Report - data0sec1citizens.com/login.php

Report Overview

Submitted URL
data0sec1citizens.com/login.php
IP
35.230.17.127
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2022-11-12 21:35:14
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citizens Bank
Phishing - Citizens Bank

Detections

urlquery
21
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
smetrics.citizensbank.com	79873	2017-04-28T19:23:02Z	2023-03-07T08:48:45Z	546 B	910 B	15.236.176.210
cdn.glassboxcdn.com	11045	2017-08-10T20:05:54Z	2023-03-10T12:27:11Z	707 B	1.4 kB	104.18.14.22
va.v.liveperson.net	3906	2017-01-30T06:15:13Z	2023-03-10T13:07:59Z	764 B	1.2 kB	208.89.12.87
www4.citizensbankonline.com	159092	2015-07-16T17:40:11Z	2023-03-08T19:39:13Z	782 B	1.8 kB	104.110.3.220
cdn.appdynamics.com	3266	2017-01-26T21:49:30Z	2023-03-08T12:42:49Z	625 B	62 kB	54.230.111.24
dpm.demdex.net	204	2012-05-22T07:45:05Z	2023-03-10T05:16:09Z	2.2 kB	4.6 kB	34.242.116.160
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700 B	2.0 kB	54.230.245.39
udc-neb.kampyle.com	3039	2015-12-24T10:52:27Z	2023-03-10T12:26:57Z	2.0 kB	518 B	35.241.45.82
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	2.0 kB	4.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
report.citizen.glassboxdigital.io	69073	2020-07-14T15:57:28Z	2023-03-09T15:01:48Z	3.5 kB	4.4 kB	54.235.78.87
data0sec1citizens.com	unknown	2022-11-11T10:34:43Z	2022-11-13T14:23:11Z	2.9 kB	30 kB	35.230.17.127
nexus.ensighten.com	2786	2012-05-23T20:34:00Z	2023-03-10T12:55:53Z	2.1 kB	71 kB	54.230.111.63
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.4 kB	3.5 kB	23.36.77.32
www3.citizensbankonline.com	125923	2012-07-05T15:46:01Z	2023-03-07T08:48:57Z	10 kB	265 kB	104.110.3.220
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	54.148.17.90
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
ocsp.entrust.net	1208	2014-01-10T03:18:45Z	2023-03-10T05:15:17Z	1.7 kB	9.8 kB	104.110.10.32
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	51 kB	34.120.237.76
citizensbank.demdex.net	68781	2017-03-23T22:06:39Z	2023-03-07T08:48:58Z	496 B	3.4 kB	3.248.125.227
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T14:35:32Z	1.7 kB	4.8 kB	172.64.155.188
lptag.liveperson.net	3393	2012-08-02T18:15:51Z	2023-03-10T12:55:53Z	843 B	114 kB	178.249.101.23
nebula-cdn.kampyle.com	3739	2015-09-21T18:24:38Z	2023-03-09T21:23:49Z	1.1 kB	118 kB	151.101.85.175
cm.everesttech.net	996	2017-01-30T05:59:57Z	2023-03-10T06:01:28Z	431 B	475 B	34.249.11.23
ocsps.ssl.com	14517	2018-11-21T11:22:19Z	2023-03-10T08:14:50Z	337 B	2.2 kB	34.237.184.165
accdn.lpsnmedia.net	3410	2014-02-08T00:25:14Z	2023-03-10T13:07:56Z	1.4 kB	11 kB	178.249.101.99
lpcdn.lpsnmedia.net	3501	2014-04-27T12:17:58Z	2023-03-10T13:07:56Z	3.4 kB	333 kB	178.249.97.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-12	medium	data0sec1citizens.com/efs/efs/jsp-ns/pm_fp.js	Phishing
2022-11-12	medium	data0sec1citizens.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js	Phishing
2022-11-12	medium	data0sec1citizens.com/efs/efs/jsp-ns/scripts/common.js	Phishing
2022-11-12	medium	data0sec1citizens.com/content/930e113327rn2365aa3b7b98b0447e8d	Phishing
2022-11-12	medium	data0sec1citizens.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js	Phishing
2022-11-12	medium	data0sec1citizens.com/content/930e113327rn2365aa3b7b98b0447e8d	Phishing
2022-11-12	medium	data0sec1citizens.com/efs/efs/jsp-ns/scripts/common.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (39)

	URL	Size	First Seen	Last Seen
	nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js	105 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js IP 54.230.111.63 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 39bf7a3a8df0e7cc7aac36800368843a 208d3de80cede9f7234c1fe91c4a4f5d7ef8db3a ce6325f6f67fbf61b933fdc3ff94e1d1ae407d5fb100d75f01bdc6ec8ade9cc4 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 10:04:33 Times Seen37060274 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js	15 kB	2023-03-07	2024-04-24
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:49 Last Seen2024-04-24 16:21:44 Times Seen2856 Hash 42306a279a9e831515347ae319181cd1 d069641242e4fe1beb6de8f53a77dd964c98bce0 cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js	4.3 kB	2023-03-07	2024-04-09
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:12 Last Seen2024-04-09 04:55:43 Times Seen640 Hash b8a2edb156c147c3164f7faf6efc9f44 0b23deffad7cac9066bc216213b666ccbcb13279 babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5 Loading...

	citizensbank.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fdata0sec1citizens.com	6.7 kB	2023-03-07	2024-03-23
Pretty URL citizensbank.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fdata0sec1citizens.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549	7.9 kB	2023-03-07	2024-04-24
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-24 07:45:12 Times Seen365 Hash d53092c1d6e0a7a3d1bb802c67a6e1e9 2556ea4f15518fa36d0b92666e22ce28edec6745 0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js	93 kB	2023-03-07	2024-04-25
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:42 Last Seen2024-04-25 05:26:23 Times Seen447 Hash 663628f795cb62444143fde1ebdf2b5b 1ec97b491c8a1c72055bd635f0c8dd843cae43d6 aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801 Loading...

	data0sec1citizens.com/login.php	33 B	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen52 Hash 6abbcd946457998168ba6d439131e235 1d17c8ddac7abb2e14207b93cc3a8944044a3fa3 3d8de306ff5e9f5db214def3fb090fc9a8a37efc4117276a58b5ccd4eeb46017 Loading...

	data0sec1citizens.com/login.php	3.9 kB	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash 148c64d137f73878ebf0e770a496ec61 9c11df9ed3ecd282193a1571a7701b83f1cea663 de729accb6b0199ce0eccc94b41eace66d70c535c35a096f586f0db848108865 Loading...

	nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117	90 kB	2023-03-08	2023-04-02
Pretty URL nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 IP 54.230.111.63 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-04-02 21:34:08 Times Seen14 Hash 7f943d1386ac8d666a04c5f7c1aca6a2 e734405ada56e5593d28b1c99c5944241ae4ec28 3b531a8826aeb7dd365eb418b6aee5b8204f5e38c311f588ad75bbe7de570b16 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	4.8 kB	2023-03-11	2023-03-11
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:34:25 Last Seen2023-03-11 23:43:29 Times Seen1 Hash 7780b2b969f4397a8bee5b160ba635d6 aa01f8405f73abe2d434822ac0f95ecc6b6210fc 7d04f321456a00250fdbeace7b7efe652cea73a6a5ae06a83629d8f161cdb58d Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js	20 kB	2023-03-07	2024-02-14
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen91 Hash e3b11713a1b616fcac5f6c3b4b0b9e1b 82a8fc6f051d8b526d167ae7862efd2a2dab95e2 57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441 Loading...

	data0sec1citizens.com/login.php	158 B	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:00:58 Last Seen2024-02-14 12:12:56 Times Seen75 Hash d063dd0adcd30d7f7ad112d0da02babe 7ff2e92c27808292fc2d6a58632baa4d0a92ca9a b45d35ed1d2f794538ea853ff3d60ec817168ef505ad5462afe8a9236ecf539b Loading...

	nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909	28 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 IP 54.230.111.63 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 83105033d3f7f9905b026d4c409b655e b9c548527d700f4694956ef3f78f0eb7bcf24568 1b58da2beae29b1bd0013f8de492b624065c80e4c856a8888607b916ac9a2d2a Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549	40 kB	2023-03-08	2024-04-24
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:32:35 Last Seen2024-04-24 07:45:12 Times Seen485 Hash 0dfc7fa7d2051d776d5937b7a3a7c4dd e0548931c28581b7f1975bf8c2d8b03b94591b87 3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983 Loading...

	lptag.liveperson.net/tag/tag.js?site=89632304	22 kB	2023-03-07	2024-04-12
Pretty URL lptag.liveperson.net/tag/tag.js?site=89632304 IP 178.249.101.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen539 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	nebula-cdn.kampyle.com/wu/356861/onsite/embed.js	1.1 kB	2023-03-11	2023-03-11
Pretty URL nebula-cdn.kampyle.com/wu/356861/onsite/embed.js IP 151.101.85.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:39:21 Last Seen2023-03-11 11:34:25 Times Seen1 Hash 1730ecf01b05fd289f7de2c98e343d52 f6050e3b9f11e3cfe5c1c6ad52b6cc764857d01f 5f3f9071b268fcd24db5fdf26ebc81f23706fc77dc8a4dde7e8a819b40a558ff Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549	94 kB	2023-03-07	2024-04-24
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-24 07:45:12 Times Seen448 Hash d32e789b3183ed4536dc36e4cabf74ec 6b90b3e6dc44c30dcfa273e7c48d31ec00aac82b 5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB	6.9 kB	2023-03-07	2023-03-17
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2023-03-17 12:37:45 Times Seen1 Hash 0dc35ab59200eba2ac8dbe479dde0851 17a02389e4efc492f44443d33c7a04041177a82e 909957127d7134ea1ed1c005a622d937aa8aadff84d0b0a3b0e4ed8fcdec186e Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549	984 kB	2023-03-08	2023-07-23
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-07-23 21:43:58 Times Seen11 Hash 09fab59974228dd3746a95d0540621a6 c6481e3f91a22e047b5d134838c4daece1a2853b 6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331 Loading...

	data0sec1citizens.com/login.php	2.5 kB	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen50 Hash f922a60f645c94205e1f6e9d5e2cdccb 2e93f37ce5a8eb54dd6e4ad278c81bb26dc7a2a2 cfa7d7b285a70329eebf9b81537fa0baf56fe330fdcca07676e56cdba803ff30 Loading...

	data0sec1citizens.com/login.php	138 B	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash e2d3b0bd12282cea9200f36be44b4f14 bf32cee71e578707194ab684a887709881585ccc 411d2d562326e1db3612706ee2907e6271e1443784ada6c347402120d3558d78 Loading...

	data0sec1citizens.com/login.php	606 B	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash dd23a19bc0a3ee76846efae627d939c1 6e62c6ee934439860343c8ce77e52bb4bea94b23 8f79346ad4fce32e9971e590ec9c76d8979f72971051fb4ff37a1e6b6acb56f4 Loading...

	lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3	295 kB	2023-03-11	2023-03-11
Pretty URL lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 IP 178.249.101.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:34:25 Last Seen2023-03-11 11:34:25 Times Seen1 Hash 51c7cc6973bf9d2c7af7d072886f1fd6 97e3d1641ac2479391da2ba7019440a3457d3f94 b3420cb34efa1ddc330575fbb32b9ff351dfa7a3596340b17f46c7311122a936 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&env=prod&isCrossDomain=true	39 kB	2023-03-07	2024-03-12
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&env=prod&isCrossDomain=true IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-03-12 06:48:19 Times Seen234 Hash a3a38a5d6888ddc1831a811e9d428c77 2ca5b076aea8b4c6ff7ad1873de4ade91d66511f d4676cbbadec76c9f89f5b771a7f4927d544b4d76801e40e9957493e038e0db4 Loading...

	va.v.liveperson.net/api/js/89632304?&cb=lpCb41404x67399&t=sp&ts=1668288905278&pid=7929688547&tid=7647744142&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ea1c4651-1292-4ee5-9c46-511292bee565%22%2C%22account%22%3A%2289632304%22%7D%5D	248 B	2023-03-11	2023-03-11
Pretty URL va.v.liveperson.net/api/js/89632304?&cb=lpCb41404x67399&t=sp&ts=1668288905278&pid=7929688547&tid=7647744142&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ea1c4651-1292-4ee5-9c46-511292bee565%22%2C%22account%22%3A%2289632304%22%7D%5D IP 208.89.12.87 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:34:25 Last Seen2023-03-11 11:34:25 Times Seen1 Hash 8e49a714def6cd53544925466c204eac 770ba671710212d6b064795afcd918158ece8944 315018cddaf59f77fe99e272d6acc9707e3bfc33c5acdb5df58596d3d1203db5 Loading...

	data0sec1citizens.com/login.php	958 B	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen50 Hash af8a93628974f148067d327996088187 e716dcf0ef564b89f66a8732d10f826e3d11385f f43724e4ca408137c9b50930a5416481dde13a65dfbce942a85d27f09c660ba2 Loading...

	data0sec1citizens.com/login.php	147 B	2023-03-07	2024-02-14
Pretty URL data0sec1citizens.com/login.php IP 35.230.17.127 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash 4455727e85ed6be9deb3422e34ea2129 30f51ab43939efd904518cf3e0bcbd961245fc4d bbb46962b6f3dc24db2df9f8747abee8bed42adea34cb385ff012131b81c7ff5 Loading...

	nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php	397 B	2023-03-11	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php IP 54.230.111.63 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:34:25 Last Seen2023-03-11 11:34:25 Times Seen1 Hash c55f5455e8674cd18963e6e48f080e6c 79ab762211fe9af48b403b48a7ee15bbefcd6b47 6884d30ec36660ac73b6e29a224e133f8eaa91048dc800286707a4c8592620d6 Loading...

	cdn.appdynamics.com/adrum/adrum-latest.js?	111 kB	2023-03-07	2024-02-27
Pretty URL cdn.appdynamics.com/adrum/adrum-latest.js? IP 54.230.111.24 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:55:15 Last Seen2024-02-27 00:41:08 Times Seen22 Hash deff3987ae725d726c0db6711bd5736f 0501d79c468f185c63590ac3c1a4918db7804d10 a4ea3de02f4ec1874478b152a09b89aecc2fc4f63ae2a4208ee8fb6585cebb11 Loading...

	nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js	810 kB	2023-03-11	2023-03-11
Pretty URL nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js IP 151.101.85.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:39:21 Last Seen2023-03-11 11:34:25 Times Seen1 Hash 65202b7b4db96fe4ceef7d02ed3f1884 6b733c5ae2d5b3e5f1596c9e3a9bff54529740f0 8e516922d2a3818b9051e2407f9e4ef79268a5a0dc50a0426591e6b2f3daf6b3 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&force=1&env=prod&isCrossDomain=true	38 kB	2023-03-08	2023-05-14
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&force=1&env=prod&isCrossDomain=true IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-05-14 04:54:44 Times Seen42 Hash b56f93ab24c5150fa2ac4d7bf2ba02a7 0f896104da3f556119616da6ad0484c28f4f9395 a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04 Loading...

	va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1668288905300&loc=http%3A%2F%2Fdata0sec1citizens.com	11 kB	2023-03-07	2024-01-24
Pretty URL va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1668288905300&loc=http%3A%2F%2Fdata0sec1citizens.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:29 Last Seen2024-01-24 23:53:16 Times Seen76 Hash 684a1d2bbad42091bd0b0f0e93b4789c d3b36b031484bebf727128400274618226131a37 7271e3119ee8205a39f0c06adafde464aa535e02519a0884296950aede89f177 Loading...

	cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js	54 kB	2023-03-07	2024-02-27
Pretty URL cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js IP 54.230.111.24 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:55:15 Last Seen2024-02-27 00:41:08 Times Seen30 Hash 2f00c36a98a61ed5bacde3c5ad0a3efe b6fcd72181d79a4225bb7cd4288260fa9aa44624 9b0f859e5508780a810e47e772554395a5d2ae5e679c338df1b6cd600d69dad2 Loading...

	cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?	373 kB	2023-03-07	2023-03-17
Pretty URL cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js? IP 104.18.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2023-03-17 12:37:45 Times Seen1 Hash 845173368b011e7fa14658b57426fe09 e848d5550ae3d080f6d17dcb7bb9bda7f30e0f35 539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb11628x94133	748 B	2023-03-11	2023-03-11
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb11628x94133 IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:34:25 Last Seen2023-03-11 11:34:25 Times Seen1 Hash a752481b1e31942504f1a4452269d704 2a8405ac42d5deb5bd6f1104d31f362e9bcd7e14 04d2b1e513fd29566de5a7191de2f7a8b2a98fdb53e99634db31a8621ad5daa8 Loading...

	va.v.liveperson.net/api/js/89632304?sid=nm7mRpNTQxWPpKEApoSlbg&cb=lpCb71464x57322&t=pl&ts=1668288906324&pid=7929688547&tid=7647744142&vid=I5YmI4MGIyN2M1MTFhMjIx	111 B	2023-03-11	2023-03-11
Pretty URL va.v.liveperson.net/api/js/89632304?sid=nm7mRpNTQxWPpKEApoSlbg&cb=lpCb71464x57322&t=pl&ts=1668288906324&pid=7929688547&tid=7647744142&vid=I5YmI4MGIyN2M1MTFhMjIx IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:34:25 Last Seen2023-03-11 11:34:25 Times Seen1 Hash a4fd51deda6c5870a4516e3cd9c69935 a4fc7eb09e991004217fcf65a5085277ec7eb042 c324ddab2e54f2fe6f0abcbf3cb959c0b5cb74da73b181aba38ab33f4cca45cf Loading...

		Size	First Seen	Last Seen
	#1 Eval - fa28bae7148454e1f6d8052e5c403243	84 kB	2023-03-07	2023-04-18
Pretty Observations First Seen2023-03-07 17:55:22 Last Seen2023-04-18 20:43:16 Times Seen32 Hash fa28bae7148454e1f6d8052e5c403243 a168b44f58bbf9c1ae68e5415d55749e810a9e02 594eaf3a5ff472b716d25d866978e1b336decf1d6efe6923a65b4627fa8e2d6b Loading...

		Size	First Seen	Last Seen
	#1 Write - 7a09c7092e8f36a0dc39b789b49dcf62	102 B	2023-03-07	2024-02-14
Pretty Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen52 Hash 7a09c7092e8f36a0dc39b789b49dcf62 97a3667b625bf026f5f16bc2fa33affaefd47a5b 8703c94f4b4a9f3c9274d316563d3edaf890f903523a5ccc7fab8488d6684d79 Loading...

HTTP Transactions (104)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15881
Expires: Sun, 13 Nov 2022 01:59:44 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
de470c6bab46e7c4b7cc69f392900fe7
189e4dcc4c2b8bf1f050e06bd68bce8a99618918
86f57134ddebd23a25615dc4d59c4b1ca8919e3e0495e1f006cbe7c0f39aa27e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1809
Cache-Control: max-age=134781
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 21:35:03 GMT
Etag: "636f75f3-1d7"
Expires: Mon, 14 Nov 2022 11:01:24 GMT
Last-Modified: Sat, 12 Nov 2022 10:31:15 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2980
Expires: Sat, 12 Nov 2022 22:24:43 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 20:44:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3060
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: v/qrMPkaEsNqX5baoY3Wq1Mo2n7ovXUoyEt1RXsIteXIMOxb1ApEv5fzZCQnG05icQtvpxGvzHM=
x-amz-request-id: 17PTNYMAF625R1Z0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 21:13:08 GMT
age: 1315
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 21:35:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

data0sec1citizens.com/login.php

35.230.17.127

200 OK

26 kB

URL HTTP/1.1
data0sec1citizens.com/login.php
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672), with CRLF line terminators
Size
26 kB (26142 bytes)
Hash
b27bd01402693bedb7107dec85a3f2df
0129e5275b6bbdd6355d291eaebc22e6da532c41
bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /login.php HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:03 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

54.230.111.63

200 OK

32 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
IP
54.230.111.63:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (594)
Size
32 kB (32212 bytes)
Hash
f3d0583a90191a6f465c09fe2afd4e46
7b0f701824dc9f5286dc06186e260bcc03d1f980
70dab6777acd9b32b462dceae9e949e58e860162136f505b95f7333b9ce25862

HTTP Headers

GET /citizensbank/olbprod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 01 Nov 2022 00:57:32 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:22 GMT
ETag: W/"39bf7a3a8df0e7cc7aac36800368843a"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=300
x-amz-version-id: n.3u3tglJzlUidakqrAu0WJ9p85U4QzX
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pWZAq-L_IqYprGHMo_jz04w7qzSbH8upQZ5t_pD59b-rzOklPEmUXg==
Age: 1024652

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
329948816bcdf8b2d9011e244bc44656
24a058ee4bbd494da60b1bc8e5cd6b17ea0f78c6
6a6ccf83221b9838bc140017b15773f78bcfb519a7c48ece81e9ce5525ca419c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "6A6CCF83221B9838BC140017B15773F78BCFB519A7C48ECE81E9CE5525CA419C"
Last-Modified: Sat, 12 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=340
Expires: Sat, 12 Nov 2022 21:40:43 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
329948816bcdf8b2d9011e244bc44656
24a058ee4bbd494da60b1bc8e5cd6b17ea0f78c6
6a6ccf83221b9838bc140017b15773f78bcfb519a7c48ece81e9ce5525ca419c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "6A6CCF83221B9838BC140017B15773F78BCFB519A7C48ECE81E9CE5525CA419C"
Last-Modified: Sat, 12 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=264
Expires: Sat, 12 Nov 2022 21:39:27 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
329948816bcdf8b2d9011e244bc44656
24a058ee4bbd494da60b1bc8e5cd6b17ea0f78c6
6a6ccf83221b9838bc140017b15773f78bcfb519a7c48ece81e9ce5525ca419c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "6A6CCF83221B9838BC140017B15773F78BCFB519A7C48ECE81E9CE5525CA419C"
Last-Modified: Sat, 12 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=340
Expires: Sat, 12 Nov 2022 21:40:43 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
329948816bcdf8b2d9011e244bc44656
24a058ee4bbd494da60b1bc8e5cd6b17ea0f78c6
6a6ccf83221b9838bc140017b15773f78bcfb519a7c48ece81e9ce5525ca419c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "6A6CCF83221B9838BC140017B15773F78BCFB519A7C48ECE81E9CE5525CA419C"
Last-Modified: Sat, 12 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=264
Expires: Sat, 12 Nov 2022 21:39:27 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
329948816bcdf8b2d9011e244bc44656
24a058ee4bbd494da60b1bc8e5cd6b17ea0f78c6
6a6ccf83221b9838bc140017b15773f78bcfb519a7c48ece81e9ce5525ca419c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "6A6CCF83221B9838BC140017B15773F78BCFB519A7C48ECE81E9CE5525CA419C"
Last-Modified: Sat, 12 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=340
Expires: Sat, 12 Nov 2022 21:40:43 GMT
Date: Sat, 12 Nov 2022 21:35:03 GMT
Connection: keep-alive

data0sec1citizens.com/efs/efs/jsp-ns/pm_fp.js

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/efs/efs/jsp-ns/pm_fp.js
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:03 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

104.110.3.220

200 OK

3.1 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (17412)
Size
3.1 kB (3118 bytes)
Hash
ac9a70a6f100c02749dfadb709b6eadf
69906e55ace36c217a52d428029a3c71dc16a7e4
466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5e885b034f92d"
last-modified: Wed, 09 Nov 2022 07:16:49 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=685
x-olb-req-received: t=1667964830840069
content-length: 3118
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www4.citizensbankonline.com/akam/11/7c3ed55c

104.110.3.220

404 Not Found

9 B

URL HTTP/2
www4.citizensbankonline.com/akam/11/7c3ed55c
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 12 Nov 2022 21:35:03 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=BC87466678466666AC13096973D7FEB6~000000000000000000000000000000~YAAQnE8kF0XwoD6EAQAA9XrEbRHrjGjJKiOeLfMCE8FzRPPqRWTIIrKQZLxzfiMW86kAgza2QGpXlMMfA63gjZlWQucE1CAAQUv/DCNUSe1xN9Xsp6UsbwMxT6z8tyl+9G0e8ybkyJEouLK0VegXj13UiBpayPAjh+eUhln5DBFz/l5KK+95VkmqTTc9i/8kXv54tn/yubNra2OlsKx+bjL9e+rGa+fHX/HgI0q71tj/uRvHeTt08yFQUM6sFjC3v6n86BXi+ApqrKMSOwpdOdRAWWpV1yKcZsKnoo/k9sydxgW3jcM3DnwIOSoOmVNugN0BQzW69Zz5Y73gp3cOVTPRLpOXASc4/0mDG+/Ep4RlckwggcKiVzdIgrUw0jdIhLiaBt4ToQ9xZY3yIkRxPvBkajp9; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 12 Nov 2022 23:35:03 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Last-Modified, ETag, Alert, Backoff, Content-Type, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 21:25:00 GMT
cache-control: public,max-age=3600
age: 603
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

104.110.3.220

200 OK

4.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
4.0 kB (3967 bytes)
Hash
cc2102df58511c9a2653b1dff48ca8d7
64790e6adff6768178ab7d0ad9a4fbc2849b81f2
b9abbff7d9e75763790fd3b291f21525fe85583b397fe5f4b260bc99ff48aab7

HTTP Headers

GET /efs/efs/jsp-ns/scripts/main.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4c03-5e885b034c66a"
last-modified: Wed, 09 Nov 2022 05:41:04 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=773
x-olb-req-received: t=1667964838435688
content-length: 3967
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

104.110.3.220

200 OK

1.4 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (4237)
Size
1.4 kB (1394 bytes)
Hash
f42064b9d324029ba5cb5afccc50b641
3993f47a728f00ee410a143361ab33b0339455f7
b02a1a4d60ab1f5c740784e9a27a7f0a85178466573fb29fb0bd7afdccf7b5f0

HTTP Headers

GET /efs/efs/jsp-ns/scripts/placeholders.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "10aa-5e885b034ca52"
last-modified: Wed, 09 Nov 2022 03:53:17 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=390
x-olb-req-received: t=1667964830887573
content-length: 1394
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

104.110.3.220

200 OK

10 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
10 kB (10382 bytes)
Hash
e8a5a242bcaea8c7314ccbb04612d922
101e2286a81e108dd00c618032d793b2dc5366b3
8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5e885b034be9a"
last-modified: Wed, 09 Nov 2022 09:47:06 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2281
x-olb-req-received: t=1667964832931185
content-length: 10382
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

104.110.3.220

200 OK

2.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
2.0 kB (1975 bytes)
Hash
07507f946ee4b2b9d4affc283b431119
00218cebeb305b00ae4ef74e4a67957d3c43e6f2
44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5e885b034aefa"
last-modified: Wed, 09 Nov 2022 06:55:54 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=556
x-olb-req-received: t=1667964825973042
content-length: 1975
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

104.110.3.220

200 OK

1.2 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.2 kB (1227 bytes)
Hash
e9404d7ddc1ef0b93851879620bfea8a
69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5e885b034aefa"
last-modified: Wed, 09 Nov 2022 03:53:09 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=422
x-olb-req-received: t=1667964827337764
content-length: 1227
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

104.110.3.220

200 OK

5.5 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
HTML document, ASCII text, with very long lines (14756)
Size
5.5 kB (5535 bytes)
Hash
088d590db53a3ede82a998537283c75d
87ed57fd5e2a623f35f80a3684c2de916ce4e2f8
d45c62a7108121887dc8866d445dde985d96b82143b3da2c9068e32caf316db4

HTTP Headers

GET /efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "3c36-5e885b034ca52"
last-modified: Wed, 09 Nov 2022 07:30:21 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=809
x-olb-req-received: t=1667964828241707
content-length: 5535
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

104.110.3.220

200 OK

2.3 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
2.3 kB (2300 bytes)
Hash
0a445a15e0f09a7738952731fdf3fe9d
3d4cef20189303cc4f24c27da1b8d2043e700cea
173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5e885b034f92d"
last-modified: Wed, 09 Nov 2022 08:40:59 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=539
x-olb-req-received: t=1667964853569988
content-length: 2300
cache-control: max-age=37179
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

104.110.3.220

200 OK

39 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
39 kB (38875 bytes)
Hash
2940c843ff15ab8e9f02511625f33e57
98ccd0fb1d60770a1aadf90d41daa49cab543cb3
4aed3165815cc1806999483e40a47863accf1cead25769de0162921f2f590298

HTTP Headers

GET /efs/efs/jsp-ns/scripts/plugins.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "31d24-5e885b034ca52"
last-modified: Fri, 11 Nov 2022 20:59:20 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=8334
x-olb-req-received: t=1667964826025958
content-length: 38875
cache-control: max-age=24100
expires: Sun, 13 Nov 2022 04:16:43 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

104.110.3.220

200 OK

5.3 kB

URL HTTP/2
www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5277 bytes)
Hash
beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

HTTP Headers

GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 02:04:01 GMT
etag: "149d-5e849138ad893"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1667964838661907
x-olb-req-duration: D=153
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280764
expires: Wed, 16 Nov 2022 03:34:27 GMT
date: Sat, 12 Nov 2022 21:35:03 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

data0sec1citizens.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:03 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

data0sec1citizens.com/efs/efs/jsp-ns/scripts/common.js

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/efs/efs/jsp-ns/scripts/common.js
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:03 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

104.110.3.220

200 OK

32 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Size
32 kB (31968 bytes)
Hash
d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "7ce0-5e885b034bab2"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1667964833730369
x-olb-req-duration: D=212
access-control-allow-origin: *
cache-control: max-age=280648
expires: Wed, 16 Nov 2022 03:32:32 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

data0sec1citizens.com/content/930e113327rn2365aa3b7b98b0447e8d

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/content/930e113327rn2365aa3b7b98b0447e8d
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:04 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

104.110.3.220

200 OK

29 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32089)
Size
29 kB (29409 bytes)
Hash
82481a92ac472d179954d66e38f72d07
ea65071dbc1ab11ed29e76bdd30eabbe6cdbc3ec
c8e2e6f9e0e01dcfec7f2633efdd7f8f9d78ba3920e86a0d1231f487928b5fe4

HTTP Headers

GET /efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "169d6-5e885b034fd15"
last-modified: Wed, 09 Nov 2022 05:03:44 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=4685
x-olb-req-received: t=1667969896871769
content-length: 29409
cache-control: max-age=37178
expires: Sun, 13 Nov 2022 07:54:42 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/js/tealeaf.js

104.110.3.220

404 Not Found

9.9 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
9.9 kB (9934 bytes)
Hash
7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411

HTTP Headers

GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:35:21 GMT
etag: "26ce-5c06931abe040"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1668288904068547
x-olb-req-duration: D=217
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=835
expires: Sat, 12 Nov 2022 21:48:59 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=192, origin; dur=85
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=3D8F9C309E167C3E52305C07D61632C2~000000000000000000000000000000~YAAQnE8kF0jwoD6EAQAA43vEbRGyJplADLpSL28XeGn3xxrZWq1HxJkMdi6TXA/tRNg7ot8uAJKIxGe+tlHt1OqjYqspTchibbFqoO9nGJiP2LhgDd6yORyxbsG4qPH+h0svc6S58B4jL1xfHip+UkV6IUMNViJlga664Sil+n7zooVhIjL5NKEtzRs3Gqy4kbWdmyjYtQZkY08tpoFPe4hh6cj28llkaHJy0hwrAyR/m56bn8e5jgOOmLbtXEQquJ+Xs99r9HTUpuCc4En2Ulm55ruSKGgQXJcDf/BDqoabjCN0zNPV1U/PTazqOYVXmhB/cAjgV/RaWYz1d7PCoryKvTFKA/MBQTLl1d8WvMUx3IAyw5gQx3Ozlv98rNdJyfPEYhEY+GG1e/ICv9uKaCZbbkLd; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 12 Nov 2022 23:35:03 GMT; Max-Age=7199; HttpOnly
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ae51f1958554de4457c22a7d5a9ba8b6
173e90a8c6ee36b7ec569dbea47436a90d7e7c76
dc43a04e1e26243f63a8e628f2ebcb23a9527fd4bc40dc6d1d61879b0f95bb21

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3899
Cache-Control: max-age=131807
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 21:35:04 GMT
Etag: "636f622c-1d7"
Expires: Mon, 14 Nov 2022 10:11:51 GMT
Last-Modified: Sat, 12 Nov 2022 09:06:52 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

www4.citizensbankonline.com/akam/11/7c3ed55c

104.110.3.220

404 Not Found

9 B

URL HTTP/2
www4.citizensbankonline.com/akam/11/7c3ed55c
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 12 Nov 2022 21:35:04 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=83C4C9249DA1EAE8A3DAF52E1A199CE9~000000000000000000000000000000~YAAQnE8kF0nwoD6EAQAA83vEbRGhxlbjWl2c11+6AZglpccR5ICWzUjb96kWhz44f7g/2bLlmjg/H/rOaNRVd0Bp4JjN7Ab/wpQVVEX3Japp6slav0u7CGm7YUfVs6XcnrThdFgJR7PHMN2zQURGiagp+YjJ5NaCesfd9MNJ3tUyqFr9oX+l5r2ElUzsoCMUsRJhpvw8SmDG5406MMiQpz5TE83YpKEdoxKrpk+VIXH8d9KY92pauCgaO24a5vg5THATaOWjXQi9lQTVLZWNHzqSsP9AgeSb0WcqUx4/JUS506L3yCGrtxYS1qwXKQJFQ0XjXlAb34ckDRLV/nThJFrlzTibVivZh/XQjUItvGMNTloIQp2T+UaRindiLrp/OmqH2str2ixHjyZthJbskCjKVAow; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 12 Nov 2022 23:35:04 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

104.110.3.220

200 OK

292 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
292 B (292 bytes)
Hash
18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cbd9f7"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1667964871697731
x-olb-req-duration: D=172
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280785
expires: Wed, 16 Nov 2022 03:34:49 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

104.110.3.220

200 OK

364 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbd78f"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1667964872205162
x-olb-req-duration: D=107
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280836
expires: Wed, 16 Nov 2022 03:35:40 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

104.110.3.220

200 OK

1.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1017 bytes)
Hash
e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1667964878420358
x-olb-req-duration: D=149
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280710
expires: Wed, 16 Nov 2022 03:33:34 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

104.110.3.220

200 OK

1.1 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1054 bytes)
Hash
dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d20"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1667964872007177
x-olb-req-duration: D=188
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280735
expires: Wed, 16 Nov 2022 03:33:59 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

104.110.3.220

200 OK

165 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
165 B (165 bytes)
Hash
1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5357"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1667964931005444
x-olb-req-duration: D=206
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280782
expires: Wed, 16 Nov 2022 03:34:46 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

104.110.3.220

200 OK

18 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Size
18 kB (18524 bytes)
Hash
022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "485c-5e885b034efbf"
accept-ranges: bytes
content-length: 18524
x-olb-req-received: t=1667964833795856
x-olb-req-duration: D=224
access-control-allow-origin: *
cache-control: max-age=280680
expires: Wed, 16 Nov 2022 03:33:04 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

104.110.3.220

200 OK

32 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Size
32 kB (31864 bytes)
Hash
0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "7c78-5e885b034b2e2"
accept-ranges: bytes
content-length: 31864
x-olb-req-received: t=1667964827061976
x-olb-req-duration: D=211
access-control-allow-origin: *
cache-control: max-age=280718
expires: Wed, 16 Nov 2022 03:33:42 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

104.110.3.220

200 OK

28 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "6ccc-5e885b034f78f"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1667964833821295
x-olb-req-duration: D=213
access-control-allow-origin: *
cache-control: max-age=280792
expires: Wed, 16 Nov 2022 03:34:56 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

data0sec1citizens.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19309%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:04 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

push.services.mozilla.com/

54.148.17.90

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.17.90:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bLuyW75anDvjSpWiZGgAZw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KOwsl/3dbdLLBYTBr3nZjn22aQU=

data0sec1citizens.com/content/930e113327rn2365aa3b7b98b0447e8d

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/content/930e113327rn2365aa3b7b98b0447e8d
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19309%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:04 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

data0sec1citizens.com/efs/efs/jsp-ns/scripts/common.js

35.230.17.127

404 Not Found

315 B

URL HTTP/1.1
data0sec1citizens.com/efs/efs/jsp-ns/scripts/common.js
IP
35.230.17.127:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: data0sec1citizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/login.php
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19309%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 21:35:04 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png

104.110.3.220

200 OK

14 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13907 bytes)
Hash
172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "3653-5e885b03510a1"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1667964838562670
x-olb-req-duration: D=219
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280597
expires: Wed, 16 Nov 2022 03:31:41 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png

104.110.3.220

200 OK

11 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10871 bytes)
Hash
f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank

HTTP Headers

GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "2a77-5e885b03510a1"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1667964837864157
x-olb-req-duration: D=216
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=280675
expires: Wed, 16 Nov 2022 03:32:59 GMT
date: Sat, 12 Nov 2022 21:35:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php

54.230.111.63

200 OK

397 B

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php
IP
54.230.111.63:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (396)
Size
397 B (397 bytes)
Hash
c55f5455e8674cd18963e6e48f080e6c
79ab762211fe9af48b403b48a7ee15bbefcd6b47
6884d30ec36660ac73b6e29a224e133f8eaa91048dc800286707a4c8592620d6

HTTP Headers

GET /citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 397
Connection: keep-alive
Server: nginx
Date: Sat, 12 Nov 2022 21:35:04 GMT
Expires: Sat, 12 Nov 2022 21:35:03 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JmcP5r_dkJ8q7st9JuuTK4fWSXOZfXiUnhECljv75cjJv9XlSDhO1w==

nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117

54.230.111.63

200 OK

31 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
IP
54.230.111.63:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1970)
Size
31 kB (30938 bytes)
Hash
34f63aa6e4743a84c6eb80a979608c1f
c711ff2df3f3c065ebd2b7bbdf573f836205ce07
beae3e6f185cb159d1f6f4c6424997644dc3dbe35047c2cefe54515e4591fdc4

HTTP Headers

GET /citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 12 Oct 2022 04:36:40 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 04:24:01 GMT
ETag: W/"7f943d1386ac8d666a04c5f7c1aca6a2"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: 7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ubsWnmMYAZZXWmKXJHDDKg0cQi5Oia4cPGT6wT-yo7iOIjJwo4SiqQ==
Age: 2739505

nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909

54.230.111.63

200 OK

4.5 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
IP
54.230.111.63:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (564)
Size
4.5 kB (4511 bytes)
Hash
4eee113a2cbdf5637739f6a81b76e867
ca348fd2104cca87655b1b8e628cedf28ab602c7
4f07acd76593e8e79d3b728d040920b09dd91517601cfd7b082694db3ba4a450

HTTP Headers

GET /citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 01:28:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:21 GMT
ETag: W/"83105033d3f7f9905b026d4c409b655e"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: UC6_GkBHShiJU9saRInmbngEX7lPiXpp
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mKTwnh3RHWvUsodFa7MYlh305DjaofhXa_aKfGIx_RvxUfSq2hqc8Q==
Age: 763598

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a9c2a1faaa150c9699e30f31c2237fa9
abb7a58a099ee62d7472a6f7a7406c357e18195b
59a99c013350246807127b1cd469816d4ecf9267aa8701e18d9fc9ad8520239b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5092
Cache-Control: max-age=122203
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 21:35:04 GMT
Etag: "636f37ff-1d7"
Expires: Mon, 14 Nov 2022 07:31:47 GMT
Last-Modified: Sat, 12 Nov 2022 06:06:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

nexus.ensighten.com/error/e.gif?msg=window.waitForGlobal%20is%20not%20a%20function&lnn=90&fn=http%3A%2F%2Fnexus.ensighten.com%2Fcitizensbank%2Folbprod%2FBootstrap.js&cid=397&client=citizensbank&publishPath=olbprod&rid=3786692&did=697189&errorName=TypeError

54.230.111.63

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/error/e.gif?msg=window.waitForGlobal%20is%20not%20a%20function&lnn=90&fn=http%3A%2F%2Fnexus.ensighten.com%2Fcitizensbank%2Folbprod%2FBootstrap.js&cid=397&client=citizensbank&publishPath=olbprod&rid=3786692&did=697189&errorName=TypeError
IP
54.230.111.63:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=window.waitForGlobal%20is%20not%20a%20function&lnn=90&fn=http%3A%2F%2Fnexus.ensighten.com%2Fcitizensbank%2Folbprod%2FBootstrap.js&cid=397&client=citizensbank&publishPath=olbprod&rid=3786692&did=697189&errorName=TypeError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Sat, 12 Nov 2022 00:20:36 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8kYaTVD3ae_BzvxrQzQbxCg9Q9Cc8ULj8OHM82DLNe0RlibIt01Pcg==
Age: 76468

cdn.appdynamics.com/adrum/adrum-latest.js?

54.230.111.24

200 OK

40 kB

URL HTTP/1.1
cdn.appdynamics.com/adrum/adrum-latest.js?
IP
54.230.111.24:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (644)
Size
40 kB (40203 bytes)
Hash
cd86db0f552897dc33e8433d0cf9bad2
676df314ca85d1418ffb110f3979c31281da027d
fd30f76d2b4bebd4b4bd680793a8a993b46a15808c0cea0533e629fc2990889f

HTTP Headers

GET /adrum/adrum-latest.js? HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 06:21:09 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:13 GMT
ETag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xGqfnSBxUn-7DaMZmGxeOb7igobOfmE7TN262uqy-W5Wxq8_35_iqw==
Age: 746035

dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949

34.242.116.160

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949
IP
34.242.116.160:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://data0sec1citizens.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-071cdea73.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=75221920452608204454555859053225895878; Max-Age=15552000; Expires=Thu, 11 May 2023 21:35:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: /EKQu2cDSc4=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949

34.242.116.160

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949
IP
34.242.116.160:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1668288902949 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://data0sec1citizens.com
Content-Type: application/x-www-form-urlencoded
Referer: http://data0sec1citizens.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://data0sec1citizens.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-00c503e2b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: ECbieHdxRGE=
Content-Length: 124
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4d12f6d77986d4be98f14f1bd243e042
163ebeb4d5c6c25df94e5e269d9b642e038f1bb9
15fc476dbba42d8e8920110582aaba76a0da4d733d4eef298e0c3cfd8dce5125

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 12 Nov 2022 15:43:26 GMT
Expires: Sat, 19 Nov 2022 15:43:25 GMT
Etag: "163ebeb4d5c6c25df94e5e269d9b642e038f1bb9"
Cache-Control: max-age=583100,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76926536bc78b50c-OSL

lptag.liveperson.net/tag/tag.js?site=89632304

178.249.101.23

200 OK

7.6 kB

URL HTTP/2
lptag.liveperson.net/tag/tag.js?site=89632304
IP
178.249.101.23:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (21652), with no line terminators
Size
7.6 kB (7567 bytes)
Hash
6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd

HTTP Headers

GET /tag/tag.js?site=89632304 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:04 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
daab5c26b5bfed32fa71ff928a2361a8
0ac33e495c73039a85d1871d69b339650de7f061
7af5049d94ff851dd58ddee81dce8ee6b7ca9056fe70d613f7ed7cf05ff6f3b0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=96618
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 21:35:04 GMT
Etag: "636ee7f2-1d7"
Expires: Mon, 14 Nov 2022 00:25:22 GMT
Last-Modified: Sat, 12 Nov 2022 00:25:22 GMT
Server: nginx
Content-Length: 471

cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js

54.230.111.24

200 OK

20 kB

URL HTTP/1.1
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP
54.230.111.24:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (574)
Size
20 kB (20314 bytes)
Hash
cca1b9c013b93bd73bf4f55b122ba8db
ed011720d910a5b69db06ebaabcd95d013255752
d5ef573c9770681c3a75ec78445d0c785ca6659a0cf25f145ddfbae414b0b77a

HTTP Headers

GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:12 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
timing-allow-origin: *
Content-Encoding: gzip
Date: Wed, 09 Nov 2022 18:27:39 GMT
Cache-Control: public, max-age=2678400, s-max-age=14400
ETag: W/"6317b608-d132"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tItkwrvMR8FVyUQeRulxIBJo5Ljm0EIN09klPjImPd4VOx6KOrTLHQ==
Age: 270446

smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1668288903983

15.236.176.210

200 OK

48 B

URL HTTP/2
smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1668288903983
IP
15.236.176.210:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
4b2c9d700752f87d7d5ba8d6c9971aba
7cd9e571a32e438ba48676fedda3f73eb99cf9b1
99e231ea80b1f75d44bad54b1d47802868875d0596a384a256bd7e4a4689c4ee

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1668288903983 HTTP/1.1
Host: smetrics.citizensbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://data0sec1citizens.com
access-control-allow-credentials: true
date: Sat, 12 Nov 2022 21:35:05 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=0%7CMCMID%7C49250933299451177861261078146025798946; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Mon, 11 Nov 2024 21:35:35 GMT;
s_ecid=MCMID%7C49250933299451177861261078146025798946; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Mon, 11 Nov 2024 21:35:35 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?

104.18.14.22

301 Moved Permanently

167 B

URL HTTP/1.1
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP
104.18.14.22:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 301 Moved Permanently
Date: Sat, 12 Nov 2022 21:35:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
X-Cache: Redirect from cloudfront
Via: 1.1 917c6054ae6e10a98fc566c655129e8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 5zK9lzoNWGphULIZ5dHiU90PnlSBrZVO2IEpJR_tOebQ5lIvD62BxQ==
CF-Cache-Status: HIT
Age: 5726
Expires: Sun, 13 Nov 2022 01:35:05 GMT
Cache-Control: public, max-age=14400
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 769265387e650b4d-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
6d5e96af8a6813b962f28ea00ac42fa1
f989f9d0e9f50d4fb2149f0e752f27b3392c60b7
c17b2ec1cf7e974a9587ee681a2c8630afd31274ed193b103fbae962bea8eb54

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5974
Cache-Control: max-age=170968
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 21:35:05 GMT
Etag: "636ff30c-118"
Expires: Mon, 14 Nov 2022 21:04:33 GMT
Last-Modified: Sat, 12 Nov 2022 19:25:00 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=49250933299451177861261078146025798946&ts=1668288904179

34.242.116.160

200 OK

1.3 kB

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=49250933299451177861261078146025798946&ts=1668288904179
IP
34.242.116.160:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (3749), with no line terminators
Size
1.3 kB (1314 bytes)
Hash
1a8d5ab0bbdcab4b27ed25f40aa0f74f
c57b46bfc170673d3f2599eed0d1107ef6d564a1
93a37c52f9742adf38035e82f0ec358c2afbd7d8f9d13b6ad0dd181ae232a36f

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=49250933299451177861261078146025798946&ts=1668288904179 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://data0sec1citizens.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-061dae83e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=49241954820268181091265243343037449029; Max-Age=15552000; Expires=Thu, 11 May 2023 21:35:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: i5BuKb8XRcc=
Content-Length: 1314
Connection: keep-alive

nebula-cdn.kampyle.com/wu/356861/onsite/embed.js

151.101.85.175

200 OK

518 B

URL HTTP/2
nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
IP
151.101.85.175:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (573)
Size
518 B (518 bytes)
Hash
f1c793f9357c3efc341d89506e8e935f
21435a9c12861a49a15c52cfac8a748d2abd3ba5
0e9ef8b48f134fc26f7d5cf21607400d47cb761b944386000d5311d6b553559e

HTTP Headers

GET /wu/356861/onsite/embed.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: MDoidL9KDZ9aJ6w1SIg/iExZl7r4RyMKnWW19Fz7a7/PX0P2ULs4pDEfNv6wMhB2IBtSuYgILNc=
x-amz-request-id: WBVGKEVJFQSMHD9F
last-modified: Mon, 07 Nov 2022 19:53:42 GMT
etag: "1730ecf01b05fd289f7de2c98e343d52"
x-amz-version-id: uFpTfZD3HBAFzl2tnbps4YFghGsfEiXd
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Sat, 12 Nov 2022 21:35:05 GMT
via: 1.1 varnish
age: 361821
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668288905.116380,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 518
X-Firefox-Spdy: h2

nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js

151.101.85.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js
IP
151.101.85.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /us/wu/356861/onsite/generic1667850820910.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://data0sec1citizens.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js
Accept-Ranges: bytes
Date: Sat, 12 Nov 2022 21:35:05 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1650-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1668288905.143871,VS0,VE0
Strict-Transport-Security: max-age=31557600

nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js

151.101.85.175

200 OK

115 kB

URL HTTP/2
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1667850820910.js
IP
151.101.85.175:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (53527)
Size
115 kB (115224 bytes)
Hash
756801cc96eb6ad51e4cac481dc72f32
1eef3b41d503e5df4ced8def1f42bc8ef0c65a25
e2ca8d1d728221accc6905cccdddded0da27a12453364f9e24677ed2e1738e31

HTTP Headers

GET /us/wu/356861/onsite/generic1667850820910.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://data0sec1citizens.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: gUVr52H/16kyRmaccYa0M9varCnheGSFYVwdtWWAHflZYoPvYoc2ltLlGkVWaXAvdb7AvwOokWM=
x-amz-request-id: WBVQXPR7W1PWZ0ZY
last-modified: Mon, 07 Nov 2022 19:53:42 GMT
etag: "65202b7b4db96fe4ceef7d02ed3f1884"
x-amz-version-id: X.787lRoAp9L71__bC3KRm4eFHcb4rdf
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 12 Nov 2022 21:35:05 GMT
via: 1.1 varnish
age: 361820
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668288905.157805,VS0,VE2
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 115224
X-Firefox-Spdy: h2

citizensbank.demdex.net/dest5.html?d_nsid=0

3.248.125.227

200 OK

2.8 kB

URL HTTP/1.1
citizensbank.demdex.net/dest5.html?d_nsid=0
IP
3.248.125.227:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: citizensbank.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 12 Nov 2022 21:35:05 GMT
DCS: dcs-prod-irl1-2-v045-05ee5fd88.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: LrO1+leiQVw=
Content-Length: 2791
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c48f9f4130cf82ea54ad874cce0e5da9
7699e1726282292707120ec21bdc19f5b217ee32
fd1ab5a8d4622f74a9fbf632d829927a083200a052ce824675f4459ae1d6d682

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=148704
Date: Sat, 12 Nov 2022 21:35:05 GMT
Etag: "636fa71d-1d7"
Expires: Mon, 14 Nov 2022 14:53:29 GMT
Last-Modified: Sat, 12 Nov 2022 14:01:01 GMT
Server: ECS (nyb/1DD2)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rpjoBpwNeuDybblUPwHH-8e2oWkxecIlrLcY--jBTvji2ydMz82TjA==
Age: 3148

cm.everesttech.net/cm/dd?d_uuid=49241954820268181091265243343037449029

34.249.11.23

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=49241954820268181091265243343037449029
IP
34.249.11.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=49241954820268181091265243343037449029 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Sat, 12 Nov 2022 21:35:05 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y3ARiQAAAEk6IAN-; Domain=.everesttech.net; Expires=Sun, 12-Nov-2023 21:35:05 GMT; Path=/
everest_session_v2=Y3ARiQAAAEk6IQN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y3ARiQAAAEk6IAN-
Server: AMO-cookiemap/1.1

ocsps.ssl.com/

34.237.184.165

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
34.237.184.165:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
31d8b6f8e82eb6e6e8da57cadd6ac618
79283e214c98efe7cf354f9ae401319f2b34f06b
0fb9ef72bfbf9edb24613c7337013ddadbea8cd228e55cedfb067a6a86c5317d

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 21:35:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Sat, 19 Nov 2022 14:16:13 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "79283e214c98efe7cf354f9ae401319f2b34f06b"
Last-Modified: Sat, 12 Nov 2022 14:16:14 GMT
X-Proxy-Cache: HIT

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
237cd08123f80f98276581c845bee813
267bbd3e31a8ea865193667355b527e6ac4b566d
f91097d878804e90c90a4a46e8b5a0b8d5cc2ce03614e68abc5d0faa9871f0e6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 11 Nov 2022 16:31:52 GMT
Expires: Fri, 18 Nov 2022 16:31:51 GMT
Etag: "267bbd3e31a8ea865193667355b527e6ac4b566d"
Cache-Control: max-age=499605,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7692653b4a30b50c-OSL

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
983afc5e139e0fd5ab2df3e1b053579d
f7ff697ff9bf5c0e4212fbef7f6ea1f86568469b
b68047f6a1874af2b4dbc5df4322fb4303af7eb14ae71ef08f66b9b89b1a58f9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109793
Date: Sat, 12 Nov 2022 21:35:05 GMT
Etag: "636f084b-1d7"
Expires: Mon, 14 Nov 2022 04:04:58 GMT
Last-Modified: Sat, 12 Nov 2022 02:43:23 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: r37teN_ezLuu_XINVnDtvqqyKXkDbgeNrh9_Rah3DBey5wIniSGj8A==
Age: 4895

lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3

178.249.101.23

200 OK

105 kB

URL HTTP/2
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP
178.249.101.23:0
ASN
#11054 LIVEPERSON

File type
data
Size
105 kB (104593 bytes)
Hash
51ba51b988b5bddf303082bc62b6f1ad
848e05cec942cf425c934e7809c7362aa4d3b396
a033f2f96181edd005b0f53dc371b4cecd14278343ad7a861880f6e75337c53b

HTTP Headers

GET /lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/x-javascript
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
237cd08123f80f98276581c845bee813
267bbd3e31a8ea865193667355b527e6ac4b566d
f91097d878804e90c90a4a46e8b5a0b8d5cc2ce03614e68abc5d0faa9871f0e6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 11 Nov 2022 16:31:52 GMT
Expires: Fri, 18 Nov 2022 16:31:51 GMT
Etag: "267bbd3e31a8ea865193667355b527e6ac4b566d"
Cache-Control: max-age=499605,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7692653b8ca9b527-OSL

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vZGF0YTBzZWMxY2l0aXplbnMuY29tL2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY4Mjg4OTA0MzkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODQ2ZGM0N2NiNTE1ZC0wZDIwZjg0OTk4OTczNjgtYzUwNTQyNS0xNDAwMDAtMTg0NmRjNDdjYjY1ZjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9kYXRhMHNlYzFjaXRpemVucy5jb20vbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJmOWVlLWQ4Y2UtN2VmOS1mMDUyLTZmM2EtZGQ3OS05ZGQ3LWRmMTEiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2ODI4ODkwNDM5MSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NzAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjgyODg5MDQzOTMsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vZGF0YTBzZWMxY2l0aXplbnMuY29tL2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY4Mjg4OTA0MzkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODQ2ZGM0N2NiNTE1ZC0wZDIwZjg0OTk4OTczNjgtYzUwNTQyNS0xNDAwMDAtMTg0NmRjNDdjYjY1ZjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9kYXRhMHNlYzFjaXRpemVucy5jb20vbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJmOWVlLWQ4Y2UtN2VmOS1mMDUyLTZmM2EtZGQ3OS05ZGQ3LWRmMTEiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2ODI4ODkwNDM5MSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NzAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjgyODg5MDQzOTMsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vZGF0YTBzZWMxY2l0aXplbnMuY29tL2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY4Mjg4OTA0MzkzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODQ2ZGM0N2NiNTE1ZC0wZDIwZjg0OTk4OTczNjgtYzUwNTQyNS0xNDAwMDAtMTg0NmRjNDdjYjY1ZjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9kYXRhMHNlYzFjaXRpemVucy5jb20vbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJmOWVlLWQ4Y2UtN2VmOS1mMDUyLTZmM2EtZGQ3OS05ZGQ3LWRmMTEiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2ODI4ODkwNDM5MSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NzAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjgyODg5MDQzOTMsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-vxq8
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709%3A0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pv=2&f_cls_s=true

54.235.78.87

200 OK

429 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709%3A0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pv=2&f_cls_s=true
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
429 B (429 bytes)
Hash
6857329de88f3cc5c303cccd3dc3ea14
13bab58537bb929fb62af1da4d51d0ad0fe05094
18d83a88b3d8f0a9a3402d74d5b411932478999a3aab06e26c2f83076ea903fb

HTTP Headers

GET /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709%3A0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pv=2&f_cls_s=true HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:05 GMT
Content-Type: application/json
Content-Length: 429
Connection: keep-alive
Set-Cookie: AWSALB=AdmlUV37je4m50XkXXvkBmmoC1VFlyCEnWd+TnUaTiB/z5cch032bGvK5JZzrbvoEXj6poV9y4UxrZhTlzrmZpIONvhuSky3zpTwkLcOh7F+QT2t2jl7EoKglkV7; Expires=Sat, 19 Nov 2022 21:35:05 GMT; Path=/
AWSALBCORS=AdmlUV37je4m50XkXXvkBmmoC1VFlyCEnWd+TnUaTiB/z5cch032bGvK5JZzrbvoEXj6poV9y4UxrZhTlzrmZpIONvhuSky3zpTwkLcOh7F+QT2t2jl7EoKglkV7; Expires=Sat, 19 Nov 2022 21:35:05 GMT; Path=/; SameSite=None; Secure
_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e; Secure; SameSite=None
_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0; Secure; SameSite=None
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://data0sec1citizens.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4916
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 21:35:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4916
Expires: Sat, 12 Nov 2022 22:57:01 GMT
Date: Sat, 12 Nov 2022 21:35:05 GMT
Connection: keep-alive

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

3.2 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
data
Size
3.2 kB (3159 bytes)
Hash
e7c6aff8ae94a54fedfed1a44e35fb94
129d6be2855d02c0b78ec6b74f9a7d200b2c2371
c005e4553449539cce2f69d980d8782201f4da5338440084a7f8f66547d29ce2

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:05 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9012 bytes)
Hash
516f1bfefb1c1a737ea2441f85343b32
0cc22d7bf9092fb30f31e2ca8f242c197b891669
733824d4f6f7c5b54ce4e02ecaf152cfc1e10f3f6a801d7e2c55a02460e40087

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d4e929-d0bb-41b7-bdcd-0e67258b428a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 83eac9e7-5387-4e11-9769-182fa3f7fffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNC6FxzoAMF80w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec212-5ca277b90a5a9a4c437edc1e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PrJoEROPymrtc0egNlWRoOMjohiCo3zReD01qAHwByaSiXarfRS0XQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:00:43 GMT
age: 84862
etag: "0cc22d7bf9092fb30f31e2ca8f242c197b891669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8633 bytes)
Hash
eac2ed4bece6282c8273a58a88371e2e
2d90ff66079e8ffbaaa367a6bfc08927e7cc424d
aea97fd7d90302edcb3e0c08507d682e02166e8ddd4d082fc4f5435af438594c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8633
x-amzn-requestid: 8bdfbfbb-5193-4c62-ba1b-c906f7548676
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhSEC1oAMF8tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-39b4c2954dbc8e4c40a2c9d8;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lxrfhO5oOGvECIrlZYKsfXOTZZksAIIHAafyRM-FdRXAaBVZs5cEQA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:21 GMT
age: 85784
etag: "2d90ff66079e8ffbaaa367a6bfc08927e7cc424d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8953 bytes)
Hash
f09e254cd6f2e29b3bf198cc5d58a46f
fa34520e849bf746ff43aec3d28beb9e4be44f4d
2e29eace95fd8cb5b6d77df880d2044ecab4206cba47931c3a95e77c1b4e9d9a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe5720fc8-63c5-4f5e-bb64-33809e0069fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 2a2d20f4-3aa5-475e-8ec2-fc569766335e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhQGAhIAMFrjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-26dc0259793ec94814f3d41a;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OKFzEoCVITStAPxYzhksarrlTkVeATx6AzBnEK32WLFaOeEIwLMu_Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "fa34520e849bf746ff43aec3d28beb9e4be44f4d"
content-type: image/jpeg
age: 85793
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5583 bytes)
Hash
85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 04:50:44 GMT
age: 60261
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5478 bytes)
Hash
38e32fc94c445ff47da5d2907e61e3a4
c76588ccaf97fdfd6e73833083200cb49a01a4af
e4e3947b2248206c9dacfd35ff5619ca3b3ae56a7bcd565d40ed048839ffa075

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8955e1-907b-43ed-a437-d4ad1f5fe742.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5478
x-amzn-requestid: c06e47c6-da2a-4a70-af2a-c1268557b913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM67FEEIAMF-pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1df-0628d00244323ddf727e0b80;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3zeJU6wVmWDIbVDBlTYvTh8e78isxbmNC0GKWdKqdI5abbdERoyzpA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:13 GMT
age: 85792
etag: "c76588ccaf97fdfd6e73833083200cb49a01a4af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6577 bytes)
Hash
faa8e3cf2ab3c1d53a1735def5bb7476
ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f
e81a8fa312ec478871427f1d04ba7fe563573c683809153f75dec8df979d6efe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6577
x-amzn-requestid: b4587cfb-6041-453c-9e74-fa35ecd31448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMjIGHRoAMF26g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec147-29e7ec741b0e6f6f674aef75;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hsMmHIBEt_4cL455goPqDKQVQA75u4oGFbSxsGP_e_0uG7SZmSLBhQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:00:57 GMT
age: 84848
etag: "ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dpm.demdex.net/ibs:dpid=411&dpuuid=Y3ARiQAAAEk6IAN-

34.242.116.160

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y3ARiQAAAEk6IAN-
IP
34.242.116.160:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y3ARiQAAAEk6IAN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://data0sec1citizens.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0a2056b15.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y3ARiQAAAEk6IAN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=71598678340221847364515324004433828732; Max-Age=15552000; Expires=Thu, 11 May 2023 21:35:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: RCS62c5aQBk=
Content-Length: 0
Connection: keep-alive

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

306 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (32068)
Size
306 kB (305923 bytes)
Hash
d5518954c5c1af0a12bb7892e3688ebf
7dd4610b04c43e0303cc6bd91f99452dce1052f2
da52ec113b5d181770b4775f80d89800b5ed1d82081891128382435e5a13f840

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:05 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e17044d91588f41d8815e622fdf07e39
cb57e82c1e1e658750f41fd02ccd9256dd806033
3992773bef6397a483c8427142f6dfe6da727725bb04650336a29fa38c9298cc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:06 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 13:42:45 GMT
Expires: Wed, 16 Nov 2022 13:42:44 GMT
Etag: "cb57e82c1e1e658750f41fd02ccd9256dd806033"
Cache-Control: max-age=316657,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76926541aa31b50c-OSL

lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&force=1&env=prod&isCrossDomain=true

178.249.97.98

200 OK

15 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&force=1&env=prod&isCrossDomain=true
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (39078), with no line terminators
Size
15 kB (15332 bytes)
Hash
813ec9fff2fb1e2ec70c53b2f89b5255
5284d8256b47499e68176188f5afee97c06f0368
934484b8ed88f122271604cffaa66feef9fccb0ea83d07a8397961901de05196

HTTP Headers

GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:06 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:06 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=2&cfg&pv=2&aid=

54.235.78.87

200 OK

429 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=2&cfg&pv=2&aid=
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
429 B (429 bytes)
Hash
6857329de88f3cc5c303cccd3dc3ea14
13bab58537bb929fb62af1da4d51d0ad0fe05094
18d83a88b3d8f0a9a3402d74d5b411932478999a3aab06e26c2f83076ea903fb

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=2&cfg&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 7811
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Cookie: _cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e; _cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0; _cls_cfgver=27baeec; AWSALBCORS=AdmlUV37je4m50XkXXvkBmmoC1VFlyCEnWd+TnUaTiB/z5cch032bGvK5JZzrbvoEXj6poV9y4UxrZhTlzrmZpIONvhuSky3zpTwkLcOh7F+QT2t2jl7EoKglkV7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:06 GMT
Content-Type: application/json
Content-Length: 429
Connection: keep-alive
Set-Cookie: AWSALB=Uf/4dKj355efiII7DjS0RWPIHZr7Y1z0wAFNEBRm3FM8VzuOSRSJnlOx29FdWUZ04IYTzHR6Qhdj63E2a5GVJ//zuq85P9VkLtGRW/D8YFw70hU1usBtNNoFMjUM; Expires=Sat, 19 Nov 2022 21:35:06 GMT; Path=/
AWSALBCORS=Uf/4dKj355efiII7DjS0RWPIHZr7Y1z0wAFNEBRm3FM8VzuOSRSJnlOx29FdWUZ04IYTzHR6Qhdj63E2a5GVJ//zuq85P9VkLtGRW/D8YFw70hU1usBtNNoFMjUM; Expires=Sat, 19 Nov 2022 21:35:06 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://data0sec1citizens.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015

54.235.78.87

200 OK

139 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=3&cfg=27baeec&pv=2&aid=
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
7a7e8e34fc7f0169fdf5505464528121
4813affb554a0d667ab266686cba156f1d31c513
6595870561b24903b0b51ebea3825e9b4c087f784dc11ab49846fcac22bca4d2

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=3&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 491
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Cookie: _cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e; _cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0; _cls_cfgver=27baeec; AWSALBCORS=en0R3ty1uTgTG2qBrR30LASIj8NA5c9obLmRIKPHAXij/c4YZPPo+r5JGN5RDQ4l/MvkumqcD8pmzWfJUWQt4aOGu1oNbIagovDE/lkjldnPFKNUX/QtOh4wcuam
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:06 GMT
Content-Type: application/json
Content-Length: 139
Connection: keep-alive
Set-Cookie: AWSALB=hyL3UZ0FSUjMo/C3TZWg2VqFm6DAOvDeIsBhsWcK0VtR2Dj7rrv0jqEyZcoH5Ar7TyoldLqGb60NJMx4fb40cDzun+LlYCIYAPFSX4ljh2Z0mHRgyXq79esWQ9Sf; Expires=Sat, 19 Nov 2022 21:35:06 GMT; Path=/
AWSALBCORS=hyL3UZ0FSUjMo/C3TZWg2VqFm6DAOvDeIsBhsWcK0VtR2Dj7rrv0jqEyZcoH5Ar7TyoldLqGb60NJMx4fb40cDzun+LlYCIYAPFSX4ljh2Z0mHRgyXq79esWQ9Sf; Expires=Sat, 19 Nov 2022 21:35:06 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://data0sec1citizens.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015

54.235.78.87

200 OK

139 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=4&cfg=27baeec&pv=2&aid=
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
7a7e8e34fc7f0169fdf5505464528121
4813affb554a0d667ab266686cba156f1d31c513
6595870561b24903b0b51ebea3825e9b4c087f784dc11ab49846fcac22bca4d2

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0&_cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e&pid=2ca3f594-ce44-44f0-b519-c502596b4c85&sn=4&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 233
Origin: http://data0sec1citizens.com
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Cookie: _cls_v=9d8ce715-61c2-4c26-89f5-8307bff2687e; _cls_s=a7294fb2-06eb-4bd2-a150-1cf374400709:0; _cls_cfgver=27baeec; AWSALBCORS=Uf/4dKj355efiII7DjS0RWPIHZr7Y1z0wAFNEBRm3FM8VzuOSRSJnlOx29FdWUZ04IYTzHR6Qhdj63E2a5GVJ//zuq85P9VkLtGRW/D8YFw70hU1usBtNNoFMjUM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:06 GMT
Content-Type: application/json
Content-Length: 139
Connection: keep-alive
Set-Cookie: AWSALB=V7oeFTBKXPldlmfnN+vTyPv83Tzrque1Rq/7JSq0AVGfNvetPQ4sRNjmgaUn7zbN9BD/bX0YASWwTT98DzaSk+v1rF8HpVKM7B17eG2Hvqmq7IImikhsRKnYQF3P; Expires=Sat, 19 Nov 2022 21:35:06 GMT; Path=/
AWSALBCORS=V7oeFTBKXPldlmfnN+vTyPv83Tzrque1Rq/7JSq0AVGfNvetPQ4sRNjmgaUn7zbN9BD/bX0YASWwTT98DzaSk+v1rF8HpVKM7B17eG2Hvqmq7IImikhsRKnYQF3P; Expires=Sat, 19 Nov 2022 21:35:06 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://data0sec1citizens.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5015

accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb11628x94133

178.249.101.99

200 OK

5.7 kB

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb11628x94133
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type
data
Size
5.7 kB (5669 bytes)
Hash
16863a63e0e1a86185c9ac7fa5d932cb
5351a7c9827bf65648c176b240e4ddc75d208017
239a752a34d93d22461f8d5ea4774ae99aeb241b6cd9e11a2cc323c05cd54287

HTTP Headers

GET /api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb11628x94133 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lpcdn.lpsnmedia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:06 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:28|g:71c6b917-2baf-4735-8b58-c033d32a1625; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:36 GMT; Path=/
ADRUM_BTa=R:28|g:71c6b917-2baf-4735-8b58-c033d32a1625|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:36 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:36 GMT; Path=/; Secure
ADRUM_BT1=R:28|i:2241585; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:36 GMT; Path=/
ADRUM_BT1=R:28|i:2241585|e:5; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:36 GMT; Path=/
vary: Accept
expires: Sat, 12 Nov 2022 21:36:06 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
165e6a255c023b4407e23495cd63f089
dfbae715c1168541c4fc97be1a8eb8e29b7f1aa0
703fcefb755ec7794ff8a4b2cd8d9b01c995a80198bbb877940f9091242aa71e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 21:35:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 11 Nov 2022 11:37:46 GMT
Expires: Fri, 18 Nov 2022 11:37:45 GMT
Etag: "dfbae715c1168541c4fc97be1a8eb8e29b7f1aa0"
Cache-Control: max-age=481956,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7692654acd95b50c-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a00a310aad562ae21c3a2494ed63e4ca
504f3d0357bdbb101c636e5bb1110dae3928cbb4
46dece9a042b4f33f8975e00e78f8f383d2233dea3df262b9f26915b67ab5414

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1218
Cache-Control: max-age=155428
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 21:35:12 GMT
Etag: "636fc8f2-1d7"
Expires: Mon, 14 Nov 2022 16:45:40 GMT
Last-Modified: Sat, 12 Nov 2022 16:25:22 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:24 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:05 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

178.249.101.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:29|g:ebf62d15-228e-403b-9ad1-c045acbc2aac; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
ADRUM_BTa=R:29|g:ebf62d15-228e-403b-9ad1-c045acbc2aac|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/; Secure
ADRUM_BT1=R:29|i:2241585; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
ADRUM_BT1=R:29|i:2241585|e:7; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
vary: Accept
expires: Sat, 12 Nov 2022 21:36:05 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:05 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB

178.249.101.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:29|g:0d1c1efe-69f0-41a7-9ceb-ba2418cf3322; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
ADRUM_BTa=R:29|g:0d1c1efe-69f0-41a7-9ceb-ba2418cf3322|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/; Secure
ADRUM_BT1=R:29|i:2241585; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
ADRUM_BT1=R:29|i:2241585|e:6; Max-Age=30; Expires=Sat, 12-Nov-2022 21:35:35 GMT; Path=/
vary: Accept
expires: Sat, 12 Nov 2022 21:36:05 GMT
x-envoy-upstream-service-time: 2
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

va.v.liveperson.net/api/js/89632304?&cb=lpCb41404x67399&t=sp&ts=1668288905278&pid=7929688547&tid=7647744142&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ea1c4651-1292-4ee5-9c46-511292bee565%22%2C%22account%22%3A%2289632304%22%7D%5D

208.89.12.87

200 OK

0 B

URL HTTP/2
va.v.liveperson.net/api/js/89632304?&cb=lpCb41404x67399&t=sp&ts=1668288905278&pid=7929688547&tid=7647744142&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ea1c4651-1292-4ee5-9c46-511292bee565%22%2C%22account%22%3A%2289632304%22%7D%5D
IP
208.89.12.87:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/js/89632304?&cb=lpCb41404x67399&t=sp&ts=1668288905278&pid=7929688547&tid=7647744142&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fdata0sec1citizens.com%2Flogin.php&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ea1c4651-1292-4ee5-9c46-511292bee565%22%2C%22account%22%3A%2289632304%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:08 GMT
content-type: application/javascript
set-cookie: LPVisitorID=I5YmI4MGIyN2M1MTFhMjIx; Expires=Sun, 12-Nov-2023 21:35:08 GMT; Path=/; HttpOnly
LPSessionID=nm7mRpNTQxWPpKEApoSlbg; Path=/api/js/89632304; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?

104.18.14.22

200 OK

0 B

URL HTTP/2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP
104.18.14.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://data0sec1citizens.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
last-modified: Thu, 13 May 2021 10:48:21 GMT
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding: gzip
etag: W/"845173368b011e7fa14658b57426fe09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TjES7ym4ShstKtpj1GLznZjl8VeU-G2N0yGQlAXn4IB-OQXucq9_RQ==
cf-cache-status: HIT
age: 5726
expires: Sun, 13 Nov 2022 01:35:05 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 76926538cc5eb4f1-OSL
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:05 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:05 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&env=prod&isCrossDomain=true

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&env=prod&isCrossDomain=true
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fdata0sec1citizens.com&site=89632304&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://data0sec1citizens.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 12 Nov 2022 21:35:06 GMT
content-type: text/html
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 12 Nov 2023 21:35:06 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (39)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP