-Age: 2147483647
Content-Encoding: gzip
Dclocation: SW1DMS
ETag: W/"222b-186f7570628"
Last-Modified: Sun, 19 Mar 2023 00:48:41 GMT
Nonce: 0191354033891346
Referrer-Policy: no-referrer
Scope: VISITOR
Sid: cd96d040-5cbb-487b-8769-76d64e1d8d10
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Uuid: a6a2accf-054e-49ca-acb3-2c451d701a43
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Vcap-Request-Id: 12294140-a63b-45e6-6c9c-de757c545db1
X-Xss-Protection: 1 ; mode=block
X-Akamai-CITISITE: SWDC
Cache-Control: public, no-transform, max-age=21600
Expires: Fri, 24 Mar 2023 18:10:18 GMT
Date: Fri, 24 Mar 2023 12:10:18 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=8224BFCE0FF09B026D3E02C4787AD4AD; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
www.google.com.ng/pagead/1p-user-list/644574043/?random=1649658218143&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3677980286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/644574043/?random=1649658218143&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3677980286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/644574043/?random=1649658218143&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3677980286&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/830907969/?random=1649658218150&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3726529474&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/830907969/?random=1649658218150&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3726529474&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/830907969/?random=1649658218150&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3726529474&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/975701947/?random=1649658218160&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194157361&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/975701947/?random=1649658218160&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194157361&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1649658218160&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194157361&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com.ng/pagead/1p-user-list/960621875/?random=1649658218111&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=419529844&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.com.ng/pagead/1p-user-list/960621875/?random=1649658218111&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=419529844&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1649658218111&cv=9&fst=1649656800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=738&u_aw=1366&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=5&u_nmime=2>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=419529844&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mpsnare.iesnare.com/script/logo.js
54.228.71.178200 OK 108 B URL HTTP/1.1 mpsnare.iesnare.com/script/logo.js
IP 54.228.71.178:0
File type ASCII text, with no line terminators
Hash 6783e95be7c41db92c0724d77f853f7a
7c1145d9eb7df4079248a3e5158ad5d17023d26e
ed0b4f7a0f7a83954ba694ae30eff515d3cc35e6ad8611530fea0a7f491760c1
GET /script/logo.js HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 12:10:18 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Sat, 23 Mar 2024 12:10:18 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ac8d4dabc0044d3f9300e6f09b86bc68
331a761e7d051c94831a30254ca3ce25b2e7dd2d
05ef2753d9e9b8cd1f09c88eb1cc42ee88ffd4db561c9a05e069373c24112d60
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5c5c0747b2915e61d5d8388fc239e669
4882f875646af073c13e333c035eb10d0a8fb6ae
79ae06d3764904ef15140f013f036703b1e7edc6560becbbecd7b533424abb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nexus.ensighten.com/citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757
54.230.111.14200 OK 5.5 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757
IP 54.230.111.14:0
File type ASCII text, with very long lines (624)
Hash 4c86836b4d86cef26df15f17af9d0003
6a44b22665aeb9cf0fab153a8f29ab5b2211a14a
0aa907157401606d338566560089d516c1f67b635c8f0db346a77c3bbbecc481
GET /citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 16 Feb 2023 18:54:02 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 16 Feb 2023 18:50:31 GMT
ETag: W/"341b188f6c2fe2107f63f9a2f998bb29"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: _EGaJ0JRqXa7HXWsIS89V3k4kvtsyejg
Server: CloudFront
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mZUcy1IOsIAa6DVbtxqObsb2IR62hPJuf3_4dYb6FPNIxX6nBGnPgg==
Age: 3086177
nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
54.230.111.14200 OK 1.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
IP 54.230.111.14:0
File type ASCII text, with very long lines (619)
Hash 8621afe09918c8b527b2f6c410270234
f6f8315236bb14d91c27693d2fde5b5e7fb327d8
d64fd9ecde6c4c303d19919337c86d7856689cc73c459b3fd4e88d0851f14a41
GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 07 Mar 2023 10:47:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: CloudFront
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 11YWzUIZzcWyrGqhqeWLtpqBmC1gerFhk9oaOcQ4uXO0oc5O9O9s8A==
Age: 1473794
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
54.230.111.14200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP 54.230.111.14:0
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 23 Jan 2023 17:17:42 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: CloudFront
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9-ESg63R5Yk6xQsfJC5Or9lMHfaMH5EhnsmGnsrjxreuymc8Wa11fQ==
Age: 5165557
nexus.ensighten.com/citi/na_prod/code/78f20451479496aedb0e80c49d5c4cfd.js?conditionId0=421908
54.230.111.14200 OK 53 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/78f20451479496aedb0e80c49d5c4cfd.js?conditionId0=421908
IP 54.230.111.14:0
File type ASCII text, with very long lines (574)
Hash 9fb6af099f53f04880e01c833d3aede5
49686b2f2d3a70d78f7b2944bad7ad705f48ac49
a3cb123fe92e7f3d3447af3e556a84d1585949cf6c25a5b5df616980598012c9
GET /citi/na_prod/code/78f20451479496aedb0e80c49d5c4cfd.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 21 Mar 2023 18:02:12 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 21 Mar 2023 17:54:28 GMT
ETag: W/"d31c136a8552c9362c1b7687181f6766"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: 47XAV3Pz133jIhfUK1uiTEbmIekItydm
Server: CloudFront
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U6MJ2FsAgxIQdRC7JpvSPziS19OKk90sBVaTnIBtMKZuKHI92N9EOQ==
Age: 238087
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
54.230.111.14200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP 54.230.111.14:0
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 13 Mar 2023 10:32:42 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: CloudFront
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hCzjZPElJwLAJn8NvBxdo1kDNW_-f3rIq0e9y_d7XFLO2U9S_hq3YQ==
Age: 956257
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6aaec05989f41e193afd971af198e518
96cbff9bbb1861f5bf5e2df8c5e7ad496c52d0c1
add525c9c3e6c2561f7ad32f6a4ef8e6e7fff6f2d3074e0231dfd6a30a8edb6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2095
Cache-Control: max-age=159226
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:18 GMT
Etag: "641d55f5-1d7"
Expires: Sun, 26 Mar 2023 08:24:04 GMT
Last-Modified: Fri, 24 Mar 2023 07:49:09 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1679659829034
15.236.117.205200 OK 89 B URL HTTP/1.1 metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1679659829034
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 6ec25407e018bd695e9a466d9b325793
ea6fdfd431a49026b38cb975106a039b670630b6
bee8825c2feea6b5abefb4570bab64a9d9476e211cf6064695de8cde3446ba6c
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1679659829034 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
access-control-allow-origin: http://us-citionline.com
access-control-allow-credentials: true
date: Fri, 24 Mar 2023 12:10:18 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|320EC9951B35E687-6000014071123A61[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 23 Mar 2025 12:10:10 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C46659622024242310622428867268989891378; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 23 Mar 2025 12:10:10 GMT;
s_ecid=MCMID%7C46659622024242310622428867268989891378; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 23 Mar 2025 12:10:10 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ci-mpsnare.iovation.com/snare.js?_=207361148358141
52.43.32.23200 OK 13 kB URL HTTP/1.1 ci-mpsnare.iovation.com/snare.js?_=207361148358141
IP 52.43.32.23:0
File type ASCII text, with very long lines (38550), with no line terminators
Hash bdaaaf983e5cd44e83f3cb571265b4e3
8595c0e1d8654f79203e3032fa4a26b4795415a1
ddee9e440cb19740bb45c52a145e984f2dbab7b7052fcf8d479fc5641c01e9b4
GET /snare.js?_=207361148358141 HTTP/1.1
Host: ci-mpsnare.iovation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 12:10:18 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=jmQIQbVTR+k+WPmXZTv1AbRYh058Fi2HlXCotPwmgSA=;Path=/;Expires=Sat, 23-Mar-2024 12:10:18 GMT;Max-Age=31536000;Secure;HttpOnly;SameSite=None
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
p3p: CP="NON DSP COR CURa"
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=46659622024242310622428867268989891378&d_cid_ic=AVID%01320EC9951B35E687-6000014071123A61&ts=1679659829295
34.240.58.209200 OK 299 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=46659622024242310622428867268989891378&d_cid_ic=AVID%01320EC9951B35E687-6000014071123A61&ts=1679659829295
IP 34.240.58.209:0
File type JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Hash 64661f237a381883d78744d6cd3d6e6c
d9eaad2c45dd607024c4f44d03e6dde4572f081b
b4f237980aaf855f609a1b75589ad14b7cefe8ba8377b54869a40f608d9a4234
GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=46659622024242310622428867268989891378&d_cid_ic=AVID%01320EC9951B35E687-6000014071123A61&ts=1679659829295 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://us-citionline.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-050ab02f3.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=52881516116280271892888649937366354577; Max-Age=15552000; Expires=Wed, 20 Sep 2023 12:10:18 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: sGmM7prbSdk=
Content-Length: 299
Connection: keep-alive
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 626 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (626), with no line terminators
Hash 64d8ca8661f03fb6c90062acba377dc4
5dba9df567bb2be2e8678f360f3b4e10b84266be
ce856b3a82f8930b3c7d7f069a9f5799a7e2c257e64ba486a5eb727a590ac74a
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3406
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 626
date: Fri, 24 Mar 2023 12:10:17 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 977b8cf8-c0a2-4cd6-80de-28d7aa6521f1
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=52881516116280271892888649937366354577
54.72.144.202301 Moved Permanently 134 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=52881516116280271892888649937366354577
IP 54.72.144.202:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cm/dd?d_uuid=52881516116280271892888649937366354577 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 24 Mar 2023 12:10:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=52881516116280271892888649937366354577
ci-mpsnare.iovation.com/script/logo.js
52.43.32.23200 OK 108 B URL HTTP/1.1 ci-mpsnare.iovation.com/script/logo.js
IP 52.43.32.23:0
File type ASCII text, with no line terminators
Hash 29dd459163472a6f8f3afefb79b61d66
6dcd404e6b697e78950fe2306a72017faa39c282
4a35fb67438ef3ac07ae8d3e6060ce6905bcf70716ea14d0b4063c57ee4031b6
GET /script/logo.js HTTP/1.1
Host: ci-mpsnare.iovation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 24 Mar 2023 12:10:18 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Sat, 23 Mar 2024 12:10:18 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 4b7fca75e331fbda8afaf561936e3e7d
a0fae03da319a83a8f0ea0c3c086c88d12cb0cbe
064eba78490e6ca441fd1e4fe798a59007b973fe43f06963df69d85a47c57e9a
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=133701
Date: Fri, 24 Mar 2023 12:10:19 GMT
Etag: "641ce551-1d7"
Expires: Sun, 26 Mar 2023 01:18:40 GMT
Last-Modified: Thu, 23 Mar 2023 23:48:33 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: D3VFHsdoFWj1XB_Is9BBz6q94F-4YjOP0G0IGZhXUfeiQqgNUI6WVg==
Age: 5407
cm.everesttech.net/cm/dd?d_uuid=52881516116280271892888649937366354577
54.72.144.202302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=52881516116280271892888649937366354577
IP 54.72.144.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=52881516116280271892888649937366354577 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 24 Mar 2023 12:10:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~ZB2TKwAAAHSovAOJ; Domain=.everesttech.net; Expires=Sat, 23-Mar-2024 12:10:19 GMT; Path=/
everest_session_v2=ZB2TKwAAAHSovQOJ; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ
Server: AMO-cookiemap/1.1
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 1eafb93b43a0c15aa0a5ec304be9a85c
be7e23035630e505954b9a0b907aa0628afc180c
37ccfa43119516e76649a5d67257337ca71aeab9b854fd4fce13e271ae3ac1d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4119
Cache-Control: max-age=151521
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:19 GMT
Etag: "641d2ff5-1d7"
Expires: Sun, 26 Mar 2023 06:15:40 GMT
Last-Modified: Fri, 24 Mar 2023 05:07:01 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/ibs:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ
34.240.58.209302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ
IP 34.240.58.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-0f3ec1a9a.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=20319447729649266143255788190058069182; Max-Age=15552000; Expires=Wed, 20 Sep 2023 12:10:19 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: NwU2idEcRaE=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ
34.240.58.209200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ
IP 34.240.58.209:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZB2TKwAAAHSovAOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v046-05b75a697.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: i17b8QX9QzE=
Content-Length: 59
Connection: keep-alive
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
13.89.105.232204 No Content 0 B URL HTTP/2 contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP 13.89.105.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/sendLogs?cid=cedric&cdsnum=1679659816497-sjn0000530-30647d53-c615-488e-8c36-ca001b777b5f&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 772
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 24 Mar 2023 12:10:19 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.168302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 24 Mar 2023 12:10:19 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
151.101.245.230301 Moved Permanently 0 B URL HTTP/1.1 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
IP 151.101.245.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wdcusciti/50/onsite/generic1645813044147.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
Accept-Ranges: bytes
Date: Fri, 24 Mar 2023 12:10:19 GMT
Via: 1.1 varnish
X-Served-By: cache-hel1410030-HEL
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1679659820.756110,VS0,VE0
Strict-Transport-Security: max-age=31557600
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ca3a2cc88f5c8a7669812ec7af0e14bf
fbb85820ada745d1e030c13874f96b14f8544884
d61b12522a039a526703bd7f747ae3614b660f1bc001044585c3c72907568d83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.168200 OK 66 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.168:0
File type ASCII text, with very long lines (2632)
Hash 8fbc34815c76a0998afbb741b4ad9016
bafabfa12849c260f1754c2b7a66e7b1a44dfdcb
8f3c42a102c9dd025e5e9b24b9736efb544317474c2390348c1552eafc613efa
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 24 Mar 2023 12:10:19 GMT
expires: Fri, 24 Mar 2023 12:10:19 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 65714
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
151.101.245.230200 OK 89 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
IP 151.101.245.230:0
File type Unicode text, UTF-8 text, with very long lines (53734)
Hash 04bc9152f8f65781100f1a38b780611e
ae82feb2117261f9771863de56e71eaba39ffbfb
65a1077ed441a495ef8871928751caae9a528b17ec8eafe8f6dfbfc669bfce75
GET /wdcusciti/50/onsite/generic1645813044147.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: B5pF57iRTi6kzttTtesR1imz3IofNAoU9tYsT2jmQS8pi1xmCUg5RLqxzHFtPvR7YYg1g4M0ydY=
x-amz-request-id: 5JQAW107RHBSQB9H
last-modified: Fri, 25 Feb 2022 18:17:26 GMT
etag: "b6b583d1c21fe708664599f47fe6d042"
x-amz-version-id: n9np7L1i8NPYVmXlDkA6OOYu.Ggu5g4q
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 24 Mar 2023 12:10:19 GMT
via: 1.1 varnish
age: 1785
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 1
x-timer: S1679659820.830641,VS0,VE2
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 89444
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ca3a2cc88f5c8a7669812ec7af0e14bf
fbb85820ada745d1e030c13874f96b14f8544884
d61b12522a039a526703bd7f747ae3614b660f1bc001044585c3c72907568d83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 626 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (626), with no line terminators
Hash f973e259932c94db4ab9fdafbc1ac003
c3dbe245095ac7aa9541d19b5c6bf3947e5a2ba4
fb9e325464948d0063633aaf3296e050e332971f3b31b7404f53e464d60c21ae
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1678
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 626
date: Fri, 24 Mar 2023 12:10:18 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 7b0bf7cb-0fdb-43b7-b42f-21683dce8836
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
cdn.pbbl.co/r/1560.js
54.230.111.108403 Forbidden 986 B IP 54.230.111.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash de3415be7564a846849472a689142653
b91e22ff9c733a9e3b89c059d72f3c94cb152847
2f451f96dbdc64ae829c275ccecb6415da0f15b10e6acfad46a214df7f996fa6
GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 24 Mar 2023 12:10:19 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tX15L3R_21vhJcfkCUWLlbyeZYkbixcGPPAnTJsaYIAWQYF-3rjX4Q==
Vary: Origin
siteintercept.qualtrics.com/dxjsmodule/12.1eb0596da2d0e4d109cf.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=us-citionline.com
104.17.208.240200 OK 36 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/12.1eb0596da2d0e4d109cf.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=us-citionline.com
IP 104.17.208.240:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b2a53052a742db9522600eac22e8df3d
3e4c5c607624d2880115c56dc236cb441b691b9a
0c15d5290dd2af903cf7f6b16f5d8da15ca779ac990f983fe4e438525bfbb8fd
GET /dxjsmodule/12.1eb0596da2d0e4d109cf.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=us-citionline.com HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:19 GMT
content-type: application/javascript
cf-ray: 7acecf7229fa067b-OSL
access-control-allow-origin: *
age: 196355
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"10376-186dc6be158"
last-modified: Mon, 13 Mar 2023 19:21:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66422
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
142.250.74.168302 Found 280 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 24 Mar 2023 12:10:19 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash af767a0f38aa932dc23106c403e9b5f3
5a5662e147f43d1561ba78517738f6be86eb2cde
359fea0fbdd5740a613795d4491c534ebf14e2ffb55edf78c80dc0dde78c42e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1679659830362&cv=11&fst=1679659830362&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&hn=www.googleadservices.com&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&auid=163247886.1679659830&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.130200 OK 4.6 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1679659830362&cv=11&fst=1679659830362&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&hn=www.googleadservices.com&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&auid=163247886.1679659830&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (7234)
Hash 91578d8dc05fdef26106b5e634f101d7
7cdcac1fa737b4702a488e224d71b10bd3d6de7d
87eefa798f97b1876a7ec1b7467f92e8b6cd66b32b8dbe89b85f79dbe7c97ed2
GET /pagead/viewthroughconversion/916451471/?random=1679659830362&cv=11&fst=1679659830362&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&hn=www.googleadservices.com&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&auid=163247886.1679659830&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1246
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 24-Mar-2023 12:25:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
68.219.88.97302 Found 0 B IP 68.219.88.97:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&RedC=c.clarity.ms&MXFR=17F8C397CAE06D3F2BC3D149CEE06307
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=17F8C397CAE06D3F2BC3D149CEE06307; domain=.clarity.ms; expires=Wed, 17-Apr-2024 12:10:20 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Fri, 24 Mar 2023 12:10:19 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash af767a0f38aa932dc23106c403e9b5f3
5a5662e147f43d1561ba78517738f6be86eb2cde
359fea0fbdd5740a613795d4491c534ebf14e2ffb55edf78c80dc0dde78c42e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc5NjU5ODMwNDQwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODcxMzg3MDEwMDE2OS0wZTA2NWRkZTNjNmY5NS1jNTA1NDI1LTE0MDAwMC0xODcxMzg3MDEwMTM5NCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdXMtY2l0aW9ubGluZS5jb20vaWJhbmsvIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjQxM2MtNzMzNi0xYzQ3LWQ2YTctZTNlMy0yYWQ5LTMwNmEtYjgxNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjc5NjU5ODMwNDM5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDk1Miwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDIuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDIuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3OTY1OTgzMDQ0MCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc5NjU5ODMwNDQwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODcxMzg3MDEwMDE2OS0wZTA2NWRkZTNjNmY5NS1jNTA1NDI1LTE0MDAwMC0xODcxMzg3MDEwMTM5NCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdXMtY2l0aW9ubGluZS5jb20vaWJhbmsvIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjQxM2MtNzMzNi0xYzQ3LWQ2YTctZTNlMy0yYWQ5LTMwNmEtYjgxNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjc5NjU5ODMwNDM5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDk1Miwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDIuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDIuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3OTY1OTgzMDQ0MCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc5NjU5ODMwNDQwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODcxMzg3MDEwMDE2OS0wZTA2NWRkZTNjNmY5NS1jNTA1NDI1LTE0MDAwMC0xODcxMzg3MDEwMTM5NCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdXMtY2l0aW9ubGluZS5jb20vaWJhbmsvIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjQxM2MtNzMzNi0xYzQ3LWQ2YTctZTNlMy0yYWQ5LTMwNmEtYjgxNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjc5NjU5ODMwNDM5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDk1Miwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDIuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDIuMSIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3OTY1OTgzMDQ0MCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/
HTTP/1.1 200 OK
Date: Fri, 24 Mar 2023 12:10:20 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-641d
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 3.1 kB URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
File type JSON data\012- , ASCII text, with very long lines (8358), with no line terminators
Hash 1856c2fbc84a20c5d3dc093b5fda2465
5a8931332833a791e825ca7e287e608a695c9dac
1010521916fd84ccac386f1f424f6a20a0bda5fb9374310cbe7f4a31bce45df3
POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 111
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/json
cf-ray: 7acecf736b12067b-OSL
access-control-allow-origin: http://us-citionline.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 01a8978704fa9671
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b0ed7d316212efa2b3ef7d98d24b9125
2f2078419c164074981bb5451e5c8e0de4fe17ec
99584b096bb7545bb0fdd5f435b4444c7c3ad6c42a86844fb39ea8228bc6a21f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c.bing.com/c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&RedC=c.clarity.ms&MXFR=17F8C397CAE06D3F2BC3D149CEE06307
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&RedC=c.clarity.ms&MXFR=17F8C397CAE06D3F2BC3D149CEE06307
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&RedC=c.clarity.ms&MXFR=17F8C397CAE06D3F2BC3D149CEE06307 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&MUID=2D264D1B567165B811495FC557846489
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=2D264D1B567165B811495FC557846489; domain=.bing.com; expires=Wed, 17-Apr-2024 12:10:20 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Fri, 31-Mar-2023 12:10:20 GMT; path=/; SameSite=None; Secure;
SRM_B=2D264D1B567165B811495FC557846489; domain=c.bing.com; expires=Wed, 17-Apr-2024 12:10:20 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 333C494001134091BC3429DA44F542F6 Ref B: OSL30EDGE0517 Ref C: 2023-03-24T12:10:20Z
date: Fri, 24 Mar 2023 12:10:19 GMT
content-length: 0
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/916451471/?random=1679659830362&cv=11&fst=1679659200000&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3907712978&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/916451471/?random=1679659830362&cv=11&fst=1679659200000&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3907712978&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1679659830362&cv=11&fst=1679659200000&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3907712978&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/916451471/?random=1679659830508&cv=9&fst=1679659200000&num=1&bg=ffffff&guid=ON&eid=466465926&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4130233529&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/916451471/?random=1679659830508&cv=9&fst=1679659200000&num=1&bg=ffffff&guid=ON&eid=466465926&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4130233529&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1679659830508&cv=9&fst=1679659200000&num=1&bg=ffffff&guid=ON&eid=466465926&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4130233529&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&MUID=2D264D1B567165B811495FC557846489
68.219.88.97200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&MUID=2D264D1B567165B811495FC557846489
IP 68.219.88.97:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?ctsa=mr&CtsSyncId=777D1ECFE45846B1853E1BF120C7DED6&MUID=2D264D1B567165B811495FC557846489 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://us-citionline.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 16 Mar 2023 17:16:22 GMT
accept-ranges: bytes
etag: "c4b6d572b58d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Fri, 24-Mar-2023 12:20:20 GMT; path=/; SameSite=None; Secure;
date: Fri, 24 Mar 2023 12:10:20 GMT
content-length: 42
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 34 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash a04e45e8cdc1681a795ae848e948c69d
442d130cf305b4554130ec8dfefb37ddbbbd30f2
b9799dbf9a0f9e941a8109a9853e80a2839f36f05039fca4a7e3c71142a3e5bc
GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/javascript
cf-ray: 7acecf750cb7067b-OSL
access-control-allow-origin: *
age: 196357
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19a13-186dc6be158"
last-modified: Mon, 13 Mar 2023 19:21:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=104979
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/959299794/?random=1679659830523&cv=9&fst=1679659200000&num=1&bg=ffffff&guid=ON&eid=466465925&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=100541288&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/959299794/?random=1679659830523&cv=9&fst=1679659200000&num=1&bg=ffffff&guid=ON&eid=466465925&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=100541288&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1679659830523&cv=9&fst=1679659200000&num=1&bg=ffffff&guid=ON&eid=466465925&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=100541288&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10955006959/?random=1679659830638&cv=11&fst=1679659200000&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=801366352&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10955006959/?random=1679659830638&cv=11&fst=1679659200000&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=801366352&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10955006959/?random=1679659830638&cv=11&fst=1679659200000&bg=ffffff&guid=ON&async=1>m=45be33m0&u_w=1280&u_h=1024&url=http%3A%2F%2Fus-citionline.com%2Fibank%2F&frm=0&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=801366352&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 24 Mar 2023 12:10:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b0ed7d316212efa2b3ef7d98d24b9125
2f2078419c164074981bb5451e5c8e0de4fe17ec
99584b096bb7545bb0fdd5f435b4444c7c3ad6c42a86844fb39ea8228bc6a21f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 24 Mar 2023 12:10:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 23 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
File type Unicode text, UTF-8 text, with very long lines (62870), with no line terminators
Hash 44b1f643355fe950678e6a9489ed4d5a
4fad7281d0ce99b340ac4e569b7c33b201959e51
e89bad11c9b7a6fcf3daa8ee73af7551fd8b18c49f665dcb912f87d21234e7f1
GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/javascript
cf-ray: 7acecf75dd6d067b-OSL
access-control-allow-origin: *
age: 196356
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"fe99-186dc6be158"
last-modified: Mon, 13 Mar 2023 19:21:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=65177
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://us-citionline.com&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 1.2 kB URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://us-citionline.com&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
File type JSON data\012- , ASCII text, with very long lines (5521), with no line terminators
Hash de61983a58b53854792f530c6670f4e5
0881ac6bdf5821017db9bbe2c06010f7a5783e3a
231b281f1ae0813d5964e25119cbfe7050f16ac9471fe25ded7201fc5ae2d9b0
GET /WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://us-citionline.com&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/json
cf-ray: 7acecf75dd71067b-OSL
access-control-allow-origin: *
age: 1786
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Mon, 21 Mar 2033 11:40:34 GMT
last-modified: Fri, 24 Mar 2023 11:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/1.c3764dd280c040bd6b50.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 8.9 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/1.c3764dd280c040bd6b50.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
File type ASCII text, with very long lines (29006), with no line terminators
Hash 5d3613b60d995b18cad0a9d83be318c9
e8009081f1127d5f302f8d7cb97b21b4758e0b7b
f00bca7c9f9c8fe025b42b213f33ccc4d003fa43c78c1943adfaadb664fcdfb5
GET /dxjsmodule/1.c3764dd280c040bd6b50.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/javascript
cf-ray: 7acecf75cd62067b-OSL
access-control-allow-origin: *
age: 196357
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"745f-186dc6be158"
last-modified: Mon, 13 Mar 2023 19:21:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29791
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png
104.17.208.240200 OK 254 B URL HTTP/2 siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png
IP 104.17.208.240:0
File type PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Hash 48240b2998738f29efb197386e688338
2a864e0cdba56126f8eb46d4945b758c7c732bcd
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
GET /WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: image/png
content-length: 254
cf-ray: 7acecf77bfa1067b-OSL
accept-ranges: bytes
age: 25106452
cache-control: max-age=315360000, public
expires: Mon, 23 Feb 2032 07:18:15 GMT
last-modified: Wed, 23 Feb 2022 00:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
referrer-policy: strict-origin-when-cross-origin
servershortname:
trace-id: d15759f42a15818a
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
server: cloudflare
X-Firefox-Spdy: h2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
52.154.174.214200 OK 626 B URL HTTP/2 contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (626), with no line terminators
Hash 5df58e11b5c8352665dcd68d53febc51
8b787c60fbdfdf7666ba2d6339c2b2c3df0111da
916e6cb0e6f8872c6c45008e4932fb42f4a31bbb0a74609346b7c24b5ebdf9ec
POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3182
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 626
date: Fri, 24 Mar 2023 12:10:19 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 362b7edb-2ad7-4b97-9b16-85b11ee97234
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://us-citionline.com&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://us-citionline.com&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://us-citionline.com&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/json
cf-ray: 7acecf75dd73067b-OSL
access-control-allow-origin: *
age: 1786
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Mon, 21 Mar 2033 11:40:33 GMT
last-modified: Fri, 24 Mar 2023 11:40:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_007
148.163.122.62200 OK 0 B URL HTTP/1.1 us-citionline.com/ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_007
IP 148.163.122.62:0
Analyzer Verdict Alert fortinet Phishing
GET /ibank/Online%20Banking,%20Mortgages,%20Personal%20Loans,%20Investing%20Citi.com2_files/js_007 HTTP/1.1
Host: us-citionline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://us-citionline.com/ibank/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
last-modified: Fri, 24 Mar 2023 11:06:28 GMT
accept-ranges: bytes
content-length: 105524
date: Fri, 24 Mar 2023 12:10:14 GMT
siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&r=1679659831170
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&r=1679659831170
IP 104.17.208.240:0
POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&r=1679659831170 HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://us-citionline.com
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 7acecf77bfa6067b-OSL
access-control-allow-origin: http://us-citionline.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: a18014a9e2994762
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/7.87dfbe2be9da2ca19459.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/7.87dfbe2be9da2ca19459.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.208.240:0
GET /dxjsmodule/7.87dfbe2be9da2ca19459.chunk.js?Q_CLIENTVERSION=1.86.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://us-citionline.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 24 Mar 2023 12:10:20 GMT
content-type: application/javascript
cf-ray: 7acecf75cd5f067b-OSL
access-control-allow-origin: *
age: 59160
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9da-186dc6be158"
last-modified: Mon, 13 Mar 2023 19:21:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2522
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2