Report - coprwanda.com/login.php?primarymember

Report Overview

Submitted URL
coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
IP
192.185.105.9
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-12-01 15:38:42
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citi

Detections

urlquery
44
Network Intrusion Detection
0
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
online.citi.com	23902	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	29 kB	1.9 MB	104.110.15.25
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.6 kB	142.250.74.131
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	892 B	67 kB	151.101.129.230
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	68 kB	34.120.237.76
1.a79ab95c1589a13f8a4cab612bc71f9f7.com	75111	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.21
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.77.32
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.9 kB	104.18.32.68
contents1.00110.citi.com	34217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	582 B	216 B	13.89.105.232
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	6.3 kB	93.184.220.29
coprwanda.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	38 kB	146 kB	192.185.105.9
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.39.94.191
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	485 B	35.241.45.82
contents2.00110.citi.com	32534	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.6 kB	52.154.174.214
1.b406929acabac9b095f124c81bdfcf57f.com	75277	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.103
1.c81358859121583b7adf2ace89cb39f44.com	75217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.34
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	705 B	6.3 kB	151.101.1.175
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	548 B	192 B	35.190.60.146
cse.google.com	2642	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	313 B	4.2 kB	142.250.74.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=847438234f4dc520812f48bbe	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=78d5e03e4115dd55efebe6169	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fdb0fef5d5d2d705c28835cd	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8705c9f15dfc4c60e2455b0eb	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4f45be6c00f51a988e33903ba	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8305c5222956909b9ea829432	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76d23713879283e0a0f6d93be	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=eeb90f2f95e6b02a81b668f33	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=01412c56f7491ad6a3bebe83c	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=29ce796571ff88fb27bea7dc3	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0ffb7e8015756eee1657c72ce	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b5fdca4da7a2d46255d77bee5	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=905a23b68698dd0edba490e02	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5772ed77e7ad0bb0cbb14302b	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=af95537353ac71d5b47c58637	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=54cf4f6fc4d2c462d41918bdc	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5c91c4a1bb7411b94901973a5	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bf03bba3b5dce691123d24979	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f4e4f8fbf67426b9895d81f25	Phishing
2022-12-01	medium	coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=17b48dafaed197bee2b7340f5	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (50)

	URL	Size	First Seen	Last Seen
	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	51 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a3b9a45219bb8e76e0b6428a3c2252a7 f3acae083611bddf944dd5b99ffc9401ecb29411 d0a5a93cb1f2f7daefdf72c4da8680aab2c242b9cf555052afa9c0cd56917f07 Loading...

	nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js	14 kB	2023-03-07	2024-04-03
Pretty URL nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js IP 151.101.1.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:04 Last Seen2024-04-03 19:28:22 Times Seen175 Hash 80dd5e3be5152c5c72d552c6a26ef6ff a019565ce06f5b1c129af9ac0e9cfa82f52dcdea 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-08	2023-03-11
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:43 Last Seen2023-03-11 23:52:27 Times Seen1 Hash aa380446f88c1288203b55faad15a0df 6724fbaffe1828ffd0ffaa56769630709b2fdfad 4f0fa35c5a44677cc0a678f03795032aa862275dc29e978a84a2ee41ef267c10 Loading...

	online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js	13 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 67fd9bb7be1fea04c09753fcdab15974 207b8cec60851c99ebdda47a19cd8a032acc0c47 b95fb980f8f91f1c113d3411d3fbf608e143bf4d10fe0706bb6d2231f13bd228 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	487 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash eae83f0684e7579652eb0933e38369e9 12d00f19d6d36c928c9d2b70b4c6f7b2e6846e0a 2d71826129cbe83e37a07a4d9c204830f4973e601adcaa8683a741d992e96a24 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	169 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 41f78ec36c8e88fbf2baaf7035a8f84f 1545242efbd33a18adf2b0645decdc0c20d31e5d f22d5a40edfbfba3e5a6197f9eb94801f8402801e2ef2822dfd24ebb4022c49b Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	1.5 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 80225a3b19dfe27804d23ede3e982551 48bc3baa82a3339b937f30c04a30296654a1e998 ca689295a05fa095b9c7805118d78203b18020fcba72a0b84b819eaf52e042b1 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	5.4 kB	2023-03-07	2023-03-26
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2023-03-26 11:20:09 Times Seen3 Hash ccc559ecd3592536380cada140c43a86 6c31ba55d693e0327c8be6aab39264045dfc89d0 9fadbb54ce0d3d5250f3a6e96ea0dbb5bc729f7936c56bdb606bb2310ede0b57 Loading...

	unknown	0 B	2023-03-07	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 13:17:50 Times Seen36940430 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	online.citi.com/passivebio/bcsid.js	947 B	2023-03-07	2024-03-02
Pretty URL online.citi.com/passivebio/bcsid.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen22 Hash 502011c839f5e3bbbdf1003b724e06be d038be2dc3b9e0472222e530a6939f7ebe1f474b 7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	1.7 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d6d17a43da3e8376e35530332e97ca5a b4d7317b19925744db8006d3607847291b8c2d11 89d52e9a2628894ca01a5df1ae1e1837d8d1845687c97f70626835be863ef80f Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	2.2 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8eedca5e0fcb1a64188322773e36df8f e432b6c6b69b3cacfb651c47ae491e0639ff451b 68c52647c1464b6ed288e2f0599fc247410d6f1aa1ef55f2f38a5b97b86cc704 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	5.7 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 372c44408865733816a82d39409c0b30 85316d59e1d674e0dd03a7f0feb5d8c2b611001f 4f56b58340bbcff64bcbd1d6705293f8f68fdc68ae08c4d47f56522444cc7dd9 Loading...

	online.citi.com/TMX/TMXProfiling.js	1.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/TMX/TMXProfiling.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen34 Hash 0ff04f7aa700fb377b4a1a7f9f431b21 32f63ce9172fad37c97fe3d680373a5247c2bd54 157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	359 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b12406eac48ade2690f28ac5c9f718dc 57c0461b4deb5149b8f0e858f5f5229458fc8b0c 142489ac6853636288983970739a610112ef91ac6043a389995fe55af272902f Loading...

	online.citi.com/GFC/branding/responsivebranding/js/main.js	34 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/responsivebranding/js/main.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash c0ddec2b38e31940c334f2484005e156 6400269d39b45e4a70747dc53dee46a4847c5de3 9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	357 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fbf9db9d94876430883163dc4daf526 750066ce478bbe33c8549eba66f1b5d904887cdd a48f476e46cb1bf35c51fd3d0e2bd13934be3d651578dfd92d58031a604f3ab9 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	124 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a19f3867a2e4f194d61def3b27607ba6 70c9c6e28e1cadc1f6b5323e27193805d4eae52b 027658d5326a774db4e4a4980c91809057d23cfc74657a7afbab30f232f53862 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	8.8 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash 90f96fe21a87fad1db5e9400e1dd4992 04bf5396b008ed5c09f975a0ac4439daeb0a7c10 7281fd5f764158ae3ddd8d3745d09c71f32c8459ed2cb07cc9098279f06e9f5d Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	55 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fe2b22226d89eba331c98169afbe248 5d6863f5b3b2ead7cda62892a357f54453f32e9b 7f06045984d0bd219b82b6f040069ed2e2e1c06209db06ba3573a146628970b6 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	861 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 3b39fb878bb8cc0ef702b00f28ce06a2 1800f2414e094aafbc22d21f887e2c2ae0936c39 1a26e59588d3cb2703eca3a097a8ea943076219db045142fdaa1079f5077326c Loading...

	online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js	1.0 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash e60f5e310d559ee60d3247be9d5ca100 34e78dc5b40ce2a94567389bfd6e04abf43b90b9 9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead Loading...

	1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js	3.2 kB	2023-03-07	2024-04-12
Pretty URL 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js IP 54.230.111.103 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2024-04-12 17:43:01 Times Seen5046 Hash 9ee48a4da9c402e8a23ad085fb71f28f f0c59306d6313f9bee02b53ca8903991bd24bfd7 9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622 Loading...

	online.citi.com/GFC/branding/olab/js/oo_engine.min.js	43 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/olab/js/oo_engine.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 9cf707489677b29ec6136aa27089ba09 5b37eb42f3a40a12670240452ee73f62f92b2fb2 1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js	9.1 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen23 Hash 828b253bebc00cf5985f885442fa5ea8 9f02b35e1acd3be7f6063693fd6e31d4fe010109 eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	169 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 66ca5e714ab1f2abc641e1a7d48f8718 9c1e2c0ba39d05d105c37bf884bc1a3f2bc9cbc3 76dd133f3a42824740d3c84f9420ac45c4626dc34ae2fde827bc48c63361ee46 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	1.4 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 523300c546ce8ca360e71c0fb0dd814e 02f79ba80ee8c0382712f839f96bc756d26ccf00 aed2528851ae42ae6d46422c6ea1f1a4f80f5a12d8da6ba4faf47ba31d535f00 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	684 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b380284e2b4750a3f8510c3f26e3b560 2283ef2ae152c81fb1a5d606562708d09ed4d19a 8d91289c12695cf4e74f0a67724c8d857f5dff3e39dbe51b9c7b7d1389c7814e Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	494 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 0d581029ec07c06226cdb87413887e8c b43ebbb551358c7d2ffaced6599b09a4f471d635 68eb0c8baed5acd7a6f96d01c70ab092f24705d05f6ac63906e03281c8648da4 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	1.2 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 36aa1dfcdce2b986fd9f0db34c4fa706 d08814a707dec3e918bab14f17667fbd9d97d252 899f1b5bb146380ef5919bbc7e765fad6ee9ef236df7dff4db370dfb19e70f98 Loading...

	www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D	310 kB	2023-03-08	2023-03-12
Pretty URL www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:46 Last Seen2023-03-12 17:38:18 Times Seen1 Hash cd4dcf60325693e64ff3fe71cfb84a58 e724160941156849e66b5cec3d0fd0dbfeefd266 535b8af88e270a20f4ae2174218d6b90ffd7fb780215a2f911629455d6c8201e Loading...

	online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js	6.2 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen33 Hash 42dcf708ed86de23deaaea0446fd9c38 1d25fe5aea16f13a83452f02be95bec22af3b5ac 629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38 Loading...

	online.citi.com/JSO/js/fp.min.js	15 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JSO/js/fp.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen40 Hash e0bd1cc6312c34c2d4a57142ef0a7b08 02ce3ece5c0f0a50f473c46380aee484467453d0 c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61 Loading...

	online.citi.com/personalization/peworkflow.min.js	5.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/personalization/peworkflow.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash 95e4214ba481e0482f80ba7f16966e5b 59a2c377906e189d7f4a962f76f427eb6f1edc79 690146b8ff7699810daa66f43ce7d006f74a143dea4a27bb0cb9c054dddadeee Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	78 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 349e88b7caa0dff4eaf84621885aa4f3 4d887106cc4facf29b36c387a6804f1cc9248654 9db261bd1461cfc312dd6f9c4bc524a49091d299e4391c63877032b55f2596a0 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	60 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bc7247cf39fab48b4350f02e88aeb96f 4d23a7bf9ac7b5e035ae05b03ec4d332fc8feaf3 f44ae2b913df243a9f434e4843f12c6fbd219bafe09e404ee33c2099fd5a8d2f Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js	3.0 kB	2023-03-07	2024-02-11
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-02-11 09:44:08 Times Seen1 Hash 1130041570009de4132935c54abacb7d 767afd3e881378ae9eee4c9f6e705022c17a358e 694c74b00db3aae929ade1622b456591187454fd61f06daef7fca081b01adc07 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	55 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d5f6a35c544a7ddd317d05e7269f2d91 261918e10ca6bcdb237e0721f18f9ff7bb17c661 c2cc4fb4f8c58dc26361fa9861e3f0a8c37f575e9a01ca6ab41918933a45f73c Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	3.8 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash b7c621311d20eb07f9505c83f2e93a78 7e88e8057e7ff83e4debfc93f9003ec7b6057de7 3e8e3a7b51aa3cb440686ef7fa0309f2bb8e348f89e37819481dc7629f7868c9 Loading...

	online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js	65 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash ffa4ec65e36a6626d9494401fe52ad0c 50fde09885fdb9f1814b950fa25992e4d9a04ba6 f1821b3865a1008ba0c088f7dc5c7eeb6b81e414461885c40b8d0f48fcbc9341 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	435 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8c44d43f489e4df9faf23c5f7c082749 587508ee3c25156acd49c1c5381183cf28cde15d 4516f2146b415294de73a3cfdb656e831c1f768ed83e02e0523ab0e3b62ead7c Loading...

	1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html	87 B	2023-03-07	2023-04-05
Pretty URL 1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html IP 54.230.111.103 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2023-04-05 01:48:21 Times Seen54 Hash 2e4d7d52e5909922bf021f1cc09b8932 dc20df92c388423464243e53c7a378f0016effc9 0242c236e7c83d9c9d5281fc2614b82c4bf516e7e2552c4e042ecbf9fcf45027 Loading...

	www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D	281 kB	2023-03-07	2024-03-02
Pretty URL www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:52 Last Seen2024-03-02 02:18:11 Times Seen28 Hash c7946a75b4952e913c1c266213074248 6424fb9dcad38a16aa403bfa392561044ddd23dd 6ce5619a84bf7d3e559a5b45aa7f56fee491dd3f648775bbb7b42cb1f6f3c6fc Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	1.4 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bd392e918e0e8f71f814f5a4553a6ead 2eb7f3a1108af3e041fbb338376a313c73611026 c8deb517a69abf7d437eba4b4e4915f30afd61faf052449f014e8cafc7129e15 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	6.5 kB	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash f15ea50d63999ebf748246ffa6809deb 3ab1fd500e2c2ebaa7b6cacd40558f72b3db819a 145cd772b8f26c7980cc0e655ae0d338eba3e2c9312f98682c20fd5d52aa0a55 Loading...

	coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee	712 B	2023-03-07	2024-03-02
Pretty URL coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash 71382f8e6ef9bf2ed5d915ae803c5c7f 0c64d7a89e77aa6b2325ca12b8fe87548d6b2850 2c2cdc3431ed006f6ec8457b9c0718d0e1ca18839e87b9de7fb3b3f1661b4329 Loading...

	cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu	10 kB	2023-03-11	2023-03-11
Pretty URL cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:45 Last Seen2023-03-11 23:39:45 Times Seen1 Hash 13684f70533513c4d4a266899ba68564 b35bbd7f5e33179fdc1bc8439c02fdb08bfa0a4f 897985d39490a110def0b44e719e729705aaf784513976ee687253781c6f4018 Loading...

HTTP Transactions (165)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2203
Expires: Thu, 01 Dec 2022 16:15:13 GMT
Date: Thu, 01 Dec 2022 15:38:30 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1594
Cache-Control: max-age=155956
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:57:46 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Thu, 01 Dec 2022 17:40:29 GMT
Date: Thu, 01 Dec 2022 15:38:30 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 15:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1124
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kkUnjKgaFa51zdKXDVAH6yCIK7W/uv3XjC1cc+V3Btfmw7XtkiJvxohM11eJtbjtyukYXdiWwAs=
x-amz-request-id: XHWT4HBKG4JM1XKV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 14:45:42 GMT
age: 3168
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

HTTP Headers

GET /login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669908199992; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:38:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:38:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1314
Cache-Control: max-age=122571
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:41:21 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1314
Cache-Control: max-age=122571
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:41:21 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1314
Cache-Control: max-age=122571
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:41:21 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1314
Cache-Control: max-age=122571
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:41:21 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

online.citi.com/GFC/branding/responsivebranding/css/main.css

104.110.15.25

200 OK

7.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (47574), with no line terminators
Size
7.3 kB (7313 bytes)
Hash
3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682

HTTP Headers

GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=E06D507F730B07D80BA81CC1F90C7F40; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css

104.110.15.25

200 OK

3.7 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.7 kB (3733 bytes)
Hash
912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=69D291656D956865F4299D28029FEDCB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1314
Cache-Control: max-age=122571
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:41:21 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png

151.101.129.230

200 OK

2.2 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP
151.101.129.230:0
ASN
#54113 FASTLY

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2219 bytes)
Hash
f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068

HTTP Headers

GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:38:30 GMT
via: 1.1 varnish
age: 814077
x-served-by: cache-bma1649-BMA
x-cache: HIT
x-cache-hits: 22
x-timer: S1669909111.832420,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2

online.citi.com/loginpage/styles/homePage.min.css

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/loginpage/styles/homePage.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (24793), with no line terminators
Size
5.0 kB (5046 bytes)
Hash
8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506

HTTP Headers

GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=7D5CE4EAC0587FE10B1F0EC394F13DCC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js

151.101.129.230

200 OK

63 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP
151.101.129.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (44679)
Size
63 kB (63129 bytes)
Hash
2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3

HTTP Headers

GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:38:30 GMT
via: 1.1 varnish
age: 2712
x-served-by: cache-bma1649-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669909111.832395,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

104.110.15.25

200 OK

2.9 kB

URL HTTP/2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5928)
Size
2.9 kB (2905 bytes)
Hash
f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05

HTTP Headers

GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=C392154839FEDF1A5266BFB4157E492F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JSO/js/fp.min.js

104.110.15.25

200 OK

4.3 kB

URL HTTP/2
online.citi.com/JSO/js/fp.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (13962)
Size
4.3 kB (4322 bytes)
Hash
37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982

HTTP Headers

GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=27D5E9E5D0891A8576B49FD469FE4EFF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css

104.110.15.25

200 OK

337 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1265), with no line terminators
Size
337 B (337 bytes)
Hash
7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=D055F73C4D217D6C70A638F70530FE4E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

104.110.15.25

200 OK

65 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (65509)
Size
65 kB (64910 bytes)
Hash
68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=42F7DA1CF9572A1D980F63203CC1220D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

104.110.15.25

200 OK

899 B

URL HTTP/2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
899 B (899 bytes)
Hash
1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3

HTTP Headers

GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=E3CA02811D233FF977BB0F3E596018A0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/personalization/peworkflow.min.js

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/personalization/peworkflow.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5321), with no line terminators
Size
1.8 kB (1806 bytes)
Hash
1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78

HTTP Headers

GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=BEB03B5C29E2ED58798BDADF80221829; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/olab/js/oo_engine.min.js

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32021)
Size
12 kB (11704 bytes)
Hash
4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090

HTTP Headers

GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=FD91638393C1A5A2C5AACB6C89A62C31; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/main.js

104.110.15.25

200 OK

8.0 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/main.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Size
8.0 kB (7957 bytes)
Hash
6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee

HTTP Headers

GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=B48F8795C6A5B0F16E74CFCB3A5D6C82; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js

104.110.15.25

200 OK

1.0 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3018), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=98B3C5DD8505F34AFE42AD57B05ABFE0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js

104.110.15.25

200 OK

3.0 kB

URL HTTP/2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
3.0 kB (3030 bytes)
Hash
cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0

HTTP Headers

GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=17371D1B5EC9D5B77178D329A5CB0730; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/TMX/TMXProfiling.js

104.110.15.25

200 OK

546 B

URL HTTP/2
online.citi.com/TMX/TMXProfiling.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
546 B (546 bytes)
Hash
8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2

HTTP Headers

GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=E2352115A4A9A4FB10ED7D39F77BE86A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GPS/portal/css/cobrowse_overlay.css

104.110.15.25

200 OK

1.6 kB

URL HTTP/2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.6 kB (1597 bytes)
Hash
48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449

HTTP Headers

GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=9DD8F09829CDD607280BBF8350476BFA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js

104.110.15.25

200 OK

62 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (7824)
Size
62 kB (61658 bytes)
Hash
72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
content-length: 61658
set-cookie: AKMTLTSID=680BA2CB68B04C66E427F79557DD9A2B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 15:11:15 GMT
cache-control: public,max-age=3600
age: 1636
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css

104.110.15.25

200 OK

15 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (342)
Size
15 kB (15298 bytes)
Hash
7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=0E844ACCB3F01DA9B0351D97F82EAFD5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/bcsid.js

104.110.15.25

200 OK

427 B

URL HTTP/2
online.citi.com/passivebio/bcsid.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
427 B (427 bytes)
Hash
62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd

HTTP Headers

GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
content-length: 427
set-cookie: AKMTLTSID=890C46C021BBD6352A933218C08A6D16; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js

104.110.15.25

200 OK

31 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (368)
Size
31 kB (30559 bytes)
Hash
51adf829efa8df8d293b7798be259dc4
5958976a367747fd3ba087371d5906163cd8334c
640f8a2d94f512022b7cc3c21d27b1c204092f16f1e372972dc42f85baa2e538

HTTP Headers

GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=F957DF060D385181348AFF585D45688F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/pl-profile.png

104.110.15.25

200 OK

678 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
678 B (678 bytes)
Hash
47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d

HTTP Headers

GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=69F86A6EC1CF6ED456E0187CC57F8891; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg

104.110.15.25

200 OK

758 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
758 B (758 bytes)
Hash
2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 29 Jul 2020 05:29:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 758
content-type: image/svg+xml
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=20723CFA9D7FBCC1B2E980FB1CC37AD7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/lang.svg

104.110.15.25

200 OK

1.4 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/lang.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1434 bytes)
Hash
c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784

HTTP Headers

GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=1732BAFD722CCA0C4EFD2B0DC492677C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-know.png

104.110.15.25

200 OK

547 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
547 B (547 bytes)
Hash
7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb

HTTP Headers

GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=E3D2D3C098A4495F46EA66CBD4701366; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-mail.png

104.110.15.25

200 OK

713 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
713 B (713 bytes)
Hash
d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799

HTTP Headers

GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=3966E6FCB302E9DDF9AB8AC83D05D24B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/banking-savings.png

104.110.15.25

200 OK

917 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
917 B (917 bytes)
Hash
d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902

HTTP Headers

GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=8D770A8E10D160665F7E74545A018E94; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-calculator.png

104.110.15.25

200 OK

374 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
374 B (374 bytes)
Hash
2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2

HTTP Headers

GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=C08D59EBFF31A93B97E1E526982B0E6A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-home.png

104.110.15.25

200 OK

515 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
515 B (515 bytes)
Hash
d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3

HTTP Headers

GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=D10BA39D547932FF65AB4DF109D51B45; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-FP.png

104.110.15.25

200 OK

399 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
399 B (399 bytes)
Hash
4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=4673B3E9854C0FE7424CA636D4EB8E4A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-MI.png

104.110.15.25

200 OK

822 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
822 B (822 bytes)
Hash
9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=2B150B464E52705B77735F606B0FBFAB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-II.png

104.110.15.25

200 OK

894 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
894 B (894 bytes)
Hash
ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=C5D80CF900425AADD4564690CBE03A92; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranch.png

104.110.15.25

200 OK

697 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
697 B (697 bytes)
Hash
5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=453C4FD4118F0702092AA88398DE5E52; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/WM-conce.png

104.110.15.25

200 OK

819 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
819 B (819 bytes)
Hash
e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38

HTTP Headers

GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=AE8FC3FEA1B876DC1F8C8F4DB1F6A58A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/search.png

104.110.15.25

200 OK

540 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/search.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
540 B (540 bytes)
Hash
2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae

HTTP Headers

GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=69E3462632D07AF44F863C09FA255C0C; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/navigationMobile.png

104.110.15.25

200 OK

137 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
137 B (137 bytes)
Hash
895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d

HTTP Headers

GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=483E5F72AB811671C184879A40DA5787; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/closeMobile.png

104.110.15.25

200 OK

327 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
327 B (327 bytes)
Hash
e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0

HTTP Headers

GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=7F5BAB5C87EC8F59184DA9F48C350081; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png

104.110.15.25

200 OK

888 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
888 B (888 bytes)
Hash
2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=F2AD12C6EBF13B9DFD2FBE27ED453094; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png

104.110.15.25

200 OK

1.3 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1300 bytes)
Hash
e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a

HTTP Headers

GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=ACAA801BB9A900537EF97FEFCFCFFCBA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

104.110.15.25

200 OK

47 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (900)
Size
47 kB (47322 bytes)
Hash
c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd

HTTP Headers

GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=5C9E1E67D624DC9D5C25B3A4BDA78741; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/BiocatchATO.js

104.110.15.25

200 OK

114 kB

URL HTTP/2
online.citi.com/passivebio/BiocatchATO.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (63756)
Size
114 kB (114417 bytes)
Hash
9248242d277a48e0e26b2b6aef3ce590
54c170a425a237fff13a351380d3ebc13eecb7fe
dffd94cd4d4979a7844ab3e348357a918ba4d92a07e1e20ce583295c136b6d88

HTTP Headers

GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:30 GMT
date: Thu, 01 Dec 2022 15:38:30 GMT
set-cookie: AKMTLTSID=737FBD182E91ECA543E3250751C8EE20; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js

104.110.15.25

200 OK

26 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (8207)
Size
26 kB (25945 bytes)
Hash
4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 18 Apr 2021 07:56:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=96497E6C8A5E32926DCD8579AFA04B03; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png

104.110.15.25

200 OK

329 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
329 B (329 bytes)
Hash
15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=180D3F2FE6DB10D8BE32E4973183703B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=3FA833DC35654DCF78C019FDCBF5200E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/errorLogo.svg

104.110.15.25

200 OK

584 B

URL HTTP/2
online.citi.com/GFC/branding/img/errorLogo.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Size
584 B (584 bytes)
Hash
3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341

HTTP Headers

GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=AB0293E0861CB6E01C4058BC591A99C4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

104.110.15.25

200 OK

344 B

URL HTTP/2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1035), with no line terminators
Size
344 B (344 bytes)
Hash
ee56ceb81a2c453ad35d592085dc1030
93465f3d60e2561772ade8cf8cbccccb8038ab74
b1282d6ce2f019a78ac693026f2d21cf72b63e5203594be911f894531a142b4b

HTTP Headers

GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
content-length: 344
set-cookie: AKMTLTSID=54F1099BDB264ED457CA64E2A8B742D5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/card_art/8150_cardArt.png

104.110.15.25

200 OK

45 kB

URL HTTP/2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Size
45 kB (45386 bytes)
Hash
d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0

HTTP Headers

GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=4AFC9AF3A1B8ECA20AC96C456C7EB300; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/8763_M1-M7.jpg

104.110.15.25

200 OK

46 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
46 kB (45996 bytes)
Hash
d1b0e06afbd29e02b850c0a871a689f1
8d55c0a5da74604bdaceafada2808b406b58be62
0fc0c5e3b942752d5a811676f479650575e3c0a6c42c25ed57311064b2d836a4

HTTP Headers

GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=1201990CB142B623DC6C2657A3635119; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg

104.110.15.25

200 OK

35 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
35 kB (35239 bytes)
Hash
5fb8ff5dd22b3f8a34def2212bdeca0b
373c913d070e4b486d90c1959d9aae179043e2d4
b880a027d8db72f3120d1666c1bc4f016c126d0d6e0b7852155c1ea204da4b63

HTTP Headers

GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=733A1E915DB554BBF80C8BA309F5E037; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png

104.110.15.25

200 OK

28 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=4DB694112632860A566AC9D6775E14C0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1589
Cache-Control: max-age=150887
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:31 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:33:18 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=88230D2996DC30F083882457A5704B13; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg

104.110.15.25

200 OK

110 kB

URL HTTP/2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], comment: "Optimized by JPEGmini 3.12.0.2 0x8e6e2aa3", baseline, precision 8, 2160x600, components 3\012- data
Size
110 kB (110256 bytes)
Hash
adc640f5c974f259332776179906a9ba
88aa97730f84a70b8f3ec0df9763797293f6fef9
73bda4635bfa51c64ab47b1fba9a7cb20b6ab3ae44f7c1d2abf78041a9da0fee

HTTP Headers

GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=27C87627A84C6F4A19F892EFF49AFCB3; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg

104.110.15.25

200 OK

50 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
50 kB (50031 bytes)
Hash
1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80

HTTP Headers

GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=AD5AD39489FE24D38E676458364ABBCF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js

104.110.15.25

200 OK

748 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (57530)
Size
748 kB (747501 bytes)
Hash
9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
content-length: 747501
set-cookie: AKMTLTSID=210202CE9A336518B2AF017694D23A84; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=66C2174BA82348A0FE61875F3E4B22E2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.39.94.191

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.94.191:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fsngQpAOxJAGFQUaZzIl7w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GRPkY5j9n/mW6xXCVOT6UoSCga8=

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=ED304EE740BA4C1205FF0C01FEA90B2E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=AD334502E1E9C7EB653CDD48E40494CA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png

104.110.15.25

200 OK

80 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
gzip compressed data, from Unix\012- data
Size
80 kB (79753 bytes)
Hash
092695ab186b08cfe77e1e2baa88a75a
e4e0c72716be82c464ece81a1ec6d8de3f44f89c
94dc36f237f196ac346325d697cc9a27fc8bf5dc4102abf208df79142c974f09

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=D9E9C475EC853D1754C2C011171F27F8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

104.110.15.25

200 OK

76 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:38:32 GMT
content-length: 75538
set-cookie: AKMTLTSID=0009CA45656773558596502069A0915F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

104.110.15.25

200 OK

72 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:38:32 GMT
content-length: 71874
set-cookie: AKMTLTSID=D4B000DCEE9FEACF766856373C55A5F9; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/loginpage/images/icons/svgs/close.svg

104.110.15.25

200 OK

641 B

URL HTTP/2
online.citi.com/loginpage/images/icons/svgs/close.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Size
641 B (641 bytes)
Hash
dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8

HTTP Headers

GET /loginpage/images/icons/svgs/close.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 641
content-type: image/svg+xml
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=CB2E4E3284516437721C6162E25D5932; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/HP8564_M.jpg

104.110.15.25

200 OK

73 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/HP8564_M.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
73 kB (72898 bytes)
Hash
ca6fda0b33ffcd4733ba669c8d52c784
0232c5afd2b6fc6c079d1f15b046bb6a9cff07a9
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

HTTP Headers

GET /JRS/banners/modules/HP8564_M.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
accept-ranges: bytes
content-length: 72898
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=DAE17B85604A9AEDE490F4AA5CC1767D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg

104.110.15.25

200 OK

499 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
499 B (499 bytes)
Hash
d0d6851fdc21e63eb57af3709578a0dd
2140b733bc5e6a17cdb8537fa8759e06861cbaed
4145e83a3ccffc44dd543b258d3b9ce64e55ac66c56b8f3c8d15a36875a8fc67

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 499
content-type: image/svg+xml
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=78E12BF7616065CB69FE2285F6B08603; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4952 bytes)
Hash
eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

HTTP Headers

GET /GFC/branding/img/Citi-Branding-Sprite.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
accept-ranges: bytes
content-length: 4952
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=EEED6369A8270F1CF116C944F819F40D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png

104.110.15.25

200 OK

9.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
9.3 kB (9255 bytes)
Hash
c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a

HTTP Headers

GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=BDFBA20EF3804A74C5E86B9809928DC5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png

104.110.15.25

200 OK

8.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
8.3 kB (8272 bytes)
Hash
e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47

HTTP Headers

GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=D96D977F0CE198DF6F6E57536E142746; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

104.110.15.25

200 OK

496 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
496 B (496 bytes)
Hash
28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Thu, 01 Dec 2022 15:38:32 GMT
set-cookie: AKMTLTSID=24653637DA838AE28629F5CDC557339E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669908199992; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=1

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=7a9afcd7293ecc10c88d5c267
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
920992c4818e7d17517e3dfef67a22c1
407b7e56fbb4faacca123af367b6cfdf0b7b2d99
527197c1e55e0b319d64e59070906d60084827233a6d7498cf63145ab665c424

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.1.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Thu, 01 Dec 2022 15:38:32 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1634-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669909113.556120,VS0,VE0
Strict-Transport-Security: max-age=31557600

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.1.175

200 OK

5.2 kB

URL HTTP/2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type
C source, ASCII text, with very long lines (585)
Size
5.2 kB (5197 bytes)
Hash
a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:38:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1668-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669909113.626302,VS0,VE4
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png

104.110.15.25

200 OK

71 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
71 B (71 bytes)
Hash
988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=B6CC83A0683412426694E1FAD874D867; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:38:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=510861,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772ce911db1f0b41-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:38:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=510861,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772ce9113997b524-OSL

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a9afcd7293ecc10c88d5c267

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a9afcd7293ecc10c88d5c267
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7a9afcd7293ecc10c88d5c267 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=1; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2da3169a66331c6747f7ab5f7
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://coprwanda.com/
Alt-Used: 0
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 01 Dec 2022 15:38:32 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTA5MTExMTYzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZTQ4ZmE5NjYyLTA2YTBhYmE0MTc1ZjViOC1jNTA1NDI1LTE0MDAwMC0xODRjZTQ4ZmE5NzViMCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD05MzY0NmU1YzMzYzY4N2YzYTVjNWNlMmVlIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIxMjc0LTk2NmMtMmFmOS1hMzRkLTM4YTUtOGVjNS1kNWY5LTc1MWUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkwOTExMTA1MSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA0MzYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MDkxMTEwNTMsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTA5MTExMTYzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZTQ4ZmE5NjYyLTA2YTBhYmE0MTc1ZjViOC1jNTA1NDI1LTE0MDAwMC0xODRjZTQ4ZmE5NzViMCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD05MzY0NmU1YzMzYzY4N2YzYTVjNWNlMmVlIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIxMjc0LTk2NmMtMmFmOS1hMzRkLTM4YTUtOGVjNS1kNWY5LTc1MWUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkwOTExMTA1MSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA0MzYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MDkxMTEwNTMsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTA5MTExMTYzIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRjZTQ4ZmE5NjYyLTA2YTBhYmE0MTc1ZjViOC1jNTA1NDI1LTE0MDAwMC0xODRjZTQ4ZmE5NzViMCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vY29wcndhbmRhLmNvbS9sb2dpbi5waHA/cHJpbWFyeW1lbWJlcl9pZD05MzY0NmU1YzMzYzY4N2YzYTVjNWNlMmVlIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIxMjc0LTk2NmMtMmFmOS1hMzRkLTM4YTUtOGVjNS1kNWY5LTc1MWUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2OTkwOTExMTA1MSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA0MzYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM0LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2Njk5MDkxMTEwNTMsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:38:32 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-92g6
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2da3169a66331c6747f7ab5f7

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2da3169a66331c6747f7ab5f7
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2da3169a66331c6747f7ab5f7 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c6ef2ca578bdc16d524a47965
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15768
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:38:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15768
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:38:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15768
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:38:32 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5971b787e2a67c9c34a7392f2f3a70c8
c856f62bff907d4b20eec8a030acd40bff01936f
78dee3617a732e9965a78793f8eb7a1866388479154e8a0649420554593134bb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=89517
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:32 GMT
Etag: "63878525-1d7"
Expires: Fri, 02 Dec 2022 16:30:29 GMT
Last-Modified: Wed, 30 Nov 2022 16:30:29 GMT
Server: nginx
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 63992
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12898 bytes)
Hash
820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 64262
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 63935
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 74426
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9459 bytes)
Hash
e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 81031
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 35596
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ef2ca578bdc16d524a47965

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ef2ca578bdc16d524a47965
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ef2ca578bdc16d524a47965 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6377594e258306c7ce6c77d31
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

1.3 kB

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (1330), with no line terminators
Size
1.3 kB (1330 bytes)
Hash
2a38d6b177c72607e72e78e13045693e
493e399bd8aa592806f7c253c8cdeeb4fb307fda
e4029ab00e1117a41d371c7c4aeac3b0788145e8d71280b68bad9324cc17ae55

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 743
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 1330
date: Thu, 01 Dec 2022 15:38:30 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 41d39f9c-bc25-4845-83f7-3b794455290b
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html

54.230.111.103

200 OK

221 B

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP
54.230.111.103:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 07:42:43 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: F7e0Vl6GSUAUgGdGVaF2UX2MG8RjZWncl64pfMFRMitVOBQCvnDHAw==
age: 28551
X-Firefox-Spdy: h2

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html

54.230.111.34

200 OK

221 B

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP
54.230.111.34:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:37:34 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -tvBFmCxiRakMk2m2pOIwe5MsMhwABdQJgZ5pxCAeP8ImtJFoXVwoQ==
age: 25260
X-Firefox-Spdy: h2

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.103

200 OK

3.2 kB

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.103:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Wed, 30 Nov 2022 15:52:59 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z_FJQ5jcIHN1MVPvS6HJWBfh_5__h1tbtd9GJxeP20rXgHveLWV3hg==
age: 85535
X-Firefox-Spdy: h2

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.34

200 OK

3.2 kB

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.34:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 23:00:06 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tBeZ7OVbX9Aj_5-bZeN5CWgFcmO8XiyPlKGnvnoOiuX1lKvD7dya4g==
age: 59908
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:38:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=505729,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772ce9151ded0b41-OSL

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html

54.230.111.21

200 OK

221 B

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 09:33:10 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rWr5ymmPlzNp44fx4RUUIzSi9HK3Kl2cy3zMeRodCN11QCxIbAhqpA==
age: 21924
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6377594e258306c7ce6c77d31

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6377594e258306c7ce6c77d31
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6377594e258306c7ce6c77d31 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a4daf17a2415a445fa57caf87
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.21

200 OK

3.2 kB

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 08:56:21 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O_LOVGzAJAxa11xwRmFyeHh2lm37D5CzY2MqlFxCvCjmP23qWDWkzg==
age: 24133
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2127bde04ad44ce578c974ce17014430
0671da7ac6281e7666378aec875006158b784931
e7353f4f5fdb557bbc3ed7b6c74c9a79d1bb7ef966f5bd471382feb82234bd93

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:38:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a4daf17a2415a445fa57caf87

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a4daf17a2415a445fa57caf87
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=a4daf17a2415a445fa57caf87 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=139f005e02d619e9fd734485a
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

142.250.74.174

200 OK

3.7 kB

URL HTTP/1.1
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3328)
Size
3.7 kB (3715 bytes)
Hash
73236bdc5a1fe8feed3c3e63b4a381bf
cf4e3d92ba40c754a2a7308afc130db3385e12da
4589d41af3819becf09b30d43ed0f5d467bf2c7c315c28b4d99285cf61ddc546

HTTP Headers

GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: gws
Cache-Control: private
Content-Length: 3715
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

coprwanda.com/favicon.ico

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/favicon.ico
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=53871b9da769085a932156b5e
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=139f005e02d619e9fd734485a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=139f005e02d619e9fd734485a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=139f005e02d619e9fd734485a HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e7242ac14fdf74e9bc8666dd8
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e7242ac14fdf74e9bc8666dd8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e7242ac14fdf74e9bc8666dd8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=e7242ac14fdf74e9bc8666dd8 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1d087e5c71b21b41a1de08379
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1d087e5c71b21b41a1de08379

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1d087e5c71b21b41a1de08379
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1d087e5c71b21b41a1de08379 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=416353feeace84ab744545302
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/login.php?primarymember_id=53871b9da769085a932156b5e

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
coprwanda.com/login.php?primarymember_id=53871b9da769085a932156b5e
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

HTTP Headers

GET /login.php?primarymember_id=53871b9da769085a932156b5e HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=416353feeace84ab744545302

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=416353feeace84ab744545302
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=416353feeace84ab744545302 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6cae474be246e9c21ed77f786
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6cae474be246e9c21ed77f786

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6cae474be246e9c21ed77f786
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6cae474be246e9c21ed77f786 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1b1750e7901a38f5a50ce6a72
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1b1750e7901a38f5a50ce6a72

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1b1750e7901a38f5a50ce6a72
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=1b1750e7901a38f5a50ce6a72 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ac9527f71839a7aee9edd6823
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
5939dcad2625b526bafe941a027749d5
db200830b01ea46a831429590d328a523a3045ab
9688547267feed506a6ae59778a779b1c386e8ac0acc6d845e8de38374676920

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3096
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Thu, 01 Dec 2022 15:38:30 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 6be91d35-6804-487c-9588-157d9463a361
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ac9527f71839a7aee9edd6823

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ac9527f71839a7aee9edd6823
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ac9527f71839a7aee9edd6823 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9acce75f8eba987bfd357442c
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9acce75f8eba987bfd357442c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9acce75f8eba987bfd357442c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9acce75f8eba987bfd357442c HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b5f9d6844f1d61da53a650aca
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b5f9d6844f1d61da53a650aca

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b5f9d6844f1d61da53a650aca
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b5f9d6844f1d61da53a650aca HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=55bdbc2840243a1c6cb20fc45
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=55bdbc2840243a1c6cb20fc45

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=55bdbc2840243a1c6cb20fc45
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=55bdbc2840243a1c6cb20fc45 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c9c4fda29f690827fca8e75df
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c9c4fda29f690827fca8e75df

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c9c4fda29f690827fca8e75df
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c9c4fda29f690827fca8e75df HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b0eeb40a05e242bddbb74565b
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b0eeb40a05e242bddbb74565b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b0eeb40a05e242bddbb74565b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=b0eeb40a05e242bddbb74565b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=3fd15cfc6934882867dc5297c
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
cb6524f4cf4b48974abead654bd94802
1069cdd68fbeb69bd46a438f231b6e89aefebe8a
08826e30a15aa4bd1615232a8181f7facf7cb877d34cc96c4f69705015033063

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1072
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Thu, 01 Dec 2022 15:38:34 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 21984fa2-5552-4576-b3c6-90f132b41e61
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3fd15cfc6934882867dc5297c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3fd15cfc6934882867dc5297c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=3fd15cfc6934882867dc5297c HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9112d7d193fb0374bce8250b0
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9112d7d193fb0374bce8250b0

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9112d7d193fb0374bce8250b0
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=9112d7d193fb0374bce8250b0 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=ce41cfa174848848886735f3d
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ce41cfa174848848886735f3d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ce41cfa174848848886735f3d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=ce41cfa174848848886735f3d HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f062cb3bead14898b97f275b0
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57

13.89.105.232

204 No Content

0 B

URL HTTP/2
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP
13.89.105.232:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/sendLogs?cid=cedric&cdsnum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 852
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Thu, 01 Dec 2022 15:38:35 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://coprwanda.com
Connection: keep-alive
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9
Content-Length: 0

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=847438234f4dc520812f48bbe
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=847438234f4dc520812f48bbe

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=847438234f4dc520812f48bbe
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=847438234f4dc520812f48bbe HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=78d5e03e4115dd55efebe6169
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=78d5e03e4115dd55efebe6169

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=78d5e03e4115dd55efebe6169
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=78d5e03e4115dd55efebe6169 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0fdb0fef5d5d2d705c28835cd
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fdb0fef5d5d2d705c28835cd

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0fdb0fef5d5d2d705c28835cd
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0fdb0fef5d5d2d705c28835cd HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8705c9f15dfc4c60e2455b0eb
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8705c9f15dfc4c60e2455b0eb

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8705c9f15dfc4c60e2455b0eb
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=8705c9f15dfc4c60e2455b0eb HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=4f45be6c00f51a988e33903ba
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4f45be6c00f51a988e33903ba

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=4f45be6c00f51a988e33903ba
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=4f45be6c00f51a988e33903ba HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8305c5222956909b9ea829432
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8305c5222956909b9ea829432

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8305c5222956909b9ea829432
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=8305c5222956909b9ea829432 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=76d23713879283e0a0f6d93be
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76d23713879283e0a0f6d93be

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=76d23713879283e0a0f6d93be
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=76d23713879283e0a0f6d93be HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=eeb90f2f95e6b02a81b668f33
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=eeb90f2f95e6b02a81b668f33

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=eeb90f2f95e6b02a81b668f33
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=eeb90f2f95e6b02a81b668f33 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=01412c56f7491ad6a3bebe83c
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=01412c56f7491ad6a3bebe83c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=01412c56f7491ad6a3bebe83c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=01412c56f7491ad6a3bebe83c HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=29ce796571ff88fb27bea7dc3
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=29ce796571ff88fb27bea7dc3

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=29ce796571ff88fb27bea7dc3
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=29ce796571ff88fb27bea7dc3 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0ffb7e8015756eee1657c72ce
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0ffb7e8015756eee1657c72ce

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=0ffb7e8015756eee1657c72ce
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=0ffb7e8015756eee1657c72ce HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=b5fdca4da7a2d46255d77bee5
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b5fdca4da7a2d46255d77bee5

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=b5fdca4da7a2d46255d77bee5
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=b5fdca4da7a2d46255d77bee5 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=905a23b68698dd0edba490e02
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=905a23b68698dd0edba490e02

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=905a23b68698dd0edba490e02
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=905a23b68698dd0edba490e02 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5772ed77e7ad0bb0cbb14302b
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5772ed77e7ad0bb0cbb14302b

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5772ed77e7ad0bb0cbb14302b
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=5772ed77e7ad0bb0cbb14302b HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=af95537353ac71d5b47c58637
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=af95537353ac71d5b47c58637

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=af95537353ac71d5b47c58637
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=af95537353ac71d5b47c58637 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=54cf4f6fc4d2c462d41918bdc
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=54cf4f6fc4d2c462d41918bdc

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=54cf4f6fc4d2c462d41918bdc
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=54cf4f6fc4d2c462d41918bdc HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5c91c4a1bb7411b94901973a5
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5c91c4a1bb7411b94901973a5

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5c91c4a1bb7411b94901973a5
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=5c91c4a1bb7411b94901973a5 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bf03bba3b5dce691123d24979
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bf03bba3b5dce691123d24979

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bf03bba3b5dce691123d24979
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=bf03bba3b5dce691123d24979 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f4e4f8fbf67426b9895d81f25
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f4e4f8fbf67426b9895d81f25

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f4e4f8fbf67426b9895d81f25
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=f4e4f8fbf67426b9895d81f25 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=17b48dafaed197bee2b7340f5
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=17b48dafaed197bee2b7340f5

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=17b48dafaed197bee2b7340f5
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=17b48dafaed197bee2b7340f5 HTTP/1.1
Host: coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://coprwanda.com/login.php?primarymember_id=93646e5c33c687f3a5c5ce2ee
Connection: keep-alive
Cookie: bmuid=1669908199634-709E13F9-94FF-4A19-95E8-F883988826D9; count=0; kampyle_userid=1274-966c-2af9-a34d-38a5-8ec5-d5f9-751e; kampyleUserSession=1669909111051; kampyleSessionPageCounter=1; kampyleUserSessionsCount=2; cd_user_id=184ce48fa9662-06a0aba4175f5b8-c505425-140000-184ce48fa975b0; cdSNum=1669908201930-sjn0000935-a4dcbfbb-d08f-41d3-99a9-e7b8a747626d; cdContextId=2; PHPSESSID=d4fc414ab454fd12a62dd021d4b497c9

HTTP/1.1 302 Moved Temporarily
Date: Thu, 01 Dec 2022 15:38:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=85250ef0054c70cc3adf388c2
Content-Length: 0
Keep-Alive: timeout=5, max=34
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2415
content-type: application/x-javascript
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=ED6567C049004A33E1F9FCCBA3129F27; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Thu, 01 Dec 2022 21:38:31 GMT
date: Thu, 01 Dec 2022 15:38:31 GMT
set-cookie: AKMTLTSID=41BA39D57F2EE19FF495A4A52D5E70AF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (50)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations