r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15965
Expires: Sun, 22 Jan 2023 10:05:19 GMT
Date: Sun, 22 Jan 2023 05:39:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 20d267853e48ef7d476459ed67da5d97
06d1bd08efd69c0e93486d3c423fa2640f372d29
24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20178
Expires: Sun, 22 Jan 2023 11:15:32 GMT
Date: Sun, 22 Jan 2023 05:39:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 38c102db4bcfb9c4fb19174986950fd3
51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3
dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8337
Expires: Sun, 22 Jan 2023 07:58:11 GMT
Date: Sun, 22 Jan 2023 05:39:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 05:34:48 GMT
content-type: application/json
age: 266
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JEiuKSvmYEQr3ym2ONSAcoa38V1TvVvw8dbMggQno1IzhWEXYr8K9ybVkhLosWb/xuANvYE3vbzwIaAC76w95Q==
x-amz-request-id: AWM24NV086ST18CG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 04:47:09 GMT
age: 3125
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 05:39:14 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/
69.169.81.200200 OK 357 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61428)
Size 357 kB (356999 bytes)
Hash a44e75a74f50ba152d2abbf0e73e7d8b
9cb20517f61b441e4fe5e7af885e74056d49f034
3a1a0fd491a93cf2241e1f37606ebb4ccc5b2fdb0ed3591060edb98ad2603c97
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/ HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
sistemasaf.com.br/cit-verification-center/run/i_files/f.txt
69.169.81.200200 OK 9.2 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f.txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (1928)
Hash 2e3b34c4a32f44c7b7f99c3fa6790214
16b305b5caf679202fe39ade3169ffb282ac4bd5
6515ee30532386905fc8e115cf56a0a7d77d735c3eda3696f5ef14b374d23aef
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f.txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9202
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/1560.js.download
69.169.81.200200 OK 3.4 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/1560.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (13245), with no line terminators
Hash bc3113c13b49be9d16e87d10d9bf1068
a9a2632d73a01951314a60c391d23fd5f8c44cf7
7fb4acf6059dd89576be67d079e676cdd8b3ad5ec6ab1199a73e496ae26a5301
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/1560.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3399
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/up_loader.1.1.0.js.download
69.169.81.200200 OK 2.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/up_loader.1.1.0.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (5719), with no line terminators
Hash cdef4c8ae36cdf6232cd3b0fc8d8562e
6f1c1e08f338f9b4aaf50a673a3d8b74d96e26d0
b31d53c066ea9a8411ed2a002e157c05d38e7c8311b0c6d99f98d8ee38ad4dcc
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/up_loader.1.1.0.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2032
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/www-widgetapi.js.download
69.169.81.200200 OK 8.6 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/www-widgetapi.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (658)
Hash 223975af8f18773705eab7babaf27d0d
b5fbc4e46b98fd60716cd0f47aa0fc8b35ebe63b
188e86fbd93be1a2973c25d907b7a1c5507351d3428d00d1d4fdd839cced9607
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/www-widgetapi.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8634
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/iframe_api
69.169.81.200200 OK 492 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/iframe_api
IP 69.169.81.200:0
File type ASCII text, with very long lines (858)
Hash cfc9c5fb4bb5481e7b55c9e891033332
529222c4b7449f0ba82c6e43a685a51d3ff228b4
58310f373ead433e9a991f7309b0daf0be2ad1c68853d1c7b0c8ab1c1caf5c81
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/iframe_api HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 492
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/cyss.js.download
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/cyss.js.download
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/cyss.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/f(1).txt
69.169.81.200200 OK 3.7 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(1).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (3410)
Hash 55356cbdebbb9a3b043199c19741083e
9bdbd231ade1e3a35a56446a1cd48a1f2f73e55e
6b9bc9c31d66b4088e601d0dd842718e02a817526c4274ec3f5e99de97058079
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(1).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3696
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/48070ca8866144aeed1d66dda4fe04f2.js.download
69.169.81.200200 OK 948 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/48070ca8866144aeed1d66dda4fe04f2.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (525)
Hash a21c4d72637a2110f47765418a985e9c
004abf1c78585715452bf1ccda5e2f065f307528
1cf13c08854caade164d3718da65c0d23456f8ad167504990ccfc98a28ac86a3
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/48070ca8866144aeed1d66dda4fe04f2.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 948
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/bk-coretag.js.download
69.169.81.200200 OK 9.6 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/bk-coretag.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (27290)
Hash af23420a22a3fc8eac1214d804a4e49c
234cecbd7721575d1107f34fe705fd535c07267a
c241a03ac954b4bbdb47d8e363863167bdbc7ddf1d19055cd4f468a5bc21a54e
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/bk-coretag.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9602
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/ee55763bbebca7805817a98103ec6f50.js.download
69.169.81.200200 OK 480 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ee55763bbebca7805817a98103ec6f50.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (521)
Hash cbfc5d8cbb3795b96850ba3a5c9fd2a1
f84bd1d4236a3974a73e3d61a8233902de626ed5
3191094617bf0149f09502c9843e682a5cb860a894085afc9055b386e36fc208
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/ee55763bbebca7805817a98103ec6f50.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 480
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/c1be2c6d98ee0eb8bef7b9592e4af591.js.download
69.169.81.200200 OK 1.5 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/c1be2c6d98ee0eb8bef7b9592e4af591.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (538)
Hash 2240b193657ab8b3af1c28a73f5ceec2
74ed74c7c4df2f00d5ee7010dfda1e0d2ee20c6f
15485594cc3df6bd1752fd70458b06b33c1a10a5ce6b50df9dae76320827c750
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/c1be2c6d98ee0eb8bef7b9592e4af591.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1504
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/a7ced03ab72ce0c98e735e9f97825350.js.download
69.169.81.200200 OK 531 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/a7ced03ab72ce0c98e735e9f97825350.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (515)
Hash 6e866494b189e2691b372ab68469f3bc
ba573f2f524cbf20bf15bc5b474ffdfbaeefee4b
c49de389c41b64c3409237455e333c60e072cb1b323a1a5bb71c6e34367b9c47
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/a7ced03ab72ce0c98e735e9f97825350.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 531
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/c39ddbd01350652497bc83ed394283ce.js.download
69.169.81.200200 OK 1.9 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/c39ddbd01350652497bc83ed394283ce.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (637)
Hash 1b39401e21591d7ca7a4bd1fe40603a5
96c75e4550941f4bcd749c51aea5ef7386d45eab
785e443f47eb0ca946731b8d703039f141e3b38ba281819cf10d3b37e2b2f9e6
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/c39ddbd01350652497bc83ed394283ce.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:14 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1875
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/2906f06ed928da15ec22eab16f8f3588.js.download
69.169.81.200200 OK 268 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/2906f06ed928da15ec22eab16f8f3588.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (448), with no line terminators
Hash df955cd972807338c9fa5d5c635c9dc4
1f0aef693ed301abfaf6e552c4349b63e13a155d
1dd74190de2ccda4bd4da4f3dd89e29c3f98b39ea56b22d23adacd4f128971c9
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/2906f06ed928da15ec22eab16f8f3588.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 268
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/7c93b0d791894850cfc5f7fe11441859.js.download
69.169.81.200200 OK 4.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/7c93b0d791894850cfc5f7fe11441859.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (556)
Hash eacab7439e5f8a754accf3024b8d9d90
ca942799f2daa17c67b68a15c68ea94a192693a4
2fcb6fe25136ac7004c74f4c3b7b365421368f09856ac662395e6329a6849947
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/7c93b0d791894850cfc5f7fe11441859.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4036
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/8637af7c210f4e79436bc39f71b49bfa.js.download
69.169.81.200200 OK 539 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/8637af7c210f4e79436bc39f71b49bfa.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (523)
Hash 09080bafeae8dfdb97ab5f5402ee54fe
2b22e9a204dc28a819021d8b12d9ec91c1f0dca7
c96eca6a30efdbdc214d8a4d8631f66a9ea52edab286d1e46c4e277befd9282a
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/8637af7c210f4e79436bc39f71b49bfa.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 539
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/557566dc60916e3de69e006bef252459.js.download
69.169.81.200200 OK 763 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/557566dc60916e3de69e006bef252459.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (1964)
Hash 317da12924228063a155ef6c18f54170
fecd1e51b4925ccda28b428e512ef25cb65b34ea
2ef1ab0033be93a4c92819bf929938a96738d6ee544bc5b4bdd9fe6eb4aa00ae
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/557566dc60916e3de69e006bef252459.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 763
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/ac1983fb1741bbd6bf2b1d3952ef4733.js.download
69.169.81.200200 OK 192 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ac1983fb1741bbd6bf2b1d3952ef4733.js.download
IP 69.169.81.200:0
File type ASCII text, with no line terminators
Hash 93cce6b41556e5245c66453c9c42685a
e3cd553e1f95520d920898e5e7066ba5fc6a83ec
90508281cd85d0ce854704f16b1f0a1fa330f7e217c6c3a692851efc5086e6df
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/ac1983fb1741bbd6bf2b1d3952ef4733.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 192
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/fdf45a7c15c1cee06bb71e10dac4e26e.js.download
69.169.81.200200 OK 548 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/fdf45a7c15c1cee06bb71e10dac4e26e.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (524)
Hash 38e6a3a3c9a5b9bdbf4c2afa815a0eab
e59ec1f408515c29253192f01d6c445152ed6c7e
44f8d4a027af822df7160def12841736ccb9b39e6431121acae31a8713baf045
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/fdf45a7c15c1cee06bb71e10dac4e26e.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 548
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/ca46c5bf352400884a2dcc23a663a350.js.download
69.169.81.200200 OK 661 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ca46c5bf352400884a2dcc23a663a350.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (549)
Hash 61b7071356091f80441dbf366761595b
cc83bc293d187575aee37911c65c29810b08f579
fc3c798a45caab45a8fc718d1791cad19e7f80e44e9ea63fef0272ff48de5afd
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/ca46c5bf352400884a2dcc23a663a350.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 661
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/e184b9bc5014d4a441254fcff9379c8e.js.download
69.169.81.200200 OK 50 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/e184b9bc5014d4a441254fcff9379c8e.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (554)
Hash 9a481d28f584d9f7fb20fc561afbe3f5
2282d4d15c2c5bbd8b0e7e93c3e197adc644f66b
66ceaf369001be668877b62e75c9034d4846a2e7dcbd1229ad9181e1bc7f77e0
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/e184b9bc5014d4a441254fcff9379c8e.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 50477
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/5a7f00a6f1270d62f675f3d7eb477fb0.js.download
69.169.81.200200 OK 32 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/5a7f00a6f1270d62f675f3d7eb477fb0.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (603)
Hash 5574ae1bd017930ee914145eea856d66
823fd511ee87522c0df93e7ba64d2bc904121ea1
9974159406966ebffef2287097e74b8ec368245437bc8e27456b4634a1e1e9ba
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/5a7f00a6f1270d62f675f3d7eb477fb0.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 31735
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/36df5df73cf09909048a1bd36dbaab01.js.download
69.169.81.200200 OK 79 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/36df5df73cf09909048a1bd36dbaab01.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (965)
Hash 7d68d07cf59be510a1d10addb24dced3
6d063a3723e11a9f43bbb6cdd870750f4bc0142b
a4cad8fb254abd4db6dbd82ba3c406f3b96ea9594293d71d709885ab4ab2a4d4
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/36df5df73cf09909048a1bd36dbaab01.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/cool-2.1.15.min.js.download
69.169.81.200200 OK 5.2 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/cool-2.1.15.min.js.download
IP 69.169.81.200:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/cool-2.1.15.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5197
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/serverComponent.php
69.169.81.200200 OK 2.2 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/serverComponent.php
IP 69.169.81.200:0
File type ASCII text, with very long lines (2187)
Hash 5c8776f0f14654c55a99f25e85840b77
9fff5fad93380482a2f430ba6f58b02d4cc81229
7758ab4571c15b80d38d1e8d41d39e079a56520929f5e860294af5985a853e8b
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/serverComponent.php HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
sistemasaf.com.br/cit-verification-center/run/i_files/js(1)
69.169.81.200200 OK 28 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/js(1)
IP 69.169.81.200:0
File type ASCII text, with very long lines (1557)
Hash ac8e1242c3ec8d78aa9e961a13a28dc5
0f27bfa6d7aac2e65c882c38d183677dbf113149
ae76365dd1e9f8ab886340a2f784373faa4596aa33db1dc33099b7f4d3dcc8f8
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/js(1) HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 28267
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/tc.min.js.download
69.169.81.200200 OK 6.4 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/tc.min.js.download
IP 69.169.81.200:0
File type C source, ASCII text, with very long lines (20027)
Hash fc6c462497a23605e36a2a10efc69f38
52425938e291994ff426856e15a4d0012aaaa91e
e147cbdc6639c17f263465eba7d85437e3d58d3e762d8a045d6317a874ef24a7
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/tc.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6375
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/tagging.js.download
69.169.81.200200 OK 9.5 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/tagging.js.download
IP 69.169.81.200:0
Hash e6abcdf56286a65702b4c8b2374e321f
1d97e2c9785aaed7b7cd5a4e48c1e81e7275c7a5
68ded42ea5a5511f82e84cc6d26861d59f96f351f77bca2257a04b4441ff6560
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/tagging.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9546
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/main.css
69.169.81.200200 OK 7.2 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/main.css
IP 69.169.81.200:0
File type ASCII text, with very long lines (46263), with no line terminators
Hash e35831fac9205edb52367168d72ef08c
3f5521fc39ce9258885f51e10f80360c75774f3f
9055e7bd267f9edefb8158d28b286173ed3d37f36fa26a3fc45a81d55819b766
GET /cit-verification-center/run/i_files/main.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7167
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
sistemasaf.com.br/cit-verification-center/run/i_files/js
69.169.81.200200 OK 28 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/js
IP 69.169.81.200:0
File type ASCII text, with very long lines (1557)
Hash d3158c2da0badd1fbd98001991ab4f95
876c391227f3d98d9b48bc320623d7afb4774dd1
d5c9c2b4f224cee4cf5d224b9e08f97cf5207f96d99831c87ee34e8fd4a45dfa
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/js HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 28268
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 05:17:30 GMT
age: 1305
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/jfpm.autocomplete.off.js.download
69.169.81.200200 OK 344 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/jfpm.autocomplete.off.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (1035), with no line terminators
Hash 833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/jfpm.autocomplete.off.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 344
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9039ab84a4c1abb1c2d140b0372b9965
4641f05089490d43d2d558899b749bf870347e55
b23d96a98eabf609f2cfe0dd6db6c77170a2989afe2c9a6b146fab00785ef294
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2717
Cache-Control: max-age=159926
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:15 GMT
Etag: "63cc8f1c-1d7"
Expires: Tue, 24 Jan 2023 02:04:41 GMT
Last-Modified: Sun, 22 Jan 2023 01:19:24 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
sistemasaf.com.br/cit-verification-center/run/i_files/target.js.download
69.169.81.200200 OK 14 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/target.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (43328)
Hash fb49060d82da541c9c62c193b8fb922a
8b86b69b403ffaba3655a27936d64ade849e2818
9840167954c2fc6c12b4ff317514f9e5afbe1e75bd759854c6cca8acfc8b6d7d
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/target.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14200
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/Bootstrap.js.download
69.169.81.200200 OK 46 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/Bootstrap.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (579)
Hash c51347fa13e05eedf71e6dbcbd396fd3
982a7f70523a885d892e2be55d9ff41d7eb04d08
360940735ae9ff08df6271c9d6c73dab01de25bba38181fa40165149147f5601
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/Bootstrap.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46003
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
104.110.15.25200 OK 47 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP 104.110.15.25:0
File type ASCII text, with very long lines (900)
Hash c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd
GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Sun, 22 Jan 2023 11:39:15 GMT
date: Sun, 22 Jan 2023 05:39:15 GMT
set-cookie: AKMTLTSID=5BBAA8478080C3FC3970289249669305; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/ajax
69.169.81.200200 OK 431 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ajax
IP 69.169.81.200:0
File type ASCII text, with very long lines (311), with CRLF line terminators
Hash 28476a6f4d27523ee38fa2b140f65a9c
f9f51353eb20ac5856a4bdf8bcec38eb298ac9f2
6333fb854e57626dedef4b97bf5369202ccafbcea58c59c1460f340c2baa0412
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/ajax HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 431
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/vendor.js.download
69.169.81.200200 OK 65 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/vendor.js.download
IP 69.169.81.200:0
File type Unicode text, UTF-8 text, with very long lines (65509)
Hash 989dc2644c0984b85f913b4ab2d7bd1c
76a83eec6636640df68c5a8c3a95cff6aacc3ae1
6affa2fb9b5eb7ab5b9c610614dbe7591472681265bdc63c62eed556f5ff07c0
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/vendor.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/homePage.min.css
69.169.81.200200 OK 5.1 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/homePage.min.css
IP 69.169.81.200:0
File type ASCII text, with very long lines (24624), with no line terminators
Hash 70047a4ca36e4feb0e3e0e57704f785e
ff4186a6bd83755108f23878d5f26cc982d95c7e
5c49f56ff0af7c3eabda1ecf0183e148b728b520b4fd3800dda7e9d750dcf3bc
GET /cit-verification-center/run/i_files/homePage.min.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5056
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash ace90ee2f1ce8ca0d69556c6398555a6
49b53ab37b77ebf26525ef3a84aaa9a817af9df4
6d66736ed5245c62987c88f0c3570eefd8f45c09f60dc9b2e1d585f05d1f00e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sistemasaf.com.br/cit-verification-center/run/i_files/jquery.tmpl.js.download
69.169.81.200200 OK 2.9 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/jquery.tmpl.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (5928)
Hash f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/jquery.tmpl.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2905
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/fp.min.js.download
69.169.81.200200 OK 4.3 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/fp.min.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (13962)
Hash 27f9ab19c322976f5822e72e5b9c9a69
bcce8cd4953c0345ef8e6ca6fd7ecd957fdd22b1
de9b5b8646deab39b5d569762163790e93cb17146e302511c1ba62303db9ae02
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/fp.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4331
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
s.ytimg.com/yts/jsbin/www-widgetapi-vflhiN9BI/www-widgetapi.js
142.250.74.174200 OK 8.7 kB URL HTTP/2 s.ytimg.com/yts/jsbin/www-widgetapi-vflhiN9BI/www-widgetapi.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (658)
Hash a74ce18c79d6b5adea995e6460fc97c3
fec93285503f9f9b2cf646c46b5d5917ba31aa24
a6ee0238d52d65430c5e16622d0bd230ddf7e8aded89d9638f5f9f69201976d9
GET /yts/jsbin/www-widgetapi-vflhiN9BI/www-widgetapi.js HTTP/1.1
Host: s.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: https://www.youtube.com
content-length: 8680
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 21:51:21 GMT
expires: Fri, 27 Jan 2023 21:51:21 GMT
cache-control: public, max-age=691200
last-modified: Wed, 06 Nov 2019 17:46:15 GMT
content-type: text/javascript
age: 200874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.css
69.169.81.200200 OK 71 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.css
IP 69.169.81.200:0
File type ASCII text, with very long lines (53378), with CRLF line terminators
Hash 1f0cd5066f87b76b49fd8cdfbe7c6e14
6e50a3c49ef642bc3befef2be3770ddb7a5c3ec5
41800223e2928b21a3be302152c92bd411fad11e60de78f0645df77b8ca782f4
GET /cit-verification-center/run/i_files/ddl.min.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
sistemasaf.com.br/cit-verification-center/run/i_files/tag.js.download
69.169.81.200200 OK 6.5 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/tag.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (18620), with no line terminators
Hash dad7df2fd4036ed7edd1ecde46ec34d2
ac3e7026c0fc104865195a3f518d2a1a1c2e8aef
de13e7e34ce5196d728c9e5ed37623a768f618df74bd6347aba9ff722558bcd7
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/tag.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6503
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-responsive.css
69.169.81.200200 OK 13 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-responsive.css
IP 69.169.81.200:0
File type ASCII text, with very long lines (15347)
Hash 05b46a49abf684c5ff47fd39f1b43936
229296003d3970dfcdc738e6ab208c312d9cebc2
4e3413877f4f2afd5be666121a683c3578b3e0711e73d8dba27b514b32f9c843
GET /cit-verification-center/run/i_files/citilive-search-responsive.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12555
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
sistemasaf.com.br/cit-verification-center/run/i_files/cse_element__en.js.download
69.169.81.200200 OK 86 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/cse_element__en.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (2030)
Hash 9e4548aacb7399c6be76a60104773e98
ad0548a8f7beaec87e9bdeb91473e8b566773642
1484dc13b6401db196b99e7a82e8044d1404cac9a16152e0b308e77ec4d42072
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/cse_element__en.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/default.css
69.169.81.200200 OK 2.8 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/default.css
IP 69.169.81.200:0
Hash c12011c17351e409710425c52afe8c40
148c379842d8b7b67dc538c211c989faf20b6d09
e7708b2ecea265b818be17d0c6ee4a69c0188b5a4a55da7135f3a6065f012eb7
GET /cit-verification-center/run/i_files/default.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2820
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
sistemasaf.com.br/cit-verification-center/run/i_files/logo.js.download
69.169.81.200200 OK 108 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/logo.js.download
IP 69.169.81.200:0
File type ASCII text, with no line terminators
Hash 8436e95c0b702d03cb6130f61c143229
be5b2209c8b6956b9ccb44575b31952b00e34e51
ebbe06a7e789d149a1ed04158ddb8d21ccf66b24e614dc875171c5a5ae6afd90
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/logo.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 108
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fc96297d0b59147e8f6052b16f1ca13f
23aeddfa143bb9be19b2ed06f2024a3a8aa120ce
034327c6ada560c662f451f3c95cd8531482d4ab51629e95875fab54c8f3e49a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3265
Cache-Control: max-age=102118
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:15 GMT
Etag: "63cbab28-1d7"
Expires: Mon, 23 Jan 2023 10:01:13 GMT
Last-Modified: Sat, 21 Jan 2023 09:06:48 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash ace90ee2f1ce8ca0d69556c6398555a6
49b53ab37b77ebf26525ef3a84aaa9a817af9df4
6d66736ed5245c62987c88f0c3570eefd8f45c09f60dc9b2e1d585f05d1f00e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sistemasaf.com.br/cit-verification-center/run/i_files/flex_taglet.js.download
69.169.81.200200 OK 3.1 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/flex_taglet.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (1180)
Hash 2d940935f39e5c9815401970a64a39b4
5351ba4b0135fe3ccf9d91a5ae977d23c419d042
317b541e97d3e483a2dc5a4168a4f6b301b895adb2947dcb74d00a7195b35b91
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/flex_taglet.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3074
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/tags.js.download
69.169.81.200200 OK 10 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/tags.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (5685)
Hash 8af41c2580628251954f92bce9a0e631
0ca2eba23806d467c1bac8c99071d660a7ec9235
258bf85ec88c775a47c0bb0ac60caad0bb13d76de8800bc572f20170b778a20d
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/tags.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10343
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/embed.js.download
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/embed.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (488)
Hash c43e413efcc7a219703f1e1ad22b5748
69b19985bc8521ccab0be8acdf2d9753c3044340
451829f2b873c85f99481a221f512fc9646d65901043e551bd0fe168afd00575
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/embed.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1044
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/f(2).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(2).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2262), with no line terminators
Hash ff69889844573a90748a079a17707d6c
8322bdbcb844540c404b29dea18f9d300bea1e30
888d92c77d7fdcd5d6033be1bd7a26a5d605ff47c6a0237e54e4a89aaa15666c
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(2).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1001
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(3).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(3).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2262), with no line terminators
Hash 50295b92c523870e353e35c65ba0ed8a
30b773a0adc91ea2e04b0ac994d97a32641ad15c
436c99b5a05ac315f2a483d0f92341a962f88345c1f194689f63dcb412515f4a
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(3).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1002
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(4).txt
69.169.81.200200 OK 999 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(4).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2260), with no line terminators
Hash 3a7076a8c68877c95cf4b2d169253f1f
22dce0a9dba7e0ecda3a62c476a52a08d3456b21
b76f78873a0428964d5bbaa9703529b48d08132afbc8f113614e460c7539ab2b
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(4).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 999
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/plain
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash f4d171538addb3e350e03876c9c23d81
9874648e426c9a8b65ddcb1d3fc944b8464be9f5
e89b056e51c85f967d05f0cb23a2212d0f391838df414dda9f61e67a96dbefff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash f4d171538addb3e350e03876c9c23d81
9874648e426c9a8b65ddcb1d3fc944b8464be9f5
e89b056e51c85f967d05f0cb23a2212d0f391838df414dda9f61e67a96dbefff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/cse/static/element/b5752d27691147d6/default+en.css
216.58.211.4200 OK 9.0 kB URL HTTP/2 www.google.com/cse/static/element/b5752d27691147d6/default+en.css
IP 216.58.211.4:0
Hash e0ee30b5864996e4741a087730dd73a9
015f105f9b4b83d27d1bc3969af2f18e04221944
21ce466c8fb4ed1a35be07a121bb110f1b8943228a5f380c08a0af6e5b71a02f
GET /cse/static/element/b5752d27691147d6/default+en.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 9042
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 08:12:02 GMT
expires: Sat, 20 Jan 2024 08:12:02 GMT
cache-control: public, max-age=31536000
age: 163633
last-modified: Fri, 20 Sep 2019 16:22:21 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CoTy4l+1qbgd5N1YJLD+hw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4QcVIOD9NlS0CoJI5XMVdl729Hw=
sistemasaf.com.br/cit-verification-center/run/i_files/f(5).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(5).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2262), with no line terminators
Hash b705d388837b649a73eb3974d918c390
5539a9af32862f2c9f33e1abbeeb9b190da47857
46cfa532c57fb4c70a295b0a6085b5cbd87c35e4ecc08a1ef786b7368a828455
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(5).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1002
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(6).txt
69.169.81.200200 OK 999 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(6).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2260), with no line terminators
Hash 6c96a1dc5db3d8051ab40f7d2ae3a1ce
901045d64b1f5cba939fcbb5b3ddb8ab0156ea58
f2353555ccdc32ee3071250a431a9cf53bbd434b8f895c6e89bfe9bf8ddd8070
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(6).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 999
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(8).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(8).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2262), with no line terminators
Hash b628db699faeac3cc85e4f629672d3b2
38d2ad4b811b48c43debdf8ddd43502aa5d2a011
8faee8c8ffd1bb5a990425c85927b1d090d41b055e7387718f5ca1ec98bc91d6
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(8).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1000
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(7).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(7).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2262), with no line terminators
Hash 4d58991d0062a468694a222a33151a40
91f0410604aa15943baf96432a676235f1a58325
eda337bcbba398be8f041bf8688424c557d0c3c03f9e7351137416d2f4f51210
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(7).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1001
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/plain
www.google.com/cse/static/style/look/v3/default.css
216.58.211.4200 OK 2.7 kB URL HTTP/2 www.google.com/cse/static/style/look/v3/default.css
IP 216.58.211.4:0
Hash 55203916eb206dc5c088b43269c819f5
2e4c5697ff9cb1de0a074758a54ec78ed0c720e8
9f6bd6427c2ec1f9cff2bcc7ae6752ef3d3d427de690188f4f46c2327cded3d7
GET /cse/static/style/look/v3/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 2719
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 05:39:15 GMT
expires: Sun, 22 Jan 2023 06:29:15 GMT
cache-control: public, max-age=3000
last-modified: Mon, 25 May 2020 08:30:00 GMT
content-type: text/css
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/f(9).txt
69.169.81.200200 OK 998 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(9).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2260), with no line terminators
Hash aac93c12f0d099e1adc0abb37299508e
f460b02c5bf5c1e778c9566cfd84dab5f986234d
f13210d2198dd18f8ba725122e35155eff313897fd7af1bde1ebc4a08c731bd5
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(9).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 998
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/plain
cdn.tt.omtrdc.net/cdn/target.js
54.230.111.60200 OK 44 kB URL HTTP/1.1 cdn.tt.omtrdc.net/cdn/target.js
IP 54.230.111.60:0
File type ASCII text, with very long lines (43466)
Hash d94f7f548dc11d731f4f5949913bec75
57f396a039b461d4f03fca96cb52996694b14013
052ae5d7723241f0a1439298b26beb4db53772b707b58fb707dfc30d5a22c029
GET /cdn/target.js HTTP/1.1
Host: cdn.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 43693
Connection: keep-alive
Last-Modified: Tue, 27 Oct 2020 11:37:15 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 22 Jan 2023 05:01:48 GMT
Cache-Control: must-revalidate, max-age=3600
ETag: "d94f7f548dc11d731f4f5949913bec75"
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: zcRH-zn2twvVu9FCyXOEkGDLgF7rt2gqJ6cGG0t9iLC6UpTRA1fZbw==
Age: 3285
sistemasaf.com.br/cit-verification-center/run/i_files/f(10).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(10).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2260), with no line terminators
Hash 3d27a298337bd81fbe6a4965e8ac842e
09d330f09c5244f8efb6b9e4c6a7b479c8fb0816
fd03a4b028fce5ec88bfdbfe9359b989e8c37a6e082d0111ce9ce2b96838b9d6
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(10).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1000
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(12).txt
69.169.81.200200 OK 998 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(12).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2260), with no line terminators
Hash 45d5f5dabe5a14fe1ef673a23f4ad4fa
adaef97f556fc495365e4b4d6fe3461439c24345
23888880cfb9650f943c9cc3f719938bdfe254ce4ae0498fe91d68910144d7ea
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(12).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 998
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(13).txt
69.169.81.200200 OK 999 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(13).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2260), with no line terminators
Hash 5f4798757724e6d48743886d23bd8777
91781415a15b756576d10b8f68b42db0e12689a7
0d608d494be41c5c8df280d4b42e9240814bee2aaae29010c395b4d6765ea068
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(13).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 999
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(11).txt
69.169.81.200200 OK 998 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(11).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2258), with no line terminators
Hash a414ea335cd84969200d5752b793e49f
acd1adea05f7092ee3bdaa205d956061798a774c
d8a6631d6db7966cf8efeb49ab80cf378f4966198bf29d009e64e65fd087c8b1
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(11).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 998
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(14).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(14).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2298), with no line terminators
Hash 1e8e42ccedd3a4869f23fdeaa67d4fb1
c3d33cad490f61062f27913fec0c6531959f97a2
6e9e8f719e081fc35b981ede0bbacdd2102fb207b6f54480830e8ca6b289b77f
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(14).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1008
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/plain
sistemasaf.com.br/cit-verification-center/run/i_files/f(15).txt
69.169.81.200200 OK 1.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/f(15).txt
IP 69.169.81.200:0
File type ASCII text, with very long lines (2300), with no line terminators
Hash ac924ce32c5c5d1ead30d883da9783a9
b78d8dd50160fae643804c06ea47c2db96168e02
ec2784d61ab4ad9114396ecd4b9f77aa213fe1c78435bc9e7585097ebe25c379
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/f(15).txt HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:15 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1009
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/plain
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=sistemasaf.com.br&mboxPage=5e8b0c11e50942148ca62637cc1d31bc&screenHeight=1024&screenWidth=1280&browserWidth=1280&browserHeight=939&browserTimeOffset=0&colorDepth=24&mboxSession=5e8b0c11e50942148ca62637cc1d31bc&mboxXDomain=enabled&mboxCount=1&mboxTime=1674365954901&pageDef=jUSCBOL_Loginpage_Uncookied&ProspectCustomer=true&pageLanguage=english&pageLang=en_US_USGCB&mbox=target-global-mbox&mboxId=0&mboxURL=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&mboxReferrer=&mboxVersion=63
52.209.218.31200 OK 747 B URL HTTP/1.1 citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=sistemasaf.com.br&mboxPage=5e8b0c11e50942148ca62637cc1d31bc&screenHeight=1024&screenWidth=1280&browserWidth=1280&browserHeight=939&browserTimeOffset=0&colorDepth=24&mboxSession=5e8b0c11e50942148ca62637cc1d31bc&mboxXDomain=enabled&mboxCount=1&mboxTime=1674365954901&pageDef=jUSCBOL_Loginpage_Uncookied&ProspectCustomer=true&pageLanguage=english&pageLang=en_US_USGCB&mbox=target-global-mbox&mboxId=0&mboxURL=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&mboxReferrer=&mboxVersion=63
IP 52.209.218.31:0
Hash e114792f112d1294f89d6a18bc7c5683
51d1bcd92661c57863f405389774c21b12e4c8fe
91c5cb10f3cb331e0168f674b86f9ecf209a38b6763cb39da3aa6397971efabe
GET /m2/citicorpcreditservic/mbox/ajax?mboxHost=sistemasaf.com.br&mboxPage=5e8b0c11e50942148ca62637cc1d31bc&screenHeight=1024&screenWidth=1280&browserWidth=1280&browserHeight=939&browserTimeOffset=0&colorDepth=24&mboxSession=5e8b0c11e50942148ca62637cc1d31bc&mboxXDomain=enabled&mboxCount=1&mboxTime=1674365954901&pageDef=jUSCBOL_Loginpage_Uncookied&ProspectCustomer=true&pageLanguage=english&pageLang=en_US_USGCB&mbox=target-global-mbox&mboxId=0&mboxURL=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&mboxReferrer=&mboxVersion=63 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
sistemasaf.com.br/cit-verification-center/run/i_files/bcsid.js.download
69.169.81.200200 OK 427 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/bcsid.js.download
IP 69.169.81.200:0
Hash bdde469ce3ac5aed665a40d2050a0f6c
8101769b964f3ed6b5e87306195b621af68f1bd3
aac15e16bae9384aabe21d4faf98354a0d25803540ae650a338a0f81fd626a29
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/bcsid.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 427
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/cbol-smartSearch.css
69.169.81.200200 OK 905 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/cbol-smartSearch.css
IP 69.169.81.200:0
Hash e5db0674ab6de677f8514809080f5839
399dd2989fac17f1196d6936740fd27132c8051d
332149154afbb7557a814e19da0c030e375663013b8c0ce280baac5c94524437
GET /cit-verification-center/run/i_files/cbol-smartSearch.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 905
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
sistemasaf.com.br/cit-verification-center/run/i_files/citiHomePage.min.js.download
69.169.81.200200 OK 4.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citiHomePage.min.js.download
IP 69.169.81.200:0
File type C source, ASCII text, with very long lines (14306), with no line terminators
Hash 64802366776c79ae08da0c720e2ece7a
bab85c4204777489031306bcdf340ebf2e83dc2e
3b5d09f07337ae23b8393cbbfbeb007f0db106b54c67190b152ddeb06078a2ea
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/citiHomePage.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4043
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/peworkflow.min.js.download
69.169.81.200200 OK 1.8 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/peworkflow.min.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (5320), with no line terminators
Hash e09f708fdebb6ceae3ec65d8f367bc8c
33153cbaabc14b63e38731ed32af9f9a82a842ca
f06ea555a0e0b75611f2d5fac91161c4255d537dbb82a34412770b5cc7246868
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/peworkflow.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1803
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/oo_engine.min.js.download
69.169.81.200200 OK 12 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/oo_engine.min.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (32021)
Hash 75ab14791d5d7aa3c3b20b57455f9f91
e310995ce48dab1970402c004b2425bb5c6cbe1c
3eea65d762f75b329804e06958e5ff30724171babb2c178a5487675146fae8d4
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/oo_engine.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11720
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.js.download
69.169.81.200200 OK 18 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (65331), with no line terminators
Hash 08647abe75a038d004fe5482fa4ce9d8
846fe3af0fa307978352f7ecd1cb2cbe18eec818
44da7060a03559ce19cb6f52947ed804b4d61262cefdbc85dfad2aa153828e8e
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/ddl.min.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17727
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/BiocatchATO.js.download
69.169.81.200200 OK 90 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/BiocatchATO.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (31993)
Hash 961c689e02fd71818688d3b8ca573bcd
75bd53f63f5856dd81514735d0dada2f778f2ec4
5e2c48d1203816a5bccd560657cca2388d671fd445fa34bb8da8937d39d19b6c
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/BiocatchATO.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/main.js.download
69.169.81.200200 OK 7.9 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/main.js.download
IP 69.169.81.200:0
File type HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33696), with no line terminators
Hash 6c491fe6936845adb4dc7c6b7189d741
b7a6798af6eddca2a00b2f0b36457a47a11c1713
078c886ff26dfa3f8ed8667ce2a4244411ea1ad4696147c3b22f5eb475b44231
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/main.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7859
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search.js.download
69.169.81.200200 OK 1.1 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search.js.download
IP 69.169.81.200:0
File type HTML document, ASCII text, with very long lines (2558), with no line terminators
Hash eba824a641a35d6f8cc5a6fae69c6eb3
70299da2292c6969300ccf2ba5dcc0076c3858ed
86d6da328bb238beeb45c243adcdda9202abe5dcdf1293f5cdee5b3acb3f81b6
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/citilive-search.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1080
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/cbol-smartSearch-inject.js.download
69.169.81.200200 OK 2.7 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/cbol-smartSearch-inject.js.download
IP 69.169.81.200:0
File type Non-ISO extended-ASCII text
Hash 0becfc3c251c5de60c9223350d8a42a6
1a44691deaf02883abc1741ed23e3f590d1abf8b
5c0e2ddaca36a18ce25fb36f30203f502779870ac465e916215b108cca656a8a
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/cbol-smartSearch-inject.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2673
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/siteseal2p.async.js.download
69.169.81.200200 OK 372 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/siteseal2p.async.js.download
IP 69.169.81.200:0
File type ASCII text, with CRLF line terminators
Hash ba13843e311322d210cd38456e5fb13d
496a3995867baeac4c0188cc2e8cfea0a57810ed
056a61d84e38ffd6e0cfc1d5bcf53cb31139371fb4a76cb4b50dbb8396fbb6dd
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/siteseal2p.async.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 372
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/LPAttributes.js.download
69.169.81.200200 OK 3.8 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/LPAttributes.js.download
IP 69.169.81.200:0
Hash f02bcf86094f76b6c24f43b7d933275c
6054117c4268449df76f51a8ace729e54d93d4be
99cd1019e8cab507107355d9f35c1562d467af2bf84a2b4348c46742ef79481e
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/LPAttributes.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3792
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bab5b8224b9f341b34621cde5e1860df
ecaa48973d920f13516248fe87d88e5c6ca6f725
e7eeb9b9af99d30d549c94936278266eee33f2f0389853213802786ac9afd950
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6358
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:16 GMT
Etag: "63cb9634-1d7"
Last-Modified: Sun, 22 Jan 2023 03:53:18 GMT
Server: ECS (amb/6B82)
X-Cache: HIT
Content-Length: 471
sistemasaf.com.br/cit-verification-center/run/i_files/le-mtagconfig.js.download
69.169.81.200200 OK 745 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/le-mtagconfig.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (1705), with no line terminators
Hash 80bf7b8a90cc416dcdf595de993213a9
9fad7bf2bc9fbbfed8da730a34c3f6f951ded6f7
b7474ae339568afe8634b0e0ce69cbadf6313a2d9646c8e34772affc67f3b26b
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/le-mtagconfig.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 745
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/chatMask.js.download
69.169.81.200200 OK 290 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/chatMask.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (802), with no line terminators
Hash 7cb8671706e29482c24648698c5dc583
bad7dc5f5df81b72d78e8696b0c1e4483230ef2f
c6de5aa42e2ef67bb58aae209426c1611f20456cc5054c9d5438a96df242759a
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/chatMask.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 290
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/chatSiteCatTagging.js.download
69.169.81.200200 OK 646 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/chatSiteCatTagging.js.download
IP 69.169.81.200:0
Hash 072066802e2a46bd0c237ab5eecdb04f
adc04608893d2162ed188ff0332489c7a674bc36
a8cb05021f49f57ef060b4adba59a39e230c0010ff3b00abc0f41af0f01179ba
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/chatSiteCatTagging.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 646
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/chatLPHandler.js.download
69.169.81.200200 OK 1.7 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/chatLPHandler.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (4874), with no line terminators
Hash b1492611661c053ad1e0fe6f71027fe2
8397a3f11dc9faeabb15a140b182421f0c23f0cd
94cbf1f86e88ca635f11861cad6588bb5d47ad9616d7ae530f0c80cd003e7187
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/chatLPHandler.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1705
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript
online.citi.com/GFC/branding/img/Citi-Enterprise-White.png
104.110.15.25200 OK 1.0 kB URL HTTP/2 online.citi.com/GFC/branding/img/Citi-Enterprise-White.png
IP 104.110.15.25:0
File type PNG image data, 140 x 80, 8-bit colormap, non-interlaced\012- data
Hash ec0d1a39d9a1a41cb518b17a78850e0b
02286ad40a81dbee2295d68baa70e06c2b42ad62
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
GET /GFC/branding/img/Citi-Enterprise-White.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
accept-ranges: bytes
content-length: 1040
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Sun, 22 Jan 2023 05:39:16 GMT
set-cookie: AKMTLTSID=3C365FDC24B2E27EF1EF1E13EA620114; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c321348e4328d08d678fc751558dd61b
ac93fa7d0ae5492af95a78ef7da1be72c3838bed
5f6bc598487ad18933a2dd54662e0e9e12558b91f33ce3c8f52fe6db0ccd8913
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 22 Jan 2023 01:42:54 GMT
Expires: Sun, 29 Jan 2023 01:42:53 GMT
Etag: "ac93fa7d0ae5492af95a78ef7da1be72c3838bed"
Cache-Control: max-age=590016,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f2ba0f8f0b02-OSL
sistemasaf.com.br/cit-verification-center/run/i_files/cobrowse_overlay.css
69.169.81.200200 OK 1.6 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/cobrowse_overlay.css
IP 69.169.81.200:0
Hash a253e1ad862e5a30e4729d8b505c3ca6
daaf1ae1e4502a1a32e548000f2f5589900a8ba0
917e190fe65bdd1d7b878b034ba70b4be1ce2ce15b7436030aa507366aae3239
GET /cit-verification-center/run/i_files/cobrowse_overlay.css HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1597
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-service.js.download
69.169.81.200200 OK 2.4 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-service.js.download
IP 69.169.81.200:0
File type C source, ASCII text, with very long lines (7615)
Hash 23a45400cd54e6419ad56230ebb2476e
725db23643af230c483b74516342de3dc1f5f71e
aecf0d79f0323a9917acce5cb46a565b725e989f87343a774699d5c25fe1db89
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/citilive-search-service.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2425
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript
api.rlcdn.com/api/identity?pid=1&rt=idl
34.120.133.55451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity?pid=1&rt=idl
IP 34.120.133.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity?pid=1&rt=idl HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sun, 22 Jan 2023 05:39:16 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/citi-search-tmpl.js.download
69.169.81.200200 OK 5.2 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citi-search-tmpl.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (9339)
Hash 9cf33c5be7fed5b09dcb527133002db0
75af2a6811359aba9d7ec3ca8d3b86e392e99642
c917dac7729b0f7bfb849d603647a376cdd8ffce61be2b6646c3ef3fecc6edb7
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/citi-search-tmpl.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5164
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-controller.js.download
69.169.81.200200 OK 23 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-controller.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (7952)
Hash 34cf8f9b67f61166b255690505101f68
c49161ef45d1a38cf7b0922d838c91adff99863d
c2dd379c059c035d44f900c17ac57733c0a2ed4d66ef5dde5764ea4cc689ea71
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/citilive-search-controller.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22593
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/generic1571929762525.js.download
69.169.81.200200 OK 51 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/generic1571929762525.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (53225)
Hash 7be625d70ee4cb924a35886b6e90bc1f
81618c17e0b8e4624d0b70232cd342db051697dd
bdac9bbad008787b6f693f042474c0ae351f938704457aba0685c5530537450e
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/generic1571929762525.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 51226
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-library.js.download
69.169.81.200200 OK 62 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/citilive-search-library.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (7824)
Hash 19207817987d569bf3a745114a5d4af1
265b692f7ecb790d2edbfad6797c955aac8e9f1f
a178c5a60a4312d2232a8188fef7550b135e8d89d1641eab47e4a741f403af78
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/citilive-search-library.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c321348e4328d08d678fc751558dd61b
ac93fa7d0ae5492af95a78ef7da1be72c3838bed
5f6bc598487ad18933a2dd54662e0e9e12558b91f33ce3c8f52fe6db0ccd8913
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 22 Jan 2023 01:42:54 GMT
Expires: Sun, 29 Jan 2023 01:42:53 GMT
Etag: "ac93fa7d0ae5492af95a78ef7da1be72c3838bed"
Cache-Control: max-age=590016,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f2bbc8030b02-OSL
sistemasaf.com.br/personalization/bkintg.min.js
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/personalization/bkintg.min.js
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /personalization/bkintg.min.js HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f631c08dfab435c072b79abd06878fa4
9afe165fd9a7412f445e22998784fa2e94ad3995
b55ad1c68e4a8ae91cd2c36525b9b80dcaf4a4478053ecdeb3cd7230191d5650
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:16 GMT
Etag: "63cc6ff6-1d7"
Server: ECS (amb/6B82)
Content-Length: 471
sistemasaf.com.br/personalization/aosRFServerIntg.min.js
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/personalization/aosRFServerIntg.min.js
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /personalization/aosRFServerIntg.min.js HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
sistemasaf.com.br/personalization/cmstmplintg.min.js
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/personalization/cmstmplintg.min.js
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /personalization/cmstmplintg.min.js HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
104.110.15.25200 OK 5.0 kB URL HTTP/2 online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP 104.110.15.25:0
File type PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Hash eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Sun, 22 Jan 2023 05:39:16 GMT
set-cookie: AKMTLTSID=F45E2FE33BEC7A38A508253A1CE4B715; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/appStore_1px.png
104.110.15.25200 OK 3.5 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/appStore_1px.png
IP 104.110.15.25:0
File type PNG image data, 120 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash b0c53ae1b7039757c5024ef6b14469c2
f87f6dac52b024a1e1ab10bcdc1297c4988b28ad
f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2
GET /GFC/branding/responsivebranding/img/appStore_1px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 3513
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Sun, 22 Jan 2023 05:39:16 GMT
set-cookie: AKMTLTSID=60F4C3E894E0668FF55CB1E85674C2C3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_1px.png
104.110.15.25200 OK 3.9 kB URL HTTP/2 online.citi.com/GFC/branding/responsivebranding/img/googlePlay_1px.png
IP 104.110.15.25:0
File type PNG image data, 120 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 06a2f413c10ff3eec35cb0ef0da97a12
fcbb61ed25db6753ceda90eb27d459edee4f85ac
1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b
GET /GFC/branding/responsivebranding/img/googlePlay_1px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 3900
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Sun, 22 Jan 2023 05:39:16 GMT
set-cookie: AKMTLTSID=B2D9FC39D64C598681A11B9243DFEB80; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
online.citi.com/GFC/branding/olab/images/oo_icon_retina.gif
104.110.15.25200 OK 2.2 kB URL HTTP/2 online.citi.com/GFC/branding/olab/images/oo_icon_retina.gif
IP 104.110.15.25:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash 1e6d89bb82b8c82f43f13c6ae351a5fe
154cd8e23b079bb793433ade588c4e10434af474
701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484
GET /GFC/branding/olab/images/oo_icon_retina.gif HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
content-length: 2204
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/gif
date: Sun, 22 Jan 2023 05:39:16 GMT
set-cookie: AKMTLTSID=FA507CCACB41C522AA2126B5B565943B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2
sistemasaf.com.br/JRS/banners/modules/HP4782_M.jpg
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/JRS/banners/modules/HP4782_M.jpg
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /JRS/banners/modules/HP4782_M.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
sistemasaf.com.br/cit-verification-center/run/i_files/dest5.html
69.169.81.200200 OK 2.8 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/dest5.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash c49f551adb29dded4973c4a1f693cbb7
b0e44b1275ea0ed9638c44cce84e10ee0282a7fc
361085822af3aaf0d3001b85b5aa182b71668f5e0186a5aa1a85bbb80b14e763
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/dest5.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2799
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/homePage.min.css
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
sistemasaf.com.br/cit-verification-center/run/i_files/HP5821_H.jpg
69.169.81.200200 OK 196 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP5821_H.jpg
IP 69.169.81.200:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size 196 kB (196421 bytes)
Hash 886e29b179883ae341cc5fc4bc18f389
b0fe51334b96d66e818bcd7097bd4b6de4b93dec
6e165e7cb210810f6ffecd5a7b8948de8faf68f201a33c08649cb35dd9545456
GET /cit-verification-center/run/i_files/HP5821_H.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
sistemasaf.com.br/cit-verification-center/run/undefined//lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
69.169.81.200200 OK 357 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/undefined//lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61428)
Size 357 kB (356999 bytes)
Hash a44e75a74f50ba152d2abbf0e73e7d8b
9cb20517f61b441e4fe5e7af885e74056d49f034
3a1a0fd491a93cf2241e1f37606ebb4ccc5b2fdb0ed3591060edb98ad2603c97
GET /cit-verification-center/run/undefined//lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
sistemasaf.com.br/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/main.css
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
sistemasaf.com.br/cit-verification-center/run/i_files/fonts/interstate/Interstate-Bold.woff
69.169.81.200200 OK 357 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/fonts/interstate/Interstate-Bold.woff
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61428)
Size 357 kB (356999 bytes)
Hash a44e75a74f50ba152d2abbf0e73e7d8b
9cb20517f61b441e4fe5e7af885e74056d49f034
3a1a0fd491a93cf2241e1f37606ebb4ccc5b2fdb0ed3591060edb98ad2603c97
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.css
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource.html
69.169.81.200200 OK 148 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2e564a3905e8c87687ee0bd0b05ee76a
41e908564ec62189439e245c46b4e3efc2eebd5c
25125843e939ebb13040693deab070e1301d8cd4cbb364fef81d99788bc800c4
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/saved_resource.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 148
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/storage.secure.min.html
69.169.81.200200 OK 12 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/storage.secure.min.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (31854)
Hash e01ea1bf9bf2b4d49b48baadf55f60a6
b145a0a4829dd82a6d44b3647941aa1b21b2b058
18bcb68bc605648e1770fb7178ef2b3e86e6eb0f166c31eb589c96b17e913866
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/storage.secure.min.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11868
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/425466.html
69.169.81.200200 OK 1.1 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/425466.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 72fa169d2846eb54d9d827cb4bccb91a
7d76cb191146c441fd567a70880d7a913c2e2597
bb4553057167494a59228811ca4b0a535af682e7e5bf0c4c3e5414f88321a932
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/425466.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1104
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/activityi.html
69.169.81.200200 OK 296 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/activityi.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 960ae6871f490c4edc2e845c08a13e05
f2d8752997dc966f6c7950d2171e4c0cbb7e6ec1
bda54c9819f96c6a7154eb8ebf061594f85c10c728c95bb079d14c96a05d53d0
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/activityi.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 296
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/63068.html
69.169.81.200200 OK 539 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/63068.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1339)
Hash 898e15e037685668ad065829a3f3025f
2d3d4e7f6b04951662b40f5e1940d96677c5e9e6
fb90fa0ac14fbf6fb92bed5be2e38da45840d8f4c068506829d577d4291a2ffa
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/63068.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 539
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
69.169.81.200200 OK 881 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2320)
Hash b1ce6dfe7efa26b5d68518c1228dafda
609f2cd092121fb0dd14d2d1241929066b67c3ce
99537f19ade5850a009789b3afe5954ca509d90f3f258054a41b19cd9d98f4e6
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/saved_resource(1).html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 881
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/HP.html
69.169.81.200200 OK 5.8 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 36c54d697947230e7a21b29c1fd5e9f9
b4c59298e4f8bef0a35b9d6512fed51f01f3bb3c
842e769c8e67e8a1e75984e32b8f544d307184dd325559c5d91233868d8e320d
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/HP.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5768
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/up.html
69.169.81.200200 OK 613 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/up.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (437)
Hash 289fc1238c5e4705f274124d3cb796e1
03f107149d22da671eb0fdf0b2a6a64ce1487195
3ec04220db77310bbfc56901bc2326c6a8333b0dc8ac7d5486e8c8c103b710b5
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/up.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 613
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/search-white.png
69.169.81.200200 OK 408 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/search-white.png
IP 69.169.81.200:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 72fd18710165b16f17881ae9ce41d560
1fae80d4a39fdfe161ed84f66e10ede6e4e113e2
0ff6138e97e6ffd001399f3ce2c6ec1980d36471dc38734bcc5a3b3a86ebb8d0
GET /cit-verification-center/run/i_files/search-white.png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 408
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/HP3443_M.jpg
69.169.81.200200 OK 70 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP3443_M.jpg
IP 69.169.81.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1120x630, components 3\012- data
Hash e474babdcf1659a8acb91e3fc921bc12
0890eea3c620d13c087db0c29436eb9e83bfe219
6d5a96b5f012ae1bf7081e6ed5c086fb86a218baf77a8aadd4c2a2c1eea008b3
GET /cit-verification-center/run/i_files/HP3443_M.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
sistemasaf.com.br/cit-verification-center/run/i_files/HP3054_M.jpg
69.169.81.200200 OK 156 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP3054_M.jpg
IP 69.169.81.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1120x630, components 3\012- data
Size 156 kB (155463 bytes)
Hash fef50625a501ec9f1f37c40d2d09d1d1
520a2d5d04d38892b10afb526a76f636fd7fbfac
be897b8458e4466924e6fe85436c93dfc385877792e28390ed2ad9ff52e06b1d
GET /cit-verification-center/run/i_files/HP3054_M.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
sistemasaf.com.br/cit-verification-center/run/i_files/HP5822_M.jpg
69.169.81.200200 OK 94 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP5822_M.jpg
IP 69.169.81.200:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1120x630, components 3\012- data
Hash 60f70abb8cbf1eab5f3f557d7754f428
c9bce6bb12b11a5aabba29ee6423d89e1182a81c
2a8b6f7276428d1472720496092805061d6ca4aa6449403ed36d8a1359ff5766
GET /cit-verification-center/run/i_files/HP5822_M.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
sistemasaf.com.br/cit-verification-center/run/i_files/2019CertifiedMobileApp.png
69.169.81.200200 OK 29 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/2019CertifiedMobileApp.png
IP 69.169.81.200:0
File type PNG image data, 118 x 119, 8-bit/color RGBA, non-interlaced\012- data
Hash 2ede636983c4e2313db9770717a94d74
a8bf7028893076b44fd1ccab5a3e20108c94c403
268ec1fdce32f41cc91c99aad31f597512ae3d0eac6fa409f5fe24490dcea8b1
GET /cit-verification-center/run/i_files/2019CertifiedMobileApp.png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 29194
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/HP2900_M.jpg
69.169.81.200200 OK 537 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP2900_M.jpg
IP 69.169.81.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1120x630, components 3\012- data
Size 537 kB (536671 bytes)
Hash c58bd1516ef9dadbbe61320405d82092
4cb68935afc4d22ec35991192ea238135736118d
ac3eabe092a46b6c79c2a9bfaaa49a611d68b6493fcfa365867a839d60722493
GET /cit-verification-center/run/i_files/HP2900_M.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
sistemasaf.com.br/cit-verification-center/run/i_files/copy_copy_1551286869362_Feedback.png
69.169.81.200200 OK 2.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/copy_copy_1551286869362_Feedback.png
IP 69.169.81.200:0
File type PNG image data, 39 x 108, 8-bit/color RGBA, non-interlaced\012- data
Hash e5e7438db181971faaa4cf0a3677f263
a24b590e7352ae67c8b791232e2a68f2b7c86b94
7255a0ca5b054f57f9276ad5799430809f2fda326d795d6a5645aaaa6e9beae3
GET /cit-verification-center/run/i_files/copy_copy_1551286869362_Feedback.png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2016
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/fonts/interstate/Interstate-Light.ttf
69.169.81.200200 OK 357 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/fonts/interstate/Interstate-Light.ttf
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (61428)
Size 357 kB (356999 bytes)
Hash a44e75a74f50ba152d2abbf0e73e7d8b
9cb20517f61b441e4fe5e7af885e74056d49f034
3a1a0fd491a93cf2241e1f37606ebb4ccc5b2fdb0ed3591060edb98ad2603c97
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.css
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
sistemasaf.com.br/cit-verification-center/run/i_files/HP3893_SIM_Module.jpg
69.169.81.200200 OK 92 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/HP3893_SIM_Module.jpg
IP 69.169.81.200:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1120x630, components 3\012- data
Hash 05eace8dd5232d7c594a1c50756b6f62
4a24d75e92b6d1d3820579ebaa06ec1c62828976
7e4f0fd7fdf72489dbe939f70d9766b283205190d7a5d73bf7cfd9d1f3c9e106
GET /cit-verification-center/run/i_files/HP3893_SIM_Module.jpg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpeg
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10949
Expires: Sun, 22 Jan 2023 08:41:46 GMT
Date: Sun, 22 Jan 2023 05:39:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce9c90c64a81cfd16050966c2b5ddf57
a2929122b2d2e252f39d23857cd7a2ed4651bb27
6647be8f5be621ef9b0cfe6585cb92c868951a95acf8c9c66d9eec6dc95d34c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3084
x-amzn-requestid: 118af905-69df-4ac7-bce4-01d99235c3bf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-m6eFReIAMFU-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8eb76-5a83c2f90b9263b67aec53e9;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 07:04:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zxhLElYIgQSjupYpE3PZsLzCh4bdac0kvwGD56YSmdoaqSO06BRtGg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 07:32:50 GMT
age: 79587
etag: "a2929122b2d2e252f39d23857cd7a2ed4651bb27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/clear.png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear.png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear.png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10949
Expires: Sun, 22 Jan 2023 08:41:46 GMT
Date: Sun, 22 Jan 2023 05:39:17 GMT
Connection: keep-alive
sistemasaf.com.br/cit-verification-center/run/i_files/463166.gif
69.169.81.200200 OK 42 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/463166.gif
IP 69.169.81.200:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cit-verification-center/run/i_files/463166.gif HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 42
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: image/gif
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cae5f4a74f4b00ff3c61d2cd3341258
233ab9ac6868f41ec6867e9e3a7c31b841635d43
cdd1237a972119a23f58c24d6299e3d128053222b0d131f46116db4f3f010af5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11221
x-amzn-requestid: ca32141f-8e87-4402-b0da-efd4f32ea1ce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN7UGsGIAMFtOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d15-7cb3dc065176bdad0451f511;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:45:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qBgFvAd4yGXOTEEB5rxnHeEtpUCEncOr7apAmDrt9QEF6j2sga9o5Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:58:48 GMT
age: 27629
etag: "233ab9ac6868f41ec6867e9e3a7c31b841635d43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c261979fbd99d06ccb31a5cd3bb332a
48f93d2153179e1a48d7d01f2a169b17f723cc4e
ca71c5eced499cd48fee627ddb51776755e9523d00c1b92899b3b8ec1312244e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11381
x-amzn-requestid: 223e4fd8-552f-49b2-a4cf-3be859b43fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN85EChIAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d1f-5c88a5ce367f274775b3f0cd;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:46:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7VNLAOxaMFXIGHtDomG70Fjzlq-SMTzBGt_2eWXsR9Kkoj0fTfYwcA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:58:11 GMT
age: 27666
etag: "48f93d2153179e1a48d7d01f2a169b17f723cc4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bvxndyaEjWVBvL2nJxC78dz74Pd-mf2NwURh-C-y548P9KfPZiWaZQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:54:17 GMT
age: 27900
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tYwSI7_1wwDixmup43f8j54sJ541GjyzB2rboENRXfSpuwPKImlNjA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 01:38:03 GMT
age: 14474
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2aec02a691f126259e2a3c701e322ffe
af9161eefc1ee381a8f531c593ea7354d73493eb
e0094d54ca9bbbc4154abec2ce152453ddb1544e020b4a859e5da1f7073a26d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4796
x-amzn-requestid: 9ad3dcbc-3d19-4619-a8cb-b316a8d51290
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7ULpHgKIAMFmYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79a4a-769bcf2f4d7787d007ec30e2;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:05:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Qdepf4pi9QDNo7J3IRI2er_vh0llZImHpcWvtlLjwRmUxGM6aRHCFQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 12:57:16 GMT
age: 60121
etag: "af9161eefc1ee381a8f531c593ea7354d73493eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/clear(2).png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear(2).png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear(2).png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/clear3.png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear3.png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear3.png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/png
lpcdn.chat.online.citi.com/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=http%3A%2F%2Fsistemasaf.com.br&site=50929468&env=prod
178.249.101.98200 OK 370 kB URL HTTP/2 lpcdn.chat.online.citi.com/le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=http%3A%2F%2Fsistemasaf.com.br&site=50929468&env=prod
IP 178.249.101.98:0
Size 370 kB (370170 bytes)
Hash aca798c9ded36aebbb50a71db967561f
ee0222b65724aabf4c8728ec1b4d46009e518da5
20ac141514d3eb7602a7bc0fa02d3e6f508d922bca209683d845a34a7a3e23e9
GET /le_secure_storage/3.8.0.0-release_461/storage.secure.min.html?loc=http%3A%2F%2Fsistemasaf.com.br&site=50929468&env=prod HTTP/1.1
Host: lpcdn.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:16 GMT
content-type: text/html
last-modified: Tue, 10 Sep 2019 15:26:02 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Mon, 22 Jan 2024 05:39:16 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/clear(4).png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear(4).png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear(4).png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/clear(5).png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear(5).png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear(5).png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: image/png
tags.bluekai.com/site/2035?phint=rluid=8cdb55e487a2c183fef09abbb469981da792faabb51c667b36bd25827a7d08812971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24BK_UUID_25515
184.24.45.23302 Found 0 B URL HTTP/2 tags.bluekai.com/site/2035?phint=rluid=8cdb55e487a2c183fef09abbb469981da792faabb51c667b36bd25827a7d08812971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24BK_UUID_25515
IP 184.24.45.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /site/2035?phint=rluid=8cdb55e487a2c183fef09abbb469981da792faabb51c667b36bd25827a7d08812971936f2f944561&redir=https%3A%2F%2Fidsync.rlcdn.com%2F401696.gif%3Fpartner_uid%3D%24BK_UUID_25515 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
location: https://idsync.rlcdn.com/401696.gif?partner_uid=7UwZvaCA99YrgXhM
bk-server: 7ed0
date: Sun, 22 Jan 2023 05:39:17 GMT
set-cookie: bkdc=phx; expires=Fri, 21-Jul-2023 05:39:17 GMT; path=/; domain=.bluekai.com; SameSite=None; Secure
bkpa=KJyBpgLvQp9DQms7uD5BE7J0sSu6ia9bm6rrBVOEiK7x+bdyE2d6265rLx4vXq3FrquCq+XzOrtexThYvyrKSj8iGLRb8Tx6HgBQkRaAE6eZoPumuhz9Buig9+VSQPc1zJAQsuaxLArB/55CqV6dYnXHZ180mcfa5lUpGUEIXp8JDYSBfaT8WEf++gRubl/mWETuWw471LIwzxaWC72qfp5u; expires=Fri, 21-Jul-2023 05:39:17 GMT; path=/; domain=.bluekai.com; SameSite=None; Secure
bku=Xyz999U1ps1tWmRG; expires=Fri, 21-Jul-2023 05:39:17 GMT; path=/; domain=.bluekai.com; SameSite=None; Secure
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/check.js.download
69.169.81.200200 OK 48 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/check.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (18613)
Hash 8a4854d093c7e1d841459a2d7d66ec33
4690b07891570472d985857c9014c6997b432e9d
1a55c266eaa6b77ae2c9e367832914c309a5e198d8de70f4715630be352d8d90
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/check.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 48344
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/check.js(1).download
69.169.81.200200 OK 26 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/check.js(1).download
IP 69.169.81.200:0
File type ASCII text, with very long lines (6589)
Hash 7c9308128e52ee3c5a17a2e9fcafadc1
6370dc9ef3c401060eef161925effae79fb9c958
fb04a3c98a979efb5b19c1d9e36226dd913224b9212f9f377ec0eb4b4f9a19c4
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/check.js(1).download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/HP.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 26075
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/fonts/interstate/Interstate-Light.woff
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/fonts/interstate/Interstate-Light.woff
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.css
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
idsync.rlcdn.com/401696.gif?partner_uid=7UwZvaCA99YrgXhM
35.244.174.68200 OK 42 B URL HTTP/2 idsync.rlcdn.com/401696.gif?partner_uid=7UwZvaCA99YrgXhM
IP 35.244.174.68:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /401696.gif?partner_uid=7UwZvaCA99YrgXhM HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Thu, 23 Mar 2023 05:39:17 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Sun, 22 Jan 2023 05:39:17 GMT
content-length: 42
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/universal_pixel.1.1.0.js.download
69.169.81.200200 OK 292 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/universal_pixel.1.1.0.js.download
IP 69.169.81.200:0
File type ASCII text, with very long lines (487), with no line terminators
Hash 8aff86baf84d465911c68547cb06b0ac
bc80e7dec83b9ef312763665e5780234599956da
f967037a9205fc9a1d82fdfd89ced426b180ae54ab21fb9892a09d067c4774f7
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/universal_pixel.1.1.0.js.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/up.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 292
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: application/javascript
sistemasaf.com.br/cit-verification-center/run/i_files/clear(1).png
69.169.81.200200 OK 92 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear(1).png
IP 69.169.81.200:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash d4b2275e544957d922f9ca1a6bfaf9aa
1bbe3605eab181de5b349140ddb1639df998a03f
8bc9fb91b7e280f207a7f5d2c6c470837ec0753b7cee64fb1a08dae05421a606
GET /cit-verification-center/run/i_files/clear(1).png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 92
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/uidm
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/uidm
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/uidm HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/dc_pre=COqW0r-cyeUCFcp00woddSYMjA
69.169.81.200200 OK 42 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/dc_pre=COqW0r-cyeUCFcp00woddSYMjA
IP 69.169.81.200:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/dc_pre=COqW0r-cyeUCFcp00woddSYMjA HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/activityi.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 42
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/clear(6).png
69.169.81.200200 OK 92 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear(6).png
IP 69.169.81.200:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash d4b2275e544957d922f9ca1a6bfaf9aa
1bbe3605eab181de5b349140ddb1639df998a03f
8bc9fb91b7e280f207a7f5d2c6c470837ec0753b7cee64fb1a08dae05421a606
GET /cit-verification-center/run/i_files/clear(6).png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 92
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 5074bfa38808c4a0f18b00a601cfef53
ffc0c526e49251605b2c95d0d1d595f9c702cd9a
6262e4155e8fbf18388f2f38c8e65cb87db94dae66d1dbbd329b4973d8b243df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67ec2732a4ca77d31c93d8c072e0e417
ae255ddff962b4b861330618178321b89365929c
edd6f7fd89c9a708adcae482821a1618722e74c08dad637d02b65385fdfc95d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5024
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Last-Modified: Sun, 22 Jan 2023 04:15:33 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7
142.250.74.162302 Found 350 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3b645c8353f9de31720df2e2f8ce83ea
007ff35c80eaf56edf6b6a6851c03bab530a4968
1e543b1f397de77e889751811ccc3b8ea070ba09cf5ac8d4c0558df8b1e86a65
GET /pixel?google_nid=TheTradeDesk&google_cm&google_sc&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_tc=
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 350
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 22-Jan-2023 05:54:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 50b6cbda75dbb1870ab85dbd7c130c12
c23888c927c385144742fbba18babb0a7debfdf3
dbcd375b740dcfc407e187cda60120b22736456de51a16eb5aefeb3b46c25d9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2789
Cache-Control: max-age=90847
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Etag: "63cb80ff-1d7"
Expires: Mon, 23 Jan 2023 06:53:24 GMT
Last-Modified: Sat, 21 Jan 2023 06:06:55 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
pixel.advertising.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=
3.126.56.137301 Moved Permanently 400 B URL HTTP/2 pixel.advertising.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=
IP 3.126.56.137:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 14831d6e5bbbe1c66f115aa9b68ae5f2
36ab92c4b9de81e5525fa2310c4d6fddea660134
22d802879c4015209544b0ab10b658d53da3d38be4687f63914df97559e15604
GET /ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: pixel.advertising.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 22 Jan 2023 05:39:17 GMT
server: ATS/9.1.10.25
cache-control: no-store
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=
content-type: text/html
content-language: en
set-cookie: A3=d=AQABBAXMzGMCEEgOS7qotszBUKeyjveLvCYFEgEBAQEdzmPWYwAAAAAA_eMAAA&S=AQAAAsXs4y6fXqRKRydMu7bjnf4; Expires=Mon, 22 Jan 2024 11:39:17 GMT; Max-Age=31557600; Domain=.advertising.com; Path=/; SameSite=None; Secure; HttpOnly
content-length: 400
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/sync.html
69.169.81.200200 OK 148 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/sync.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2e564a3905e8c87687ee0bd0b05ee76a
41e908564ec62189439e245c46b4e3efc2eebd5c
25125843e939ebb13040693deab070e1301d8cd4cbb364fef81d99788bc800c4
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/sync.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/up.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 148
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/ibs_dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https___match.adsrvr.html
69.169.81.200200 OK 256 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ibs_dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https___match.adsrvr.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash e8418bad49079c77ac3d452196f6ef5b
b45ae20821852a1ad4334dd1c27dd9f01282b64c
99fdc482c611d5ae4899dd61601d9cc622e0dc82b5bf42d621b7e44c71af36e3
GET /cit-verification-center/run/i_files/ibs_dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https___match.adsrvr.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/up.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 256
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: text/html
sistemasaf.com.br/cit-verification-center/run/i_files/pixel.html
69.169.81.200200 OK 255 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/pixel.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 2a875a761e1deaa77cef99ed96548d6f
b9f340a96111aaabf858b90958fa3f71e7778312
9ba8df7cf387adc9ef67aca24755adc283ebdd5e0cc363a2eb2fc369950646cd
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/pixel.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/up.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 255
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_tc=
142.250.74.162302 Found 315 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_tc=
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash acbe29cacc812544658e1aeaa8b39587
d46b853f91658b3af6016f3eb440f0e62a6dfa56
24d4befd9e54e471ff8bf0148bed24108795c4baeb90605d0650795fbc0c12db
GET /pixel?google_nid=TheTradeDesk&google_cm=&google_sc=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://match.adsrvr.org/track/cmf/google?g_uuid=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_error=3
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 315
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/fp.swf.download
69.169.81.200200 OK 4.0 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/fp.swf.download
IP 69.169.81.200:0
File type Macromedia Flash data, version 7\012- data
Hash c798d86ac46ba444bb9271bf2936d71a
e2183a26fead9552c8fa0a674f9a950f96fd4135
5df0247b5eac8b905424854e155069a4fc628e179c2c0935932945da730a3063
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/fp.swf.download HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3988
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: application/x-shockwave-flash
sistemasaf.com.br/cit-verification-center/run/i_files/sid_fp.html
69.169.81.200200 OK 13 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/sid_fp.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5760)
Hash dc927699c835c11e66268b6a652b122f
3159c090482eec8aa198169649cd1a3d1dd9a7d8
adde56e0cb1dfe8e749d53580fb98898c851a89c6438f8e1dcdbbbd1bdca9428
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/sid_fp.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12793
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 5074bfa38808c4a0f18b00a601cfef53
ffc0c526e49251605b2c95d0d1d595f9c702cd9a
6262e4155e8fbf18388f2f38c8e65cb87db94dae66d1dbbd329b4973d8b243df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sistemasaf.com.br/cit-verification-center/run/i_files/ls_fp.html
69.169.81.200200 OK 11 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/ls_fp.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5636)
Hash e031485a29cd5aea00be8695fd02832f
13e524d9e47905630348140c7aa02bbe66d76e3c
eb7849e80ede078fe8d816fd34f04bce9efadfafefb119f812f1548e235cc655
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/ls_fp.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11341
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: text/html
ups.analytics.yahoo.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=
3.126.56.137302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sun, 22 Jan 2023 05:39:17 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=&verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBAXMzGMCEMRiXD1n8CF0GHvrdQU-OIsFEgEBAQEdzmPWYwAAAAAA_eMAAA&S=AQAAAtDVDVC8-cxLHuTYlCd9QWw; Expires=Mon, 22 Jan 2024 11:39:17 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
52.48.61.43302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
IP 52.48.61.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-04c35fc5e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=74545700940769726204347008398420699467; Max-Age=15552000; Expires=Fri, 21 Jul 2023 05:39:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: JURX/oKCR48=
Content-Length: 0
Connection: keep-alive
ups.analytics.yahoo.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=&verify=true
3.126.56.137204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=&verify=true
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/55953/sync?uid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&_origin=1&gdpr=0&gdpr_consent=&verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 22 Jan 2023 05:39:17 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBAXMzGMCEPvc-P6Fc1M6Bm9tWE_dxfQFEgEBAQEdzmPWYwAAAAAA_eMAAA&S=AQAAAh8pwcvPpryWKyoEg3TU-8I; Expires=Mon, 22 Jan 2024 11:39:17 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/i_files/top_fp.html
69.169.81.200200 OK 11 kB URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/top_fp.html
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6265)
Hash 3f0b40eeeaf147db7d966b89a61be777
a443cb682f480a414d8f607ad4aac0b6d5afe529
eebaca455c88aba26445475240052aec5a9e8e5d778a034a8dc4e5a0c9a80a60
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/top_fp.html HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/saved_resource(1).html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11229
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: text/html
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
52.48.61.43200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
IP 52.48.61.43:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-093556e0f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: zLVfNePIQsA=
Content-Length: 59
Connection: keep-alive
ocsp.globalsign.com/gsgccr3dvtlsca2020
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 151.101.130.133:0
Hash c22d2748bf48e8d0486297d25dc99e98
ba990c319d0f46243236e09422cc70d4420fa1af
2e73c885b52f9a7d0ddb2759b5ab683c7125cd5a44f18496609752f22082cc1a
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1414
Server: nginx
Content-Type: application/ocsp-response
Expires: Thu, 26 Jan 2023 03:29:55 GMT
ETag: "ba990c319d0f46243236e09422cc70d4420fa1af"
Last-Modified: Sun, 22 Jan 2023 03:29:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sun, 22 Jan 2023 05:39:17 GMT
Age: 3485
X-Served-By: cache-qpg1235-QPG, cache-bma1627-BMA
X-Cache: MISS, HIT
X-Cache-Hits: 0, 38
X-Timer: S1674365958.628532,VS0,VE0
sistemasaf.com.br/cit-verification-center/run/i_files/google
69.169.81.200200 OK 77 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/google
IP 69.169.81.200:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c5109266e87a6868d093baf825f855cf
24ef25401de0841eddbd3ad0024ea33d274ae56d
87b28d454fa76c49454f3fb426c324f52c0e3537d975427867ecaf02a8f7d46b
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/google HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/pixel.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=2; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 77
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/generic
69.169.81.200200 OK 77 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/generic
IP 69.169.81.200:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c5109266e87a6868d093baf825f855cf
24ef25401de0841eddbd3ad0024ea33d274ae56d
87b28d454fa76c49454f3fb426c324f52c0e3537d975427867ecaf02a8f7d46b
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/i_files/generic HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/ibs_dpid=903&dpuuid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&redir=https___match.adsrvr.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=2; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 77
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
sistemasaf.com.br/cit-verification-center/run/i_files/clear1.png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear1.png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear1.png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/sid_fp.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=2; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/png
sistemasaf.com.br/cit-verification-center/run/i_files/clear(7).png
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/i_files/clear(7).png
IP 69.169.81.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cit-verification-center/run/i_files/clear(7).png HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/ls_fp.html
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=2; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 00:56:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
match.adsrvr.org/track/cmf/google?g_uuid=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_error=3
52.223.40.198200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/google?g_uuid=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_error=3
IP 52.223.40.198:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/google?g_uuid=&ttd_tdid=cd5b7011-2762-4005-9df8-91fdf7f7eac7&google_error=3 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:17 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=1832.0796458139587&ClientID=1129&PageID=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F
54.230.111.74200 OK 534 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?r=1832.0796458139587&ClientID=1129&PageID=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F
IP 54.230.111.74:0
File type ASCII text, with very long lines (1155)
Hash 53f75671d0a7a5aceeee9c9d456a995d
bd0b79417235c24e1008de14756f2a310639f44c
7844d914f695d3bf2e3a2c1aae191be99b28a6bea2c0ff33acb3ddbdf27dcb15
GET /citi/na_prod/serverComponent.php?r=1832.0796458139587&ClientID=1129&PageID=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 22 Jan 2023 05:39:17 GMT
Expires: Sun, 22 Jan 2023 05:39:16 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yxrHIKKoZVaChbQnS2AXHAHLyVkW4qtEUsBM1ByIA0pERi21DmUabw==
sistemasaf.com.br/favicon.ico
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/favicon.ico
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=2; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
216.58.207.206200 OK 3.7 kB URL HTTP/1.1 cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP 216.58.207.206:0
File type ASCII text, with very long lines (3328)
Hash 958b0bbe127b12b8981364567010c948
f22fc646521bfadc21447521f03b46e7c8c6ca5c
8816b34d2cbfa1397be01a88d50a2562fb8031e1a5c007561053ea9c48bed57c
GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: gws
Cache-Control: private
Content-Length: 3707
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash d07cf9173ff2caeee6be98f18f6a59b6
709041764bd713e96caacfc22918fef45f5a95dc
a2c2a89731d7c808c4ca68d786ce000e78c9f79f9708894c3a9277001ef2643f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com.eg/pagead/1p-user-list/763960929/?random=1572618516718&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4205077865&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/763960929/?random=1572618516718&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4205077865&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/763960929/?random=1572618516718&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4205077865&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 03f9267bb91f87439d5b23ff088dccc7
908a2c9e9f3c524e5240543c3994342db87b8e17
b67c25b891656311ce6e179883c63bfa5e7ed54d702d9cee7f481fb559cb5239
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Etag: "63cb746f-1d7"
Server: ECS (amb/6B9D)
Content-Length: 471
www.google.com.eg/pagead/1p-user-list/959299794/?random=1572618516722&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3168299010&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/959299794/?random=1572618516722&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3168299010&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1572618516722&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3168299010&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/960621875/?random=1572618516725&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3638094548&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/960621875/?random=1572618516725&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3638094548&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1572618516725&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3638094548&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/960621875/?random=1572618516706&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3753144920&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/960621875/?random=1572618516706&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3753144920&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1572618516706&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3753144920&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/916451471/?random=1572618516727&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=537530163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/916451471/?random=1572618516727&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=537530163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1572618516727&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=537530163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/975701947/?random=1572618516729&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1253213364&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/975701947/?random=1572618516729&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1253213364&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1572618516729&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1253213364&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 03f9267bb91f87439d5b23ff088dccc7
908a2c9e9f3c524e5240543c3994342db87b8e17
b67c25b891656311ce6e179883c63bfa5e7ed54d702d9cee7f481fb559cb5239
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Etag: "63cb746f-1d7"
Last-Modified: Sun, 22 Jan 2023 05:39:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.google.com.eg/pagead/1p-user-list/770961656/?random=1572618516743&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3377871620&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/770961656/?random=1572618516743&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3377871620&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/770961656/?random=1572618516743&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3377871620&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/819500023/?random=1572618516827&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=973858532&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/819500023/?random=1572618516827&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=973858532&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1572618516827&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=973858532&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/959299794/?random=1572618516697&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1376752942&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/959299794/?random=1572618516697&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1376752942&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1572618516697&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1376752942&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/975701947/?random=1572618516710&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2734338969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/975701947/?random=1572618516710&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2734338969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1572618516710&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2734338969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash ce645392d99ee3f7627832503ab64921
a937103fa36af41395cf49fbda3a6d75554b4af1
7972c973b82ae9cac217061f7334133a31a350c171a81b714f36d8ae09770f60
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 22 Jan 2023 05:39:17 GMT
Last-Modified: Sun, 22 Jan 2023 04:42:38 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lCJcfSiXjwxQQ5f_8bM6G5K3YaAfpLBYl4l8KbC0xfB1J5ecXAFqpw==
Age: 3399
www.google.com.eg/pagead/1p-user-list/763960929/?random=1572618516829&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4035198162&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/763960929/?random=1572618516829&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4035198162&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/763960929/?random=1572618516829&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4035198162&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/916451471/?random=1572618516708&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=721353527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/916451471/?random=1572618516708&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=721353527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1572618516708&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=721353527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/770961656/?random=1572618516711&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=194821016&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/770961656/?random=1572618516711&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=194821016&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/770961656/?random=1572618516711&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=194821016&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com.eg/pagead/1p-user-list/819500023/?random=1572618516713&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3733894890&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.99200 OK 42 B URL HTTP/2 www.google.com.eg/pagead/1p-user-list/819500023/?random=1572618516713&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3733894890&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.99:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1572618516713&cv=9&fst=1572616800000&num=1&bg=ffffff&guid=ON&u_h=900&u_w=1440&u_ah=860&u_aw=1440&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4>m=2odan1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3733894890&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px0.pbbl.co/ns/__p2.gif?brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&referrerUrl=&targetUrl=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&sessionId=&markerType=seg&rand=p5R4VjzG0Jr4E98X&jsVer=3.0&markerId=348192
142.250.74.147302 Found 0 B URL HTTP/1.1 px0.pbbl.co/ns/__p2.gif?brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&referrerUrl=&targetUrl=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&sessionId=&markerType=seg&rand=p5R4VjzG0Jr4E98X&jsVer=3.0&markerId=348192
IP 142.250.74.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ns/__p2.gif?brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&referrerUrl=&targetUrl=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&sessionId=&markerType=seg&rand=p5R4VjzG0Jr4E98X&jsVer=3.0&markerId=348192 HTTP/1.1
Host: px0.pbbl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Set-Cookie: pp_uid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7; Domain=.pbbl.co; Max-Age=788400000; Path=/; expires=Thu, 16-Jan-2048 05:39:17 GMT; secure
Cache-Control: must-revalidate, no-cache, no-store
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Type: image/gif
Location: http://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&ona=1e8fa00446cae0d553dcd0f4d5bf5d1aa53b132c429a85aefd08f9a6e513c493
X-Cloud-Trace-Context: 95f109dfe74e96e66d79ccae59c45b18
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Google Frontend
Content-Length: 0
static-assets.fs.liveperson.com/citi/flex_taglet.js
54.230.111.75200 OK 3.3 kB URL HTTP/1.1 static-assets.fs.liveperson.com/citi/flex_taglet.js
IP 54.230.111.75:0
File type ASCII text, with very long lines (1180)
Hash 9e8bb3af5f71eaf61a0e1ae91129af6e
3438a86e760abbf9e068a5b33cf77b7b89956013
182e4fd42a65ebd1e41bb4da1589fcf8e4c69a811770951b19a083687ab64ee2
GET /citi/flex_taglet.js HTTP/1.1
Host: static-assets.fs.liveperson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 15:18:02 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 22 Jan 2023 05:39:16 GMT
ETag: W/"32dc081d54f1bbe6c87ce106ca4240c9"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: X_r3tYxpBLCFxESGAqe5YpPBDF59Mz_tB2PWZEhc7XboWJHForC8mg==
Age: 258
content22.online.citi.com/fp/ARF;CIS3SID=839B8A8B8E3F5CDFA8CF825B94AE117A?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=99998&sera_parametere=A0AIBVJQUFgDC1MAVgNWVQdTVwFXD11TVwRSBwADVlNSBQ1WWwdTB1sGVxNEEQoKC0BARhATVyVHBSMQACYSUVVaRlcPUwkEDEYSEAQmElQnABAFJxNWUQpdEkFERwQnQAd3F1RyQgULDwUNBwYCVwAHBANUB1BZAVYFDQBSBVddUw1TBldXVFcCAlNWUwRaXFETXAxYBwRfV1EABQEBBwRSB1NWAQZWARQLRgpST1RSUgMLWwFUUlsDWFFSVQUHUAMGAwcPAAcEUAIAA1YCV10IBAAHUgdHA1tcBwJVBEUMWQgfUhAUCF8LWAwOWhELDg0TUF5wDRMHVA5NEQBBXlQAABQBWRdcLlsPQE9EVAFYRFFIPFUFDQ5QAFZcRFIXWAkF&count=0&max=0
91.235.133.67204 204 0 B URL HTTP/1.1 content22.online.citi.com/fp/ARF;CIS3SID=839B8A8B8E3F5CDFA8CF825B94AE117A?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=99998&sera_parametere=A0AIBVJQUFgDC1MAVgNWVQdTVwFXD11TVwRSBwADVlNSBQ1WWwdTB1sGVxNEEQoKC0BARhATVyVHBSMQACYSUVVaRlcPUwkEDEYSEAQmElQnABAFJxNWUQpdEkFERwQnQAd3F1RyQgULDwUNBwYCVwAHBANUB1BZAVYFDQBSBVddUw1TBldXVFcCAlNWUwRaXFETXAxYBwRfV1EABQEBBwRSB1NWAQZWARQLRgpST1RSUgMLWwFUUlsDWFFSVQUHUAMGAwcPAAcEUAIAA1YCV10IBAAHUgdHA1tcBwJVBEUMWQgfUhAUCF8LWAwOWhELDg0TUF5wDRMHVA5NEQBBXlQAABQBWRdcLlsPQE9EVAFYRFFIPFUFDQ5QAFZcRFIXWAkF&count=0&max=0
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/ARF;CIS3SID=839B8A8B8E3F5CDFA8CF825B94AE117A?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=99998&sera_parametere=A0AIBVJQUFgDC1MAVgNWVQdTVwFXD11TVwRSBwADVlNSBQ1WWwdTB1sGVxNEEQoKC0BARhATVyVHBSMQACYSUVVaRlcPUwkEDEYSEAQmElQnABAFJxNWUQpdEkFERwQnQAd3F1RyQgULDwUNBwYCVwAHBANUB1BZAVYFDQBSBVddUw1TBldXVFcCAlNWUwRaXFETXAxYBwRfV1EABQEBBwRSB1NWAQZWARQLRgpST1RSUgMLWwFUUlsDWFFSVQUHUAMGAwcPAAcEUAIAA1YCV10IBAAHUgdHA1tcBwJVBEUMWQgfUhAUCF8LWAwOWhELDg0TUF5wDRMHVA5NEQBBXlQAABQBWRdcLlsPQE9EVAFYRFFIPFUFDQ5QAFZcRFIXWAkF&count=0&max=0 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 204
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=100
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&la=91a3b4810b0c750d9d3bb911d4184d35b570609fc6f57eab
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&la=91a3b4810b0c750d9d3bb911d4184d35b570609fc6f57eab
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&la=91a3b4810b0c750d9d3bb911d4184d35b570609fc6f57eab HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/javascript
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash d07cf9173ff2caeee6be98f18f6a59b6
709041764bd713e96caacfc22918fef45f5a95dc
a2c2a89731d7c808c4ca68d786ce000e78c9f79f9708894c3a9277001ef2643f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 03f9267bb91f87439d5b23ff088dccc7
908a2c9e9f3c524e5240543c3994342db87b8e17
b67c25b891656311ce6e179883c63bfa5e7ed54d702d9cee7f481fb559cb5239
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:17 GMT
Etag: "63cb746f-1d7"
Server: ECS (amb/6B82)
Content-Length: 471
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&w=91a2b4810b0c750d&ck=0&m=1&je=32352426687b6f7d3f576b6c646f777326687b62773f436870676f65
91.235.133.67200 OK 81 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&w=91a2b4810b0c750d&ck=0&m=1&je=32352426687b6f7d3f576b6c646f777326687b62773f436870676f65
IP 91.235.133.67:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&w=91a2b4810b0c750d&ck=0&m=1&je=32352426687b6f7d3f576b6c646f777326687b62773f436870676f65 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
52.154.174.214200 OK 1.3 kB URL HTTP/2 wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (1341), with no line terminators
Hash ca7579c2e061f191552ea99dbcdfaa87
abc711d9829c1a0f85977181a03008e950375925
403c0d574a0a0367ced81052b59bb86c16d711cbad83f1eb9321279b7a88f6b3
POST /client/v3/web/wup?cid=cedric HTTP/1.1
Host: wup-edc5180c.us.v2.we-stats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 145
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 1341
date: Sun, 22 Jan 2023 05:39:15 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 2cd0e188-8918-4d43-8cad-3eb0b5eaf96f
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a1c8fc3d4369e871002df2ea4178817c
79d61a7113dd7f40e3d46f14971da9d0f59a9411
bdb5cd5dee01f97b2f56ddd7c783ff0cfc0a3ed81d3d0936203972218534bec8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 21 Jan 2023 15:43:26 GMT
Expires: Sat, 28 Jan 2023 15:43:25 GMT
Etag: "79d61a7113dd7f40e3d46f14971da9d0f59a9411"
Cache-Control: max-age=554046,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f2c4dab60b02-OSL
lptag.liveperson.net/tag/tag.js?site=50929468
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=50929468
IP 178.249.101.23:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd
GET /tag/tag.js?site=50929468 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
content22.online.citi.com/fp/HP?session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
91.235.133.67200 OK 5.8 kB URL HTTP/1.1 content22.online.citi.com/fp/HP?session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
IP 91.235.133.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2ccc652adbde0dab0158b411c3f19ba0
71f24b927a2a34598869f5eb2e84e8b7615ddff8
14abf43ecdba57bbaf555fdd35ac5671476e5ea7756cb12b8deaa90c89b5146b
GET /fp/HP?session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5821
Keep-Alive: timeout=2, max=99
content22.online.citi.com/fp/ls_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
91.235.133.67200 OK 14 kB URL HTTP/1.1 content22.online.citi.com/fp/ls_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
IP 91.235.133.67:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Hash 227453f1e4d78aa6c4f580b961da54da
211af12720810775a7997ec2c5639c519b0095c5
3620ce24a490bcb779e564ad3d097c0d7c8483fc5dd0ad2c57191f695d4a8c9a
GET /fp/ls_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jd=3734242675353969636360363836306230613f353266266a64663f37266266683f38643362363f613a65363036673d33626e3f653730616339643562303a316d6526686676663d383836363837
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jd=3734242675353969636360363836306230613f353266266a64663f37266266683f38643362363f613a65363036673d33626e3f653730616339643562303a316d6526686676663d383836363837
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jd=3734242675353969636360363836306230613f353266266a64663f37266266683f38643362363f613a65363036673d33626e3f653730616339643562303a316d6526686676663d383836363837 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: text/javascript
content22.online.citi.com/fp/top_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
91.235.133.67200 OK 14 kB URL HTTP/1.1 content22.online.citi.com/fp/top_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
IP 91.235.133.67:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Hash 0380bfc3e918739d4b767deca69d0148
887f96a81708aa9b5aec6c6d27447498475f84ff
2e7f5f57516d1c93fd6c8d3bc24b7000e866f6aa4956ba5fd599b081cb19277d
GET /fp/top_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
content22.online.citi.com/fp/clear.png
91.235.133.67200 OK 81 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png
IP 91.235.133.67:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*, 89oebq5k/e052c6dab2a57b7cedce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Sun, 22 Jan 2023 05:39:18 GMT
Expires: Fri, 21 Jan 2028 05:39:18 GMT
Etag: 9425609b2ed44dbca72fc6fefa4c5c4f
Cache-Control: private, must-revalidate, max-age=0
Access-Control-Allow-Origin: http://sistemasaf.com.br
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&ja=37323026247f3d31636161603438363062326b3737326426613532267a353026643d3130383270313232342664727a3f31243932383278333830362669643f39323832783338303a24737a7b3d30783026716b643f3034266e603f68747c70253141253046273a4671697374656f6971616e26636f6f2e607a2730466b6b7625766570696461636976696d6c2d63656e74677a25304472756c2d3046695766696e65732732447b617465645f72677b6d757a6b652833292c60766f6c2e66703568747670273b412d3046273046736973746765617163662e61676f2e627a2532446369762d746d726b6669636176616d6e256b656e7665702d3044727d6c273a4626723d7264756f6b6e5d646c6173685e64696c716721706e7d65696e5777696c646f75735d65656669615f706e697b657a5666616e736729726e756f6b6c5761646d626757616b706f6063745e66616c716d21726e75676b665d717561636b76696d675e64696c716521706c776f6b6e577b686f616b756974675e6e636e7b6521726c776f69665d7267636c706c6179677a5e64636c736729726c756f696e5d766c615f7264617b65725e666364716529786c7565696c57666776696e747a5e66636c716d21786e75656b6e5f7376675d7e69677565725c6e636c736d21706e75676b6e5d626174615e66616e7b672660603d393a62606c3263363167363e34653434353b336b356433636165376135363e332468736f3f446b6e7570266a71623d4469706d666d7825323033383726627b6f753f4c6b66777a266271607d3d466b72676e6f70246e6a613d31362674786c3d575643266f697668723532383b36623a38613837676261346464693a62693061363b313b6c34616369303239633534653330326932613b66393461613436386431363436603d6434393826657a333d666634306564376230373a3063663c6a373964623a6e6067626d67316e35616363616c3331343432246363643d31313a32313a&jb=313131266e793d456d7a6b6e6c612532463726302730302855616c646f7f732530304e5625303831322e302533402d30305f616e363625314a2730307034362d33422732327a762d31413332352e30292530384767616b6f273a4432303930303330312732324e697065666f78273a4431383d2e30
91.235.133.67204 204 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&ja=37323026247f3d31636161603438363062326b3737326426613532267a353026643d3130383270313232342664727a3f31243932383278333830362669643f39323832783338303a24737a7b3d30783026716b643f3034266e603f68747c70253141253046273a4671697374656f6971616e26636f6f2e607a2730466b6b7625766570696461636976696d6c2d63656e74677a25304472756c2d3046695766696e65732732447b617465645f72677b6d757a6b652833292c60766f6c2e66703568747670273b412d3046273046736973746765617163662e61676f2e627a2532446369762d746d726b6669636176616d6e256b656e7665702d3044727d6c273a4626723d7264756f6b6e5d646c6173685e64696c716721706e7d65696e5777696c646f75735d65656669615f706e697b657a5666616e736729726e756f6b6c5761646d626757616b706f6063745e66616c716d21726e75676b665d717561636b76696d675e64696c716521706c776f6b6e577b686f616b756974675e6e636e7b6521726c776f69665d7267636c706c6179677a5e64636c736729726c756f696e5d766c615f7264617b65725e666364716529786c7565696c57666776696e747a5e66636c716d21786e75656b6e5f7376675d7e69677565725c6e636c736d21706e75676b6e5d626174615e66616e7b672660603d393a62606c3263363167363e34653434353b336b356433636165376135363e332468736f3f446b6e7570266a71623d4469706d666d7825323033383726627b6f753f4c6b66777a266271607d3d466b72676e6f70246e6a613d31362674786c3d575643266f697668723532383b36623a38613837676261346464693a62693061363b313b6c34616369303239633534653330326932613b66393461613436386431363436603d6434393826657a333d666634306564376230373a3063663c6a373964623a6e6067626d67316e35616363616c3331343432246363643d31313a32313a&jb=313131266e793d456d7a6b6e6c612532463726302730302855616c646f7f732530304e5625303831322e302533402d30305f616e363625314a2730307034362d33422732327a762d31413332352e30292530384767616b6f273a4432303930303330312732324e697065666f78273a4431383d2e30
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&ja=37323026247f3d31636161603438363062326b3737326426613532267a353026643d3130383270313232342664727a3f31243932383278333830362669643f39323832783338303a24737a7b3d30783026716b643f3034266e603f68747c70253141253046273a4671697374656f6971616e26636f6f2e607a2730466b6b7625766570696461636976696d6c2d63656e74677a25304472756c2d3046695766696e65732732447b617465645f72677b6d757a6b652833292c60766f6c2e66703568747670273b412d3046273046736973746765617163662e61676f2e627a2532446369762d746d726b6669636176616d6e256b656e7665702d3044727d6c273a4626723d7264756f6b6e5d646c6173685e64696c716721706e7d65696e5777696c646f75735d65656669615f706e697b657a5666616e736729726e756f6b6c5761646d626757616b706f6063745e66616c716d21726e75676b665d717561636b76696d675e64696c716521706c776f6b6e577b686f616b756974675e6e636e7b6521726c776f69665d7267636c706c6179677a5e64636c736729726c756f696e5d766c615f7264617b65725e666364716529786c7565696c57666776696e747a5e66636c716d21786e75656b6e5f7376675d7e69677565725c6e636c736d21706e75676b6e5d626174615e66616e7b672660603d393a62606c3263363167363e34653434353b336b356433636165376135363e332468736f3f446b6e7570266a71623d4469706d666d7825323033383726627b6f753f4c6b66777a266271607d3d466b72676e6f70246e6a613d31362674786c3d575643266f697668723532383b36623a38613837676261346464693a62693061363b313b6c34616369303239633534653330326932613b66393461613436386431363436603d6434393826657a333d666634306564376230373a3063663c6a373964623a6e6067626d67316e35616363616c3331343432246363643d31313a32313a&jb=313131266e793d456d7a6b6e6c612532463726302730302855616c646f7f732530304e5625303831322e302533402d30305f616e363625314a2730307034362d33422732327a762d31413332352e30292530384767616b6f273a4432303930303330312732324e697065666f78273a4431383d2e30 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 204
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
54.230.111.74200 OK 1.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
IP 54.230.111.74:0
File type ASCII text, with very long lines (619)
Hash a05915f969bf171c0654f5d393072216
75cefb35166449bf83bb2d37aef23573e0a84b08
545459f7e277145aae24c10c6871e7de74c5b7d890fd6b8fee26b9d578ab1976
GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Dec 2022 07:24:16 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Tw8_Y-xEnAopa5Xl7tpclA9cwgga12X1cTm8L6IaJ0cp06hrlQ0gnQ==
Age: 3449702
nexus.ensighten.com/citi/na_prod/code/486b725783cc60ba30d261997439d303.js?conditionId0=421908
54.230.111.74200 OK 35 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/486b725783cc60ba30d261997439d303.js?conditionId0=421908
IP 54.230.111.74:0
File type ASCII text, with very long lines (557)
Hash 4978966ec2046fe0de1a4bacda858172
0361aeefa6f0669061fc26eceb4166ac9b0b90c2
be320fffaa038d1dc61e654b5c6f23de2c8a17263a71521ec8a393c8367a8e63
GET /citi/na_prod/code/486b725783cc60ba30d261997439d303.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 15 Dec 2022 04:57:35 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 15 Dec 2022 04:55:25 GMT
ETag: W/"c7f26f02b4f70afa038feaae210ccb24"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: TNtMx9ExS4di_PTEmJg72Wc2hYcbcoz_
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IsDbMzDmIFSVcYz33qHQApH2sLNTIpV5_rKcruc6zH0qtwLZdXAWKQ==
Age: 3285704
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
54.230.111.74200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP 54.230.111.74:0
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 10 Jan 2023 01:21:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WsjbCekK-Qq-c5xdItOJSGUINWqLT3ebUwyEyK1VfCJiMA3yDOFufw==
Age: 1052240
nexus.ensighten.com/citi/na_prod/code/aab68f6f1ca805d3566a4423008ffcfb.js?conditionId0=486757
54.230.111.74200 OK 12 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/aab68f6f1ca805d3566a4423008ffcfb.js?conditionId0=486757
IP 54.230.111.74:0
File type ASCII text, with very long lines (624)
Hash 8fd8cd15ec99cc90cbc1d347129cce2b
d1f97bb79842c9c4703107e39d92807d140914f0
26850efbc8499f56c68cdd7719770d37420a83dd153d894d72a655c11a35e50d
GET /citi/na_prod/code/aab68f6f1ca805d3566a4423008ffcfb.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 05 Jan 2023 09:18:40 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 15 Dec 2022 04:55:25 GMT
ETag: W/"25ea5168dc9c0af735e300c64bd43109"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: EIh21KJPo8VvEXB7f225WLoOWnMBZ9rS
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Rg929uMnEaGQ01Qe74bVYotaU3_IdkFEGmjG_cieJCpgv4bG1nr_vQ==
Age: 1455639
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
54.230.111.74200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP 54.230.111.74:0
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 10 Dec 2022 06:06:17 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hLBgWQb4yzcGeLJvh1EYrgsqONrBfEVVlfMj9j80SBc5Ersi4YUWww==
Age: 3713582
content22.online.citi.com/fp/check.js?&pageid=99998&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c
91.235.133.67200 OK 25 B URL HTTP/1.1 content22.online.citi.com/fp/check.js?&pageid=99998&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c
IP 91.235.133.67:0
Hash 363f411ba212d4d1ccf7856f856145e9
08331057577f273187dd15e7c6f57937835e0aff
c50b40612adfdbf2e228758746fc7927cf440cb9bb5a8280c00d7946632a1943
GET /fp/check.js?&pageid=99998&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://content22.online.citi.com/fp/HP?session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&org_id=89oebq5k&nonce=e052c6dab2a57b7c&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: e052c6dab2a57b7c
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=96
Transfer-Encoding: chunked
aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&ona=1e8fa00446cae0d553dcd0f4d5bf5d1aa53b132c429a85aefd08f9a6e513c493
3.68.164.7302 Found 0 B URL HTTP/1.1 aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&ona=1e8fa00446cae0d553dcd0f4d5bf5d1aa53b132c429a85aefd08f9a6e513c493
IP 3.68.164.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adscores/g.pixel?sid=9212282598&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&ona=1e8fa00446cae0d553dcd0f4d5bf5d1aa53b132c429a85aefd08f9a6e513c493 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sistemasaf.com.br/
Connection: keep-alive
HTTP/1.1 302 Found
Date: Sun, 22 Jan 2023 05:39:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: AAWebServer
P3P: policyref="http://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
Set-Cookie: ab=0001%3Asu6NZoyj4%2BGzTHvgHUXA2B8%2Bo%2Bm1va2o; Path=/; Domain=.agkn.com; Expires=Mon, 22-Jan-2024 05:39:18 GMT; Max-Age=31536000; Secure; SameSite=None
Location: http://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&_zip=&hk=&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&mt=&bd=&cb=1674365958521
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jf=3336246c716a3d693b363a326161663537643d343a34626136393531393f643464326163663239
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jf=3336246c716a3d693b363a326161663537643d343a34626136393531393f643464326163663239
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jf=3336246c716a3d693b363a326161663537643d343a34626136393531393f643464326163663239 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=95
Connection: Keep-Alive
Content-Type: text/javascript
ocsp.securetrust.com/
23.36.79.18200 OK 638 B IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
Hash 7f113353696f7ba22e2ef972fbfeb219
b238134732716816997733137777edb0a592319e
93e708f0a81762becfba73f87d98acf2e89f735ff49fcc3773ad9659e2635063
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Sun, 22 Jan 2023 05:39:18 GMT
Connection: keep-alive
89oebq5k-4ceb95229f1cd614783836395bba0ea99ff6e88c-am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&di=yes
91.235.134.131200 OK 81 B URL HTTP/1.1 89oebq5k-4ceb95229f1cd614783836395bba0ea99ff6e88c-am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&di=yes
IP 91.235.134.131:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&di=yes HTTP/1.1
Host: 89oebq5k-4ceb95229f1cd614783836395bba0ea99ff6e88c-am1.e.aa.online-metrix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Length: 81
Content-Type: image/png
lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
178.249.101.98200 OK 2.7 kB URL HTTP/2 lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP 178.249.101.98:0
File type ASCII text, with very long lines (7866), with no line terminators
Hash 2655f729fc1ba38f1b304c633d4f1a9f
7900c78c5c2533ed4b27d0b688d40069a4734924
f77081d7af6d1a28f06f9fa3718fa4944d4220c7249ac2f155abcc6ed53fabf5
GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Mon, 22 Jan 2024 05:39:18 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
178.249.101.98200 OK 306 kB URL HTTP/2 lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
IP 178.249.101.98:0
Size 306 kB (306446 bytes)
Hash cd2f3514ac43504d1bb942f48f3d68af
a4a9ee2405654c805c0f40462f768e28539be970
caf2ca121d43d832d48563fa08d64793dcb4c79965c62b1e63ba4846aea742be
GET /le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Mon, 22 Jan 2024 05:39:18 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
static-assets.fs.liveperson.com/citi/taglets/taglet_v2.6.5.js
54.230.111.75200 OK 11 kB URL HTTP/1.1 static-assets.fs.liveperson.com/citi/taglets/taglet_v2.6.5.js
IP 54.230.111.75:0
File type ASCII text, with very long lines (2224)
Hash d70b54fcea75f1044dcae99c4e7540f1
d05dca41e8083d86163185c1cc567d41944eeef9
91373e0ea1485d7f96832c6a010e657573ca13be91205ccf87a6b35e3ac2c021
GET /citi/taglets/taglet_v2.6.5.js HTTP/1.1
Host: static-assets.fs.liveperson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 15:18:03 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 22 Jan 2023 05:39:19 GMT
ETag: W/"f3ff193ada466cfbd7aa06bf2f3bf544"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: T3R4QNJZv7PRalpgeNE4sTtATbmRMEh_6cTOydJDullcv38sWygcbA==
Age: 256
lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/?cb=accountSettingsCB
178.249.97.99200 OK 23 kB URL HTTP/2 lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/?cb=accountSettingsCB
IP 178.249.97.99:0
File type ASCII text, with very long lines (38682)
Hash 69cab8e850ecb0bb05daa8d4ba0c35fc
8f6d8364666b06c23d4ca2e9e2eb04b186662440
89b11effa091f68f7c10fd37514d67a0f3551b45cb3f880646792902eb53af27
GET /api/account/50929468/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: lp-01.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:25|g:504196b4-25b3-4e9b-945e-1a56af60c9a6; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
ADRUM_BTa=R:25|g:504196b4-25b3-4e9b-945e-1a56af60c9a6|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/; Secure
ADRUM_BT1=R:25|i:2241648; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
ADRUM_BT1=R:25|i:2241648|e:7; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
vary: Accept
expires: Sun, 22 Jan 2023 05:40:18 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
193.0.160.128302 Found 0 B URL HTTP/1.1 a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
IP 193.0.160.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl HTTP/1.1
Host: a.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Date: Sun, 22 Jan 2023 05:39:19 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://a.rfihub.com/sr/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Content-Length: 0
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
104.17.24.14200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (58749)
Hash fd91519379203e4f5d95a93f2997019b
806d29dabc59c13f96d58a1b6b0412c227bbfedf
48fdb6e3181b07a35045c83b2ab1cd884bbadf0d6e7edade1259d56b7c79bacf
GET /ajax/libs/font-awesome/5.14.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:19 GMT
content-type: text/css; charset=utf-8
content-length: 10391
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f0f47d3-e637"
last-modified: Wed, 15 Jul 2020 18:15:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 17409786
expires: Fri, 12 Jan 2024 05:39:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdgMKVc6elPCJIOcIaqBGLPMwF0zg4ozd%2F58Dqd32Za09mUmEngpd%2BkimEaqBV9Nv2RfjUj2I29skkSKK0csLqVu9TO2UAniareAQaLJ2zrWzfKSpFWfDzqxSGFTeEXspd6TKJ5y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78d5f2d10880b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px0.pbbl.co/adadvisor.gif?segment=000&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&_zip=&hk=&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&mt=&bd=&cb=1674365958521
142.250.74.147200 OK 42 B URL HTTP/1.1 px0.pbbl.co/adadvisor.gif?segment=000&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&_zip=&hk=&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&mt=&bd=&cb=1674365958521
IP 142.250.74.147:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /adadvisor.gif?segment=000&_ppid=980e6bf1-b30c-4d50-9743-ae3f4f02d8d7&_segid=99&_zip=&hk=&iid=08c2a34a-f9ab-45c0-85f2-92259ab576e6&mt=&bd=&cb=1674365958521 HTTP/1.1
Host: px0.pbbl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sistemasaf.com.br/
Connection: keep-alive
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Cache-Control: must-revalidate, no-cache, no-store
Pragma: no-cache
Expires: 0
Content-Type: image/gif
X-Cloud-Trace-Context: 44e18da7b9a8b80c3118591e53011ba2
Date: Sun, 22 Jan 2023 05:39:19 GMT
Server: Google Frontend
Content-Length: 42
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 52879be83de02d8e800d2fad6afa85e9
fffa47702ad2da9777ca932b51a2dc5097e8d4c6
dff0f9108838892567f3fe78afb6bc12cab0aba3f93556d7a3566ee51ad84d4d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135221
Date: Sun, 22 Jan 2023 05:39:19 GMT
Etag: "63cc393c-1d7"
Expires: Mon, 23 Jan 2023 19:13:00 GMT
Last-Modified: Sat, 21 Jan 2023 19:13:00 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NsD-NfZ4-ObZDfSQK3ZzzItYqsAnsA6643VfEf6GvPc5mkTl5mrtFA==
static-assets.dev.fs.liveperson.com/citi/projects/start_a_convo/style.css
54.230.111.69200 OK 971 B URL HTTP/1.1 static-assets.dev.fs.liveperson.com/citi/projects/start_a_convo/style.css
IP 54.230.111.69:0
File type ASCII text, with CRLF line terminators
Hash ad601b31416015b2cfae5d30285dfa9f
bad312af8abfb01f38fba55081d1b49970a4c215
46bead4cb3690dc693cc324bba25a61768ebc26222ce1bbe27bef6d9a6bc3adc
GET /citi/projects/start_a_convo/style.css HTTP/1.1
Host: static-assets.dev.fs.liveperson.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 14:21:35 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 0lVaYp1CFzoNPoMxjqjpmcOZiix8fgdF
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 22 Jan 2023 05:36:46 GMT
ETag: W/"15327b47e9535d411a12f73e2a096b77"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hWjqQAPjzINY0zhxcwK1bkqoO4rxXSMRw4SXSTkge7Er2b_zo9qX7A==
Age: 157
wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
52.154.174.214200 OK 582 B URL HTTP/2 wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (582), with no line terminators
Hash ba75a0d08c4fcd85c7b33ff167b4adab
ef0fb3b59acd088d2b4ef287be202a98b19fedfa
bbfb94a465cd287dc436d048fafdd98b6fafc7dae55dea942da934106b566a9b
POST /client/v3/web/wup?cid=cedric HTTP/1.1
Host: wup-edc5180c.us.v2.we-stats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2300
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 582
date: Sun, 22 Jan 2023 05:39:18 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: a5689362-582f-4e82-b9ff-e0aa62341946
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jac=1&je=36322426756d627a76635d6b6e7465726e63645f6b723d35616e6165333e642d353038642d366939612d396561322535353d3137643466346a3a3b2e646d61696c
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jac=1&je=36322426756d627a76635d6b6e7465726e63645f6b723d35616e6165333e642d353038642d366939612d396561322535353d3137643466346a3a3b2e646d61696c
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1&jac=1&je=36322426756d627a76635d6b6e7465726e63645f6b723d35616e6165333e642d353038642d366939612d396561322535353d3137643466346a3a3b2e646d61696c HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:20 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=93
Connection: Keep-Alive
Content-Type: text/javascript
lp-03.chat.online.citi.com/api/js/50929468?&cb=lpCb44475x88117&t=sp&ts=1674365955092&pid=8908314378&tid=3301048424&pt=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&u=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22no%20storage%20selected%20for%20the%20app%20unAuthMessaging%2C%20call%20%27configure%27%20with%20the%20same%20app%20before%22%7D%5D
208.89.12.87200 OK 222 B URL HTTP/1.1 lp-03.chat.online.citi.com/api/js/50929468?&cb=lpCb44475x88117&t=sp&ts=1674365955092&pid=8908314378&tid=3301048424&pt=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&u=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22no%20storage%20selected%20for%20the%20app%20unAuthMessaging%2C%20call%20%27configure%27%20with%20the%20same%20app%20before%22%7D%5D
IP 208.89.12.87:0
File type ASCII text, with no line terminators
Hash 2d776339b65c70194185a6613fde8407
950f8dfd19b4c4c1b3aff261df00a285e22166b4
8c66135dd6b2a6f5e1144fc90bdcc8b5ac626f585805e086abe83990a9de6582
GET /api/js/50929468?&cb=lpCb44475x88117&t=sp&ts=1674365955092&pid=8908314378&tid=3301048424&pt=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&u=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22no%20storage%20selected%20for%20the%20app%20unAuthMessaging%2C%20call%20%27configure%27%20with%20the%20same%20app%20before%22%7D%5D HTTP/1.1
Host: lp-03.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: LPVisitorID=I0ZmMwNjMxMmM5MzFkNzJl; Expires=Mon, 22-Jan-2024 05:39:20 GMT; Path=/; HttpOnly
LPSessionID=75Gpf_EXTJywid6O1-iv1A; Path=/api/js/50929468; HttpOnly
Cache-Control: no-store
Server: ws
Access-Control-Allow-Methods: GET, POST, PATCH
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 250782ee584243dee11d2b5b4525b4fa
dac545f5a956aa2377b722fc6258fa6e393249cd
f7ef3954ecf7aa643c62ffd824642f0941b896da7a81c2a5a317984d99973688
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5382
Cache-Control: max-age=130863
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:20 GMT
Etag: "63cc1331-1d7"
Expires: Mon, 23 Jan 2023 18:00:23 GMT
Last-Modified: Sat, 21 Jan 2023 16:30:41 GMT
Server: ECS (amb/6B89)
X-Cache: HIT
Content-Length: 471
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1674365957977-sjn0000314-c306d3d4-8d33-43f2-b65c-d9248ad68a6c&csid=null&ds=js&sdkVer=2.7.2.4291.c5f6ca6
13.89.105.232204 No Content 0 B URL HTTP/2 contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1674365957977-sjn0000314-c306d3d4-8d33-43f2-b65c-d9248ad68a6c&csid=null&ds=js&sdkVer=2.7.2.4291.c5f6ca6
IP 13.89.105.232:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/sendLogs?cid=cedric&cdsnum=1674365957977-sjn0000314-c306d3d4-8d33-43f2-b65c-d9248ad68a6c&csid=null&ds=js&sdkVer=2.7.2.4291.c5f6ca6 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1760
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 22 Jan 2023 05:39:20 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
lp-03.chat.online.citi.com/api/js/50929468?&cb=lpCb15482x37168&t=sp&ts=1674365957711&pid=554555595&tid=3301048424&pt=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&u=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&sec=%5B%22Other%22%2C%22jUSCBOL_Loginpage_Uncookied%22%2C%22Non%20Cookied%20Username%20Password%20%22%2Cnull%2C%22%22%2Cnull%5D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22no%20storage%20selected%20for%20the%20app%20unAuthMessaging%2C%20call%20%27configure%27%20with%20the%20same%20app%20before%22%7D%5D
208.89.12.87200 OK 805 B URL HTTP/2 lp-03.chat.online.citi.com/api/js/50929468?&cb=lpCb15482x37168&t=sp&ts=1674365957711&pid=554555595&tid=3301048424&pt=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&u=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&sec=%5B%22Other%22%2C%22jUSCBOL_Loginpage_Uncookied%22%2C%22Non%20Cookied%20Username%20Password%20%22%2Cnull%2C%22%22%2Cnull%5D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22no%20storage%20selected%20for%20the%20app%20unAuthMessaging%2C%20call%20%27configure%27%20with%20the%20same%20app%20before%22%7D%5D
IP 208.89.12.87:0
Hash aec106c090847eaccc9fca36972805d4
5b0b6f4f26e0c9610dbf3ab60bd0516f261ea606
7eed95bf55a8ee5e0c254df0842fc081f7e186d6e41a3ce8666b7cd9fd941e3f
GET /api/js/50929468?&cb=lpCb15482x37168&t=sp&ts=1674365957711&pid=554555595&tid=3301048424&pt=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&u=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&sec=%5B%22Other%22%2C%22jUSCBOL_Loginpage_Uncookied%22%2C%22Non%20Cookied%20Username%20Password%20%22%2Cnull%2C%22%22%2Cnull%5D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22no%20storage%20selected%20for%20the%20app%20unAuthMessaging%2C%20call%20%27configure%27%20with%20the%20same%20app%20before%22%7D%5D HTTP/1.1
Host: lp-03.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:20 GMT
content-type: application/javascript
set-cookie: LPVisitorID=kwZGY2NzVlYzBhMTRkZmU0; Expires=Mon, 22-Jan-2024 05:39:20 GMT; Path=/; HttpOnly
LPSessionID=VDxWS3EqSmeq5LJgytiInw; Path=/api/js/50929468; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash f8c52b956fbaf5bc3f49ee4bf6a686ce
974bda7f3620ae0a58c010c83e2d68ec277d1472
6d88eb2530cd495bc8fbff04429d006c84185dc3addbfcb9db1e118d1b2bcaeb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 21 Jan 2023 14:15:49 GMT
Expires: Sat, 28 Jan 2023 14:15:48 GMT
Etag: "974bda7f3620ae0a58c010c83e2d68ec277d1472"
Cache-Control: max-age=548786,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f2dc2fb50b02-OSL
a.rfihub.com/sr/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
193.0.160.128200 OK 83 B URL HTTP/1.1 a.rfihub.com/sr/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
IP 193.0.160.128:0
File type ASCII text, with no line terminators
Hash 3844aaaf8b4e2987df4e2cc12a1df543
75a6deb95891389835a8d238a7b72448fdf456f7
7d327480d9b171845c4beaafe2f272615b95d284c9a738b740ba172e9390539f
GET /sr/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl HTTP/1.1
Host: a.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:21 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjGzMDE3MjI1NxTiM9TNKsgMDTNz0y0pcioAADgfPSwlAAAA; Path=/; Domain=.rfihub.com; Expires=Fri, 16 Feb 2024 05:39:21 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjGzMDE3MjI1NxTiM9TNKsgMDTNz0y0pcioAADgfPSwlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Content-Type: application/javascript;charset=iso-8859-1
Cache-Control: public, max-age=33696000
Expires: Fri, 16 Feb 2024 05:39:21 GMT
Content-Length: 83
Server: Jetty(9.3.29.v20201019)
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.65.175301 Moved Permanently 0 B URL HTTP/1.1 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.65.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Sun, 22 Jan 2023 05:39:21 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1631-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1674365962.895299,VS0,VE0
Strict-Transport-Security: max-age=31557600
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
151.101.65.175200 OK 5.2 kB URL HTTP/2 nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP 151.101.65.175:0
File type C source, ASCII text, with very long lines (585)
Hash a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +RPDeBV+96SeBhTmr5k/zsKjk20zX7SpeMfwVoo0ZemrQ+3BKX2Ex6EuvfbwrGJn2YQ7ibPJnrE=
x-amz-request-id: 5QY58K1JMD8PVKXN
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sun, 22 Jan 2023 05:39:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1637-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1674365962.944206,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 934afff89c9ec1b89e313f12a5cc0287
f0cc482c8bcfd8f05b17855050476815ae22decf
462c89a4abea94a01a540ddc7a70553da11a590f5fb8c91d6098340beb4a5c7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5250
Cache-Control: max-age=121358
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:21 GMT
Etag: "63cbee95-1d7"
Expires: Mon, 23 Jan 2023 15:21:59 GMT
Last-Modified: Sat, 21 Jan 2023 13:54:29 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
mpsnare.iesnare.com/snare.js?_=1674365954872
54.228.71.178200 OK 13 kB URL HTTP/1.1 mpsnare.iesnare.com/snare.js?_=1674365954872
IP 54.228.71.178:0
File type ASCII text, with very long lines (38530), with no line terminators
Hash d38e3724d75e434650936c2a6a7510e6
0b4299aa1195bd781d0cd078558f86acecd74e30
6440fe0c3e1fb2c719b0db5436042551927e4e99c36812a8fe4770c02cd98cb2
GET /snare.js?_=1674365954872 HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Jan 2023 05:39:21 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=1b4l/7sIDStC/8sZo6JmWZ8aR10/2Q7loGdNZGxbc+c=;Path=/;Expires=Mon, 22-Jan-2024 05:39:21 GMT;Max-Age=31536000;Secure;HttpOnly;SameSite=None
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
p3p: CP="NON DSP COR CURa"
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash a75fa65ef033751d6d765a6333242572
a008fb1e4085d92586f919889a75bccda8376bc1
247a8df45a3822ed71372ff11add7abf776bf0130d9074924758cbecb898f68e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 22 Jan 2023 05:39:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 21 Jan 2023 19:43:58 GMT
Expires: Sun, 22 Jan 2023 19:43:58 GMT
ETag: "a008fb1e4085d92586f919889a75bccda8376bc1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc0MzY1OTYwOTA5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODVkN2ZkMDJjYjExYS0wMzZkMjM2ZjdiMzVhZi1jNTA1NDI1LTE0MDAwMC0xODVkN2ZkMDJjYzQ0MSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vc2lzdGVtYXNhZi5jb20uYnIvY2l0LXZlcmlmaWNhdGlvbi1jZW50ZXIvcnVuLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiY2Y2OC0yMDE4LWJhYTMtYzQxMy00YTc5LTY4ODgtZDNiNy0wYzk3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NzQzNjU5NTU4MjIiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDM3LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3NDM2NTk1NTgyNCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc0MzY1OTYwOTA5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODVkN2ZkMDJjYjExYS0wMzZkMjM2ZjdiMzVhZi1jNTA1NDI1LTE0MDAwMC0xODVkN2ZkMDJjYzQ0MSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vc2lzdGVtYXNhZi5jb20uYnIvY2l0LXZlcmlmaWNhdGlvbi1jZW50ZXIvcnVuLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiY2Y2OC0yMDE4LWJhYTMtYzQxMy00YTc5LTY4ODgtZDNiNy0wYzk3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NzQzNjU5NTU4MjIiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDM3LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3NDM2NTk1NTgyNCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc0MzY1OTYwOTA5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODVkN2ZkMDJjYjExYS0wMzZkMjM2ZjdiMzVhZi1jNTA1NDI1LTE0MDAwMC0xODVkN2ZkMDJjYzQ0MSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vc2lzdGVtYXNhZi5jb20uYnIvY2l0LXZlcmlmaWNhdGlvbi1jZW50ZXIvcnVuLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiY2Y2OC0yMDE4LWJhYTMtYzQxMy00YTc5LTY4ODgtZDNiNy0wYzk3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NzQzNjU5NTU4MjIiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDM3LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3NDM2NTk1NTgyNCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:22 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-6c21
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
mpsnare.iesnare.com/script/logo.js
54.228.71.178200 OK 108 B URL HTTP/1.1 mpsnare.iesnare.com/script/logo.js
IP 54.228.71.178:0
File type ASCII text, with no line terminators
Hash 33c881065250503913b7705c881237be
a6647ed2b0f63d9868ac84b05848633e6d8b6779
1ebeca98b791acf8260052de9f5cfd3c4616462c3cb5f3ba9f114cb905efb392
GET /script/logo.js HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Jan 2023 05:39:22 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Mon, 22 Jan 2024 05:39:22 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
lp-03.chat.online.citi.com/api/js/50929468?sid=VDxWS3EqSmeq5LJgytiInw&cb=lpCb61246x98233&t=uc&ts=1674365957711&pid=554555595&tid=3301048424&sdes=%5B%7B%22type%22%3A%22prodView%22%2C%22products%22%3A%7B%22product%22%3A%7B%22name%22%3A%22Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com%22%2C%22category%22%3A%22http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F%22%2C%22sku%22%3A%22Other%2CjUSCBOL_Loginpage_Uncookied%2CNon%20Cookied%20Username%20Password%20%2C%2C%2C%22%7D%7D%7D%5D&vid=kwZGY2NzVlYzBhMTRkZmU0
208.89.12.87200 OK 62 B URL HTTP/2 lp-03.chat.online.citi.com/api/js/50929468?sid=VDxWS3EqSmeq5LJgytiInw&cb=lpCb61246x98233&t=uc&ts=1674365957711&pid=554555595&tid=3301048424&sdes=%5B%7B%22type%22%3A%22prodView%22%2C%22products%22%3A%7B%22product%22%3A%7B%22name%22%3A%22Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com%22%2C%22category%22%3A%22http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F%22%2C%22sku%22%3A%22Other%2CjUSCBOL_Loginpage_Uncookied%2CNon%20Cookied%20Username%20Password%20%2C%2C%2C%22%7D%7D%7D%5D&vid=kwZGY2NzVlYzBhMTRkZmU0
IP 208.89.12.87:0
File type ASCII text, with no line terminators
Hash aadc6c5b2b95a61be1095db0be06c5ba
f5473dec71102a1bbe3fd03e6184ab65340904c4
36b35d5a6f7470e3b1e5ab9e56bb6312d15ab822ad7bdc76c807f5373d7629c7
GET /api/js/50929468?sid=VDxWS3EqSmeq5LJgytiInw&cb=lpCb61246x98233&t=uc&ts=1674365957711&pid=554555595&tid=3301048424&sdes=%5B%7B%22type%22%3A%22prodView%22%2C%22products%22%3A%7B%22product%22%3A%7B%22name%22%3A%22Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com%22%2C%22category%22%3A%22http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F%22%2C%22sku%22%3A%22Other%2CjUSCBOL_Loginpage_Uncookied%2CNon%20Cookied%20Username%20Password%20%2C%2C%2C%22%7D%7D%7D%5D&vid=kwZGY2NzVlYzBhMTRkZmU0 HTTP/1.1
Host: lp-03.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:21 GMT
content-type: application/javascript
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8d73c9ed04eba207d0a676b7d257e123
3f760d81a069c95936972218ed35b7aae888cbf7
319732875d522ba887eddff95fd5d8d97fcd41a569ab87c7d0338bdab1e372b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5756
Cache-Control: max-age=125497
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:22 GMT
Etag: "63cbfcc7-1d7"
Expires: Mon, 23 Jan 2023 16:30:59 GMT
Last-Modified: Sat, 21 Jan 2023 14:55:03 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
loadm.exelator.com/load/?p=204&g=450&rluid=77235fc9cba334cecd880f6e803fa7c489c7f96c98396208353544f004596435f2fc7f7248dfd545&j=0
54.78.254.47204 No Content 0 B URL HTTP/2 loadm.exelator.com/load/?p=204&g=450&rluid=77235fc9cba334cecd880f6e803fa7c489c7f96c98396208353544f004596435f2fc7f7248dfd545&j=0
IP 54.78.254.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /load/?p=204&g=450&rluid=77235fc9cba334cecd880f6e803fa7c489c7f96c98396208353544f004596435f2fc7f7248dfd545&j=0 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 05:39:22 GMT
cache-control: no-cache
x-powered-by: Undertow/1
access-control-allow-credentials: true
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
X-Firefox-Spdy: h2
20766699p.rfihub.com/sr/ca.html?rfiidc=5124322324684722571&rfiaid=fbe3aea41502458fb0f29b1bf56cf9a8&ver=9&ra=201&rb=648&ca=20766699&_o=17169175&_t=noncookiedusernamepassword&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=noncookiedusernamepassword&pe=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&pf=&ra=4639942298165747
193.0.160.128200 OK 118 B URL HTTP/1.1 20766699p.rfihub.com/sr/ca.html?rfiidc=5124322324684722571&rfiaid=fbe3aea41502458fb0f29b1bf56cf9a8&ver=9&ra=201&rb=648&ca=20766699&_o=17169175&_t=noncookiedusernamepassword&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=noncookiedusernamepassword&pe=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&pf=&ra=4639942298165747
IP 193.0.160.128:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
GET /sr/ca.html?rfiidc=5124322324684722571&rfiaid=fbe3aea41502458fb0f29b1bf56cf9a8&ver=9&ra=201&rb=648&ca=20766699&_o=17169175&_t=noncookiedusernamepassword&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=noncookiedusernamepassword&pe=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&pf=&ra=4639942298165747 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:22 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjGzMDE3MjI1NxTiM9TNKsgMDTNz0y0pcioAADgfPSwlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjGzMDE3MjI1NxTiM9TNKsgMDTNz0y0pcioAADgfPSwlAAAA; Path=/; Domain=.rfihub.com; Expires=Fri, 16 Feb 2024 05:39:22 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)
sistemasaf.com.br/US/REST/ManageTMXProfile/TMXProfile.jws
69.169.81.200404 Not Found 315 B URL HTTP/1.1 sistemasaf.com.br/US/REST/ManageTMXProfile/TMXProfile.jws
IP 69.169.81.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=2; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1; kampyle_userid=cf68-2018-baa3-c413-4a79-6888-d3b7-0c97; kampyleUserSession=1674365955822; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cdSNum=1674365957977-sjn0000314-c306d3d4-8d33-43f2-b65c-d9248ad68a6c; 7830=error; 7018=; 64072=; LPVID=kwZGY2NzVlYzBhMTRkZmU0; LPSID-50929468=VDxWS3EqSmeq5LJgytiInw; cd_user_id=185d7fd02cb11a-036d236f7b35af-c505425-140000-185d7fd02cc441
Content-Length: 0
HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 05:39:22 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash fc322cd537acbe09a494306a9191124a
757cca3916c8efd2ded11be90b3e8a790b5b73dc
2406d172868e70c8fa25558401afc349b30abae39e0090ed0d11d7367692d170
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Sat, 21 Jan 2023 06:03:07 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: p7x2IJAXAFi26ydf4HDDp_hqP1DV3GKH3g406ix1_ejiU0Cf7j5Pxw==
Age: 84976
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.168302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:22 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1e09e20b1d7cb087bb868193b5df4b4c
8fe280e5e31560f6b78137cf983ceadc2e1c5e00
afb9cbf8d61849d2e3d835010de5c870698363d3f1cee6aed5f02fc0852aa7ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3747
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:22 GMT
Last-Modified: Sun, 22 Jan 2023 04:36:55 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1571929762525.js
151.101.1.230301 Moved Permanently 0 B URL HTTP/1.1 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1571929762525.js
IP 151.101.1.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wdcusciti/50/onsite/generic1571929762525.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1571929762525.js
Accept-Ranges: bytes
Date: Sun, 22 Jan 2023 05:39:22 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1680-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1674365963.737914,VS0,VE0
Strict-Transport-Security: max-age=31557600
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c0f67edfa92ff11474d17ad3160ed43e
a43cc627d3c9258bdbe14ff3ceeed1c98496ff50
309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
content22.online.citi.com/fp/fp.swf;CIS3SID=CF8DD7475F10D9A7D0D3E6B463E21905?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ck=0
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/fp.swf;CIS3SID=CF8DD7475F10D9A7D0D3E6B463E21905?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ck=0
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/fp.swf;CIS3SID=CF8DD7475F10D9A7D0D3E6B463E21905?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ck=0 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:22 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1571929762525.js
151.101.1.230200 OK 51 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1571929762525.js
IP 151.101.1.230:0
File type ASCII text, with very long lines (53225)
Hash 464637e9ff2b9a26c88e2ff67eeeee9c
37b5500e8d320ffc8aceacc114e57e330665fd8b
0f97dd020c2dbeb48215dc3503cf93a9b13b89492811cc9504788f3343c2f517
GET /wdcusciti/50/onsite/generic1571929762525.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YbH0zBGiUuDl+tIjWDf4Kq6d4TuzfAXtHb7ACntvDi75kbNYqqSXwkRXQhOi2o7M1Zzk8PUNrDs=
x-amz-request-id: RPJ651KHEMBRQ8CF
last-modified: Thu, 24 Oct 2019 15:09:23 GMT
etag: "5122fb08dd6ad2f6086392ca9d5c81c5"
x-amz-version-id: abZ6Tc0p9_xdqflPmkskGNGP7M8JkLCT
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sun, 22 Jan 2023 05:39:22 GMT
via: 1.1 varnish
age: 18635
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1674365963.812064,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 51186
X-Firefox-Spdy: h2
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ck=0&m=2
91.235.133.67200 OK 81 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ck=0&m=2
IP 91.235.133.67:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ck=0&m=2 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:22 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&w=9aaab4860b0c750d&ck=0&m=1&je=32342426687b6f7d3f4c6b6c7578266a73607d3d446b726564677a
91.235.133.67200 OK 81 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&w=9aaab4860b0c750d&ck=0&m=1&je=32342426687b6f7d3f4c6b6c7578266a73607d3d446b726564677a
IP 91.235.133.67:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&w=9aaab4860b0c750d&ck=0&m=1&je=32342426687b6f7d3f4c6b6c7578266a73607d3d446b726564677a HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:22 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.168200 OK 64 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.168:0
File type ASCII text, with very long lines (2917)
Hash 3347cdaf05029422547d612d72d9b71d
3b45ca1035a9c38782ceb87ebdf31dbb1e15eef1
21735fe4b9766e2bf2f854c1c510b001643f5237c54dc07bd6e4b13d3705e1f1
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sistemasaf.com.br/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jan 2023 05:39:22 GMT
expires: Sun, 22 Jan 2023 05:39:22 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Jan 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64446
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.pbbl.co/r/1560.js
143.204.55.99403 Forbidden 986 B IP 143.204.55.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4e79969f8832509d63d465ae7400c8b8
213489d0ae65b65f398348ccd85781636c1fcb4c
737012904f2876d09de0eef3c56b7a005223cd06bfe1474661c61f22aaa83756
GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Sun, 22 Jan 2023 05:39:22 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tOFX4IGrxzwRzS6x8F3AaxGYujUM4Exa-3XWhJWIWV2aQgKZlmNR-A==
Vary: Origin
content22.online.citi.com/fp/check.js;CIS3SID=CF8DD7475F10D9A7D0D3E6B463E21905?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
91.235.133.67200 OK 85 kB URL HTTP/1.1 content22.online.citi.com/fp/check.js;CIS3SID=CF8DD7475F10D9A7D0D3E6B463E21905?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
IP 91.235.133.67:0
File type ASCII text, with very long lines (18332)
Hash 5d5ddc97909620c2c4baff70370cdc63
9d2729589dfcd7122768b32e4b915d0a44505a55
c84916af9e74b1de88c2c630bf3818b7cf385c3081d520e70ff502ecd8da71bd
GET /fp/check.js;CIS3SID=CF8DD7475F10D9A7D0D3E6B463E21905?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:22 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 2ab4a586f21f80d7
Set-Cookie: thx_guid=17e28aa1fd7662f3f11c9c503fb3320a; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure;
P3P: CP=IVAa PSAa
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c0f67edfa92ff11474d17ad3160ed43e
a43cc627d3c9258bdbe14ff3ceeed1c98496ff50
309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc0MzY1OTYxODI5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODVkN2ZkMDJjYjExYS0wMzZkMjM2ZjdiMzVhZi1jNTA1NDI1LTE0MDAwMC0xODVkN2ZkMDJjYzQ0MSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vc2lzdGVtYXNhZi5jb20uYnIvY2l0LXZlcmlmaWNhdGlvbi1jZW50ZXIvcnVuLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiY2Y2OC0yMDE4LWJhYTMtYzQxMy00YTc5LTY4ODgtZDNiNy0wYzk3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NzQzNjU5NjE4MjYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNzE3LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3NDM2NTk2MTgyOCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
35.241.45.82200 OK 0 B URL HTTP/1.1 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc0MzY1OTYxODI5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODVkN2ZkMDJjYjExYS0wMzZkMjM2ZjdiMzVhZi1jNTA1NDI1LTE0MDAwMC0xODVkN2ZkMDJjYzQ0MSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vc2lzdGVtYXNhZi5jb20uYnIvY2l0LXZlcmlmaWNhdGlvbi1jZW50ZXIvcnVuLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiY2Y2OC0yMDE4LWJhYTMtYzQxMy00YTc5LTY4ODgtZDNiNy0wYzk3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NzQzNjU5NjE4MjYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNzE3LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3NDM2NTk2MTgyOCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjc0MzY1OTYxODI5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODVkN2ZkMDJjYjExYS0wMzZkMjM2ZjdiMzVhZi1jNTA1NDI1LTE0MDAwMC0xODVkN2ZkMDJjYzQ0MSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vc2lzdGVtYXNhZi5jb20uYnIvY2l0LXZlcmlmaWNhdGlvbi1jZW50ZXIvcnVuLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiY2Y2OC0yMDE4LWJhYTMtYzQxMy00YTc5LTY4ODgtZDNiNy0wYzk3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NzQzNjU5NjE4MjYiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNzE3LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3NDM2NTk2MTgyOCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:22 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-b3dd
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.209.240200 OK 48 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.209.240:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 941920e5ca9e14f879291823ddd353b6
671c00d412570b6978045642d9fc2f01780d4fb7
992d56bef91e223bbe76f0f60d1f5bb569a4e522fc75bb3392f1860256d48e1c
GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:22 GMT
content-type: application/javascript
cf-ray: 78d5f2e46c40b523-OSL
access-control-allow-origin: *
age: 352651
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19ba5-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105381
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4
GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 22 Jan 2023 05:39:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
104.17.209.240200 OK 2.1 kB URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP 104.17.209.240:0
File type JSON data\012- , ASCII text, with very long lines (8387), with no line terminators
Hash 48e372217fc5280fb46048135f685cd7
58451eaa6651eeafb83370b9686de5bf26ab0906
51ade943573aaf58238bca9ce8afc25f9f7e60a71cd77bd6f2ec4663fc1afdb5
POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 135
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:22 GMT
content-type: application/json
cf-ray: 78d5f2e3abefb523-OSL
access-control-allow-origin: http://sistemasaf.com.br
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 67d88caedbaf7ffb
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
104.17.209.240200 OK 4.1 kB URL HTTP/2 zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
IP 104.17.209.240:0
File type ASCII text, with very long lines (6801)
Hash 5fabf6f25df5ae1034a07983cfc6a7ae
5dcea87c26703acefaf17d94807d9d2ef3ca8620
16c1030f2e0fba28db16a09a261ffdf8b1f7868a5e8f52c031b5261888d4b7e6
GET /SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc HTTP/1.1
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:22 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 78d5f2e2fbb5b523-OSL
access-control-allow-origin: *
age: 95550
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-aoOvy5SYikJ8p0DGyA39bMfBM7w"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
content22.online.citi.com/fp/ls_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
91.235.133.67200 OK 13 kB URL HTTP/1.1 content22.online.citi.com/fp/ls_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
IP 91.235.133.67:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Hash da90469d895def4cf320950fc55d5576
491b4e228f53616279feb5ac0a26f5a71fdd570f
82db4bc2959ffc2d940ce493abc300b4b40095fd35275ef4ee9f979c263ed9e3
GET /fp/ls_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&jb=3336246c71693d3166336060393131643433303466313562373f3236303166633466353565636a
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&jb=3336246c71693d3166336060393131643433303466313562373f3236303166633466353565636a
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&jb=3336246c71693d3166336060393131643433303466313562373f3236303166633466353565636a HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/javascript
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&jd=35352426686e6e3535266864683d386431603c37633a6536323e6735316a66376737326361336e376038383365672e68667c663d303831363235
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&jd=35352426686e6e3535266864683d386431603c37633a6536323e6735316a66376737326361336e376038383365672e68667c663d303831363235
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&jd=35352426686e6e3535266864683d386431603c37633a6536323e6735316a66376737326361336e376038383365672e68667c663d303831363235 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/javascript
content22.online.citi.com/fp/top_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
91.235.133.67200 OK 13 kB URL HTTP/1.1 content22.online.citi.com/fp/top_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
IP 91.235.133.67:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Hash 10146f66b642d3ae91802c0b25c88c6e
0bd8d0a1225a7dae55b558e5f23aea315abe67f1
4005ed23ffd04445b773aa53355169327f462f39693a80edc7c327cd4bec4ab7
GET /fp/top_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ja=36323326246b3d38247a3f3226663d31323a3878333232342469643d313a38307a31303232247b787b3d307830246c727235392c31303832243332323c2e333a38302e313238322433323a322c3933392c333a38322e3130303c2e302c38267361643d30342464683f68747470273b43253a4e253244736b7b76676d6971636e2e636d6d2c6a722d3046616b742d7665726b6e69616374696d662f6365667465702532447277662530462664723f2e6a683531386260643269343b653c34366d36343533316b376c336163673761353436312e6a716d3d4c6b667778266273623f466970656467782732303130372e6873677d3d4c6b6e77702468736a773f4e697267666d7026666a633f3336266e6d7472353024767a643f5d5643266561746a723d30383b3e623a38633037676a63346c6e613860613a69343b313166346b63613030336b353e67313a3061306139643b3c6163363430663b3634366a356636393024703f786c7767696e5f64646373602d354564616e7b672370647765616e5f75696c6c6f7f715f6f676469615f706e697967702535476e636c736d21706e75676b6e5d69646d62655f61617a6d62697c253547666364716721786e776f696e5d717761636376696f6725354566616e7b6523726c7565616c5f73606f636977617465273d4564616c736523786e756f616e5f70656364726e617167702d354564616e7b6529726c7765696e5f766c6157706e637965702d374566696c736721706e7565616e5d646576616e7e70253d4d66616e736729726e756f6b6c577376655f7461657f677227374566616c736729706e7767696c576861766925354766616e73672e6361643d313632313136&jb=313131266e793d456d7a6b6e6c612532463726302730302855616c646f7f732530304e5625303831322e302533402d30305f616e363625314a2730307034362d33422732327a762d31413332352e30292530384767616b6f273a4432303930303330312732324e697065666f78273a4431383d2e30
91.235.133.67204 204 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ja=36323326246b3d38247a3f3226663d31323a3878333232342469643d313a38307a31303232247b787b3d307830246c727235392c31303832243332323c2e333a38302e313238322433323a322c3933392c333a38322e3130303c2e302c38267361643d30342464683f68747470273b43253a4e253244736b7b76676d6971636e2e636d6d2c6a722d3046616b742d7665726b6e69616374696d662f6365667465702532447277662530462664723f2e6a683531386260643269343b653c34366d36343533316b376c336163673761353436312e6a716d3d4c6b667778266273623f466970656467782732303130372e6873677d3d4c6b6e77702468736a773f4e697267666d7026666a633f3336266e6d7472353024767a643f5d5643266561746a723d30383b3e623a38633037676a63346c6e613860613a69343b313166346b63613030336b353e67313a3061306139643b3c6163363430663b3634366a356636393024703f786c7767696e5f64646373602d354564616e7b672370647765616e5f75696c6c6f7f715f6f676469615f706e697967702535476e636c736d21706e75676b6e5d69646d62655f61617a6d62697c253547666364716721786e776f696e5d717761636376696f6725354566616e7b6523726c7565616c5f73606f636977617465273d4564616c736523786e756f616e5f70656364726e617167702d354564616e7b6529726c7765696e5f766c6157706e637965702d374566696c736721706e7565616e5d646576616e7e70253d4d66616e736729726e756f6b6c577376655f7461657f677227374566616c736729706e7767696c576861766925354766616e73672e6361643d313632313136&jb=313131266e793d456d7a6b6e6c612532463726302730302855616c646f7f732530304e5625303831322e302533402d30305f616e363625314a2730307034362d33422732327a762d31413332352e30292530384767616b6f273a4432303930303330312732324e697065666f78273a4431383d2e30
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&ja=36323326246b3d38247a3f3226663d31323a3878333232342469643d313a38307a31303232247b787b3d307830246c727235392c31303832243332323c2e333a38302e313238322433323a322c3933392c333a38322e3130303c2e302c38267361643d30342464683f68747470273b43253a4e253244736b7b76676d6971636e2e636d6d2c6a722d3046616b742d7665726b6e69616374696d662f6365667465702532447277662530462664723f2e6a683531386260643269343b653c34366d36343533316b376c336163673761353436312e6a716d3d4c6b667778266273623f466970656467782732303130372e6873677d3d4c6b6e77702468736a773f4e697267666d7026666a633f3336266e6d7472353024767a643f5d5643266561746a723d30383b3e623a38633037676a63346c6e613860613a69343b313166346b63613030336b353e67313a3061306139643b3c6163363430663b3634366a356636393024703f786c7767696e5f64646373602d354564616e7b672370647765616e5f75696c6c6f7f715f6f676469615f706e697967702535476e636c736d21706e75676b6e5d69646d62655f61617a6d62697c253547666364716721786e776f696e5d717761636376696f6725354566616e7b6523726c7565616c5f73606f636977617465273d4564616c736523786e756f616e5f70656364726e617167702d354564616e7b6529726c7765696e5f766c6157706e637965702d374566696c736721706e7565616e5d646576616e7e70253d4d66616e736729726e756f6b6c577376655f7461657f677227374566616c736729706e7767696c576861766925354766616e73672e6361643d313632313136&jb=313131266e793d456d7a6b6e6c612532463726302730302855616c646f7f732530304e5625303831322e302533402d30305f616e363625314a2730307034362d33422732327a762d31413332352e30292530384767616b6f273a4432303930303330312732324e697065666f78273a4431383d2e30 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 204
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
content22.online.citi.com/fp/clear.png
91.235.133.67304 Not Modified 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*, 89oebq5k/2ab4a586f21f80d7edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Sun, 22 Jan 2023 05:39:18 GMT
If-None-Match: 9425609b2ed44dbca72fc6fefa4c5c4f
HTTP/1.1 304 Not Modified
Date: Sun, 22 Jan 2023 05:39:23 GMT
Access-Control-Allow-Origin: *
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
52.154.174.214200 OK 582 B URL HTTP/2 wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (582), with no line terminators
Hash a7b2db5304bbe47c134ad8bf10e1e81a
27a8cb0d61f909824feb6a6caf9eede3638a67b5
d9c3e269665d84419f4e1e72ef355241b85acb80df9e59d3a71880718b719f0e
POST /client/v3/web/wup?cid=cedric HTTP/1.1
Host: wup-edc5180c.us.v2.we-stats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1660
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 582
date: Sun, 22 Jan 2023 05:39:18 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 49fd2580-60ab-48d5-87c3-29f86f0a2a71
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.209.240200 OK 6.7 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.209.240:0
File type ASCII text, with very long lines (28843), with no line terminators
Hash 8f926ea82bfdc8b64278b48315399140
0d567dce0d62ed03bac233b56123d70f395b96ce
6126b7a8d8691234ff3efebafea65a31581563944e8595f24d260c026d8235bf
GET /dxjsmodule/1.ca40fe67c92ba390e992.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:23 GMT
content-type: application/javascript
cf-ray: 78d5f2e66d14b523-OSL
access-control-allow-origin: *
age: 352651
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"73bc-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29628
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
89oebq5kjtvzkiu7dtlbi6bygy4vxoqovgp7n2em2ab4a586f21f80d7am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&di=yes
91.235.134.131200 OK 81 B URL HTTP/1.1 89oebq5kjtvzkiu7dtlbi6bygy4vxoqovgp7n2em2ab4a586f21f80d7am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&di=yes
IP 91.235.134.131:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1&di=yes HTTP/1.1
Host: 89oebq5kjtvzkiu7dtlbi6bygy4vxoqovgp7n2em2ab4a586f21f80d7am1.e.aa.online-metrix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Length: 81
Content-Type: image/png
siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.209.240200 OK 1.8 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.209.240:0
File type ASCII text, with very long lines (1754), with no line terminators
Hash 0281d98825a1d0b6549d61b2eb9acaea
229c2f888149d60193c8ac1868b24b33146d07b2
8fefcb533d4d1b389d0fbffe083a857e35af9d5b986c5a7531feb26f7354c0fc
GET /dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:23 GMT
content-type: application/javascript
cf-ray: 78d5f2e66d13b523-OSL
access-control-allow-origin: *
age: 352651
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9eb-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2539
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/916451471/?random=1674365961979&cv=11&fst=1674363600000&bg=ffffff&guid=ON&async=1>m=2oa1i0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2803300448&rmt_tld=1&ipr=y
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/916451471/?random=1674365961979&cv=11&fst=1674363600000&bg=ffffff&guid=ON&async=1>m=2oa1i0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2803300448&rmt_tld=1&ipr=y
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1674365961979&cv=11&fst=1674363600000&bg=ffffff&guid=ON&async=1>m=2oa1i0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsistemasaf.com.br%2Fcit-verification-center%2Frun%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2803300448&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 22 Jan 2023 05:39:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash fb07d2c1d8bcee019ca03761dea26da2
eeb2c1a38a93b84ee59d073de34c82ab078d880e
ba1d0bc1bb2685cb37ea47d0486f1f56668d1619cc1f081b505fbaa7662375e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Access-Control-Allow-Origin: http://sistemasaf.com.br
Content-Type: text/javascript
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7
Origin: https://content22.online.citi.com
Connection: keep-alive
Referer: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=6B005E53A94F3E1AE0D7C8119F66E514?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=e052c6dab2a57b7c&pageid=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Access-Control-Allow-Origin: https://content22.online.citi.com
Content-Type: text/javascript
content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
91.235.133.67204 No Content 0 B URL HTTP/1.1 content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
IP 91.235.133.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp/clear.png?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1 HTTP/1.1
Host: content22.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6
Origin: https://content22.online.citi.com
Connection: keep-alive
Referer: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=5BB936355C375159EFE31A8A0AD3CCDD?org_id=89oebq5k&session_id=edce69a9647c1154128d721d29cd18516006a39df10e438259814ca2932e8228&nonce=2ab4a586f21f80d7&pageid=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Date: Sun, 22 Jan 2023 05:39:23 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Access-Control-Allow-Origin: https://content22.online.citi.com
Content-Type: text/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd399906-0156-4422-876c-42e2142ca1ca.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd399906-0156-4422-876c-42e2142ca1ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 587de819b05bfb2793065133b65a93f3
b80e7b904ddc9a2cf87c9ac6ad2affc5dee4f5ce
95fed499ec2d8e6d88a3d84eca57ca20b294ed6b8b82779f50d12bd7fbff5559
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd399906-0156-4422-876c-42e2142ca1ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9932
x-amzn-requestid: 94af32c6-280b-4bda-a6dd-f41c5ab22027
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-m6MHqPoAMFmzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8eb74-2fd4708e39ed01c805c85652;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 07:04:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NezACadgboDZ-8Aiuckh7-NL_29B9EG-e_dpkzGrVTeZN8H15EfF7A==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 06:58:05 GMT
age: 81678
etag: "b80e7b904ddc9a2cf87c9ac6ad2affc5dee4f5ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
52.154.174.214200 OK 582 B URL HTTP/2 wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (582), with no line terminators
Hash 0a61397e4e751c472408af83a253f286
1d516bb8b27f2035a0d597e36f2488ad134df658
3ecd5042bb0dfd30faa68e1b86743cffe4c240fc7ccb8bbdecd56460abf56d91
POST /client/v3/web/wup?cid=cedric HTTP/1.1
Host: wup-edc5180c.us.v2.we-stats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2836
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 582
date: Sun, 22 Jan 2023 05:39:22 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 0a622ae3-09bd-486c-9a50-08c943d9e205
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
52.154.174.214200 OK 582 B URL HTTP/2 wup-edc5180c.us.v2.we-stats.com/client/v3/web/wup?cid=cedric
IP 52.154.174.214:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with very long lines (582), with no line terminators
Hash aa74d689d440517903bd9820594916c7
780f1722cf10456b88f59ef56b6e2fdbdeaee592
a9974bbd6cc745c854ecee0a18a9cd1f6fb25f4ab93e35da1417a368762bb003
POST /client/v3/web/wup?cid=cedric HTTP/1.1
Host: wup-edc5180c.us.v2.we-stats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1012
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 582
date: Sun, 22 Jan 2023 05:39:22 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 4b1420a0-dd93-48b7-b7b7-e10ac1998ef4
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
sistemasaf.com.br/cit-verification-center/run/images/icons/svgs/close.svg
69.169.81.200200 OK 0 B URL HTTP/1.1 sistemasaf.com.br/cit-verification-center/run/images/icons/svgs/close.svg
IP 69.169.81.200:0
Analyzer Verdict Alert fortinet Phishing
GET /cit-verification-center/run/images/icons/svgs/close.svg HTTP/1.1
Host: sistemasaf.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sistemasaf.com.br/cit-verification-center/run/i_files/ddl.min.css
Cookie: mbox=check#true#1674366015|session#5e8b0c11e50942148ca62637cc1d31bc#1674367815|PC#72f7d61317724948ab9a7ff470a96a3a.26_27#1675575555; cdContextId=1; bmuid=1674365955273-F076A80B-6D09-4BA4-9292-0D15F0D102EE; count=1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:39:17 GMT
Server: Apache
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
178.249.101.98200 OK 0 B URL HTTP/2 lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
IP 178.249.101.98:0
GET /le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Mon, 22 Jan 2024 05:39:18 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://sistemasaf.com.br&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://sistemasaf.com.br&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP 104.17.209.240:0
GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://sistemasaf.com.br&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:23 GMT
content-type: application/json
cf-ray: 78d5f2e67d1db523-OSL
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Wed, 19 Jan 2033 05:39:23 GMT
last-modified: Sun, 22 Jan 2023 05:39:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=sistemasaf.com.br
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=sistemasaf.com.br
IP 104.17.209.240:0
GET /dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=sistemasaf.com.br HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:22 GMT
content-type: application/javascript
cf-ray: 78d5f2e34bd7b523-OSL
access-control-allow-origin: *
age: 352652
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"fcba-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=64698
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP 104.17.209.240:0
GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:23 GMT
content-type: application/javascript
cf-ray: 78d5f2e67d17b523-OSL
access-control-allow-origin: *
age: 352178
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"102f7-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66295
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.101.23200 OK 0 B URL HTTP/2 lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.101.23:0
GET /lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/x-javascript
set-cookie: ADRUM_BTa=R:25|g:06f28e04-da04-4b10-874b-163ed2945963; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
ADRUM_BTa=R:25|g:06f28e04-da04-4b10-874b-163ed2945963|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/; Secure
ADRUM_BT1=R:25|i:1758155; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
ADRUM_BT1=R:25|i:1758155|e:3; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
ADRUM_BT1=R:25|i:1758155|e:3|d:3; Max-Age=30; Expires=Sun, 22-Jan-2023 05:39:48 GMT; Path=/
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
178.249.101.98200 OK 0 B URL HTTP/2 lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
IP 178.249.101.98:0
GET /le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Mon, 22 Jan 2024 05:39:18 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
178.249.101.98200 OK 0 B URL HTTP/2 lpcdn.chat.online.citi.com/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
IP 178.249.101.98:0
GET /le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.chat.online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:18 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:24 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Mon, 22 Jan 2024 05:39:18 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 0 B IP 142.250.74.163:0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:39:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://sistemasaf.com.br&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://sistemasaf.com.br&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP 104.17.209.240:0
GET /WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://sistemasaf.com.br&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sistemasaf.com.br
Connection: keep-alive
Referer: http://sistemasaf.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 05:39:23 GMT
content-type: application/json
cf-ray: 78d5f2e67d1bb523-OSL
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Wed, 19 Jan 2033 05:39:23 GMT
last-modified: Sun, 22 Jan 2023 05:39:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2