Report - mail.coprwanda.com/login.php?primarymember

Report Overview

Submitted URL
mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
IP
192.185.105.9
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-12-02 09:53:34
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citi
Phishing - Citi

Detections

urlquery
88
Network Intrusion Detection
0
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
bid.g.doubleclick.net	497	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	488 B	809 B	64.233.162.156
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	6.3 kB	151.101.193.175
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	2.3 kB	192.124.249.22
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.8 kB	93.184.220.29
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.8 kB	104.18.32.68
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	820 B	96 kB	142.250.74.164
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	666 B	1.1 kB	142.250.74.98
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	46 kB	34.120.237.76
contents2.00110.citi.com	32534	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.6 kB	52.154.174.214
1.a79ab95c1589a13f8a4cab612bc71f9f7.com	75111	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.57
1.b406929acabac9b095f124c81bdfcf57f.com	75277	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.12
online.citi.com	23902	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	29 kB	1.8 MB	104.110.15.25
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
stags.bluekai.com	471	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	426 B	23.38.201.22
1.c81358859121583b7adf2ace89cb39f44.com	75217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	4.4 kB	54.230.111.34
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	970 B	444 B	35.190.60.146
6260004.fls.doubleclick.net	87165	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	672 B	1.2 kB	142.250.74.6
cse.google.com	2642	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	318 B	4.2 kB	142.250.74.174
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	9.1 kB	142.250.74.131
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	902 B	67 kB	151.101.65.230
adservice.google.com	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	674 B	947 B	142.250.74.34
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	485 B	35.241.45.82
di.rlcdn.com	2196	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	192 B	35.244.174.68
www.googleadservices.com	107	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	16 kB	142.250.74.66
contents1.00110.citi.com	34217	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	216 B	13.89.105.232
mail.coprwanda.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	38 kB	146 kB	192.185.105.9
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.35.190.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0ba17ae786251f58c6fd4609f	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6ab8b25c622e1362a04a16cab	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d109c72eee19c1456a6168337	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6aa41d5d74f22ac7a014bb1e	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5177fd329d9434a2fd850432a	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=338f5f372d885fbd81e843066	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=85157b7171eac6de6b0413796	Phishing
2022-12-02	medium	mail.coprwanda.com/login.php?primarymember_id=0d489a6d613046f91fb817dbe	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2365c4039cc728da9dfb62105	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=918d44332d424ef70439abba0	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cb69bd12eb8549ce5e41c3dc	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f83f9a08baaaf491641652ca9	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd542aa5993ff8b85b699d968	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5edf82725296fb0f4cfc437fe	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=411cb5cef250081a5ff4ab1e3	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=425903f7284629d2dffb981cd	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dbc55773c40e190c0c20177b2	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ba3500f674b3682f248365a	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd9ce55b0fafc3ef41a88daad	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=659775d0e45175c0abfb40b8e	Phishing
2022-12-02	medium	mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=540ffcce26e784d0345ae5cbe	Phishing
2022-12-02	medium	mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (51)

	URL	Size	First Seen	Last Seen
	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js	3.0 kB	2023-03-07	2024-02-11
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-02-11 09:44:08 Times Seen1 Hash 1130041570009de4132935c54abacb7d 767afd3e881378ae9eee4c9f6e705022c17a358e 694c74b00db3aae929ade1622b456591187454fd61f06daef7fca081b01adc07 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js	9.1 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen23 Hash 828b253bebc00cf5985f885442fa5ea8 9f02b35e1acd3be7f6063693fd6e31d4fe010109 eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js	183 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:33 Last Seen2024-03-02 02:18:11 Times Seen29 Hash a497892176b1cbcfd5db73c7735fb9ef 76972967db9fd2e8276eafb00b04899b8f9bb6db d57c8034f9c12aa3ce626c9ed1d61a4bb0941c3ef320bb59346f20496fb0096a Loading...

	online.citi.com/passivebio/bcsid.js	947 B	2023-03-07	2024-03-02
Pretty URL online.citi.com/passivebio/bcsid.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen22 Hash 502011c839f5e3bbbdf1003b724e06be d038be2dc3b9e0472222e530a6939f7ebe1f474b 7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	1.4 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bd392e918e0e8f71f814f5a4553a6ead 2eb7f3a1108af3e041fbb338376a313c73611026 c8deb517a69abf7d437eba4b4e4915f30afd61faf052449f014e8cafc7129e15 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	2.2 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8eedca5e0fcb1a64188322773e36df8f e432b6c6b69b3cacfb651c47ae491e0639ff451b 68c52647c1464b6ed288e2f0599fc247410d6f1aa1ef55f2f38a5b97b86cc704 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	6.5 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash f15ea50d63999ebf748246ffa6809deb 3ab1fd500e2c2ebaa7b6cacd40558f72b3db819a 145cd772b8f26c7980cc0e655ae0d338eba3e2c9312f98682c20fd5d52aa0a55 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	487 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash eae83f0684e7579652eb0933e38369e9 12d00f19d6d36c928c9d2b70b4c6f7b2e6846e0a 2d71826129cbe83e37a07a4d9c204830f4973e601adcaa8683a741d992e96a24 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	359 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b12406eac48ade2690f28ac5c9f718dc 57c0461b4deb5149b8f0e858f5f5229458fc8b0c 142489ac6853636288983970739a610112ef91ac6043a389995fe55af272902f Loading...

	online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js	1.0 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash e60f5e310d559ee60d3247be9d5ca100 34e78dc5b40ce2a94567389bfd6e04abf43b90b9 9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead Loading...

	cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu	10 kB	2023-03-08	2023-03-08
Pretty URL cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:35:45 Last Seen2023-03-08 14:35:45 Times Seen1 Hash e1d4d6d51628fc2b8f0f407c8246ce2a a3bee603d78b88c0487a0d77778e24eb3dd6759b 5a38f3a39ef237c47fb32b429b8e6da7b0dd8dce4604f879102ecc54ad06957c Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	5.7 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 372c44408865733816a82d39409c0b30 85316d59e1d674e0dd03a7f0feb5d8c2b611001f 4f56b58340bbcff64bcbd1d6705293f8f68fdc68ae08c4d47f56522444cc7dd9 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	861 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 3b39fb878bb8cc0ef702b00f28ce06a2 1800f2414e094aafbc22d21f887e2c2ae0936c39 1a26e59588d3cb2703eca3a097a8ea943076219db045142fdaa1079f5077326c Loading...

	1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html	87 B	2023-03-07	2023-04-05
Pretty URL 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html IP 54.230.111.34 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2023-04-05 01:48:21 Times Seen54 Hash 2e4d7d52e5909922bf021f1cc09b8932 dc20df92c388423464243e53c7a378f0016effc9 0242c236e7c83d9c9d5281fc2614b82c4bf516e7e2552c4e042ecbf9fcf45027 Loading...

	online.citi.com/JSO/js/fp.min.js	15 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JSO/js/fp.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen40 Hash e0bd1cc6312c34c2d4a57142ef0a7b08 02ce3ece5c0f0a50f473c46380aee484467453d0 c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	78 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 349e88b7caa0dff4eaf84621885aa4f3 4d887106cc4facf29b36c387a6804f1cc9248654 9db261bd1461cfc312dd6f9c4bc524a49091d299e4391c63877032b55f2596a0 Loading...

	1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js	3.2 kB	2023-03-07	2024-04-12
Pretty URL 1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js IP 54.230.111.34 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:16 Last Seen2024-04-12 17:43:01 Times Seen5046 Hash 9ee48a4da9c402e8a23ad085fb71f28f f0c59306d6313f9bee02b53ca8903991bd24bfd7 9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	712 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash 71382f8e6ef9bf2ed5d915ae803c5c7f 0c64d7a89e77aa6b2325ca12b8fe87548d6b2850 2c2cdc3431ed006f6ec8457b9c0718d0e1ca18839e87b9de7fb3b3f1661b4329 Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 14:50:34 Times Seen37020905 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	online.citi.com/GFC/branding/responsivebranding/js/main.js	34 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/responsivebranding/js/main.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash c0ddec2b38e31940c334f2484005e156 6400269d39b45e4a70747dc53dee46a4847c5de3 9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda Loading...

	online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js	13 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 67fd9bb7be1fea04c09753fcdab15974 207b8cec60851c99ebdda47a19cd8a032acc0c47 b95fb980f8f91f1c113d3411d3fbf608e143bf4d10fe0706bb6d2231f13bd228 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js	1.1 MB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen33 Hash 36dd6995b2089c93edfaed3f77c59cfb f5341738181b082a331d8cf28f1d22a684c18a8b 4061018b43e420a8f4513629af7dc6c78465e9f9d42c13c97104c637c2480f25 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	684 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash b380284e2b4750a3f8510c3f26e3b560 2283ef2ae152c81fb1a5d606562708d09ed4d19a 8d91289c12695cf4e74f0a67724c8d857f5dff3e39dbe51b9c7b7d1389c7814e Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	169 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 41f78ec36c8e88fbf2baaf7035a8f84f 1545242efbd33a18adf2b0645decdc0c20d31e5d f22d5a40edfbfba3e5a6197f9eb94801f8402801e2ef2822dfd24ebb4022c49b Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	1.2 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 36aa1dfcdce2b986fd9f0db34c4fa706 d08814a707dec3e918bab14f17667fbd9d97d252 899f1b5bb146380ef5919bbc7e765fad6ee9ef236df7dff4db370dfb19e70f98 Loading...

	nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js	14 kB	2023-03-07	2024-04-03
Pretty URL nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js IP 151.101.193.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:04 Last Seen2024-04-03 19:28:22 Times Seen175 Hash 80dd5e3be5152c5c72d552c6a26ef6ff a019565ce06f5b1c129af9ac0e9cfa82f52dcdea 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-08	2023-03-11
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:43 Last Seen2023-03-11 23:52:27 Times Seen1 Hash aa380446f88c1288203b55faad15a0df 6724fbaffe1828ffd0ffaa56769630709b2fdfad 4f0fa35c5a44677cc0a678f03795032aa862275dc29e978a84a2ee41ef267c10 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	8.8 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen14 Hash 90f96fe21a87fad1db5e9400e1dd4992 04bf5396b008ed5c09f975a0ac4439daeb0a7c10 7281fd5f764158ae3ddd8d3745d09c71f32c8459ed2cb07cc9098279f06e9f5d Loading...

	online.citi.com/personalization/peworkflow.min.js	5.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/personalization/peworkflow.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen22 Hash 95e4214ba481e0482f80ba7f16966e5b 59a2c377906e189d7f4a962f76f427eb6f1edc79 690146b8ff7699810daa66f43ce7d006f74a143dea4a27bb0cb9c054dddadeee Loading...

	online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js	135 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen29 Hash a8808b09fb0becb59791f0dca3b44d36 a68ca6466427c153b077bd2d8028270b157f0a1a 0ed28149098ff4c10fe73564f0808527cc9ab60e4abcab1f05a5d02588e6a9ad Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	357 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fbf9db9d94876430883163dc4daf526 750066ce478bbe33c8549eba66f1b5d904887cdd a48f476e46cb1bf35c51fd3d0e2bd13934be3d651578dfd92d58031a604f3ab9 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	51 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash a3b9a45219bb8e76e0b6428a3c2252a7 f3acae083611bddf944dd5b99ffc9401ecb29411 d0a5a93cb1f2f7daefdf72c4da8680aab2c242b9cf555052afa9c0cd56917f07 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	435 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 8c44d43f489e4df9faf23c5f7c082749 587508ee3c25156acd49c1c5381183cf28cde15d 4516f2146b415294de73a3cfdb656e831c1f768ed83e02e0523ab0e3b62ead7c Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	169 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 66ca5e714ab1f2abc641e1a7d48f8718 9c1e2c0ba39d05d105c37bf884bc1a3f2bc9cbc3 76dd133f3a42824740d3c84f9420ac45c4626dc34ae2fde827bc48c63361ee46 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	494 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 0d581029ec07c06226cdb87413887e8c b43ebbb551358c7d2ffaced6599b09a4f471d635 68eb0c8baed5acd7a6f96d01c70ab092f24705d05f6ac63906e03281c8648da4 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	5.4 kB	2023-03-07	2023-03-26
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2023-03-26 11:20:09 Times Seen3 Hash ccc559ecd3592536380cada140c43a86 6c31ba55d693e0327c8be6aab39264045dfc89d0 9fadbb54ce0d3d5250f3a6e96ea0dbb5bc729f7936c56bdb606bb2310ede0b57 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.65.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js	341 kB	2023-03-07	2024-03-02
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js IP 151.101.65.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen30 Hash 57e6c47a533050c63dc8fefbdeb401d1 384b0c3188bf21009774f315582622256803305e 78af61897fafb5a82b787273472a93de723186b17f46ed315617c70ae2b6a6fe Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	55 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 6fe2b22226d89eba331c98169afbe248 5d6863f5b3b2ead7cda62892a357f54453f32e9b 7f06045984d0bd219b82b6f040069ed2e2e1c06209db06ba3573a146628970b6 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	3.8 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen15 Hash b7c621311d20eb07f9505c83f2e93a78 7e88e8057e7ff83e4debfc93f9003ec7b6057de7 3e8e3a7b51aa3cb440686ef7fa0309f2bb8e348f89e37819481dc7629f7868c9 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	1.7 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d6d17a43da3e8376e35530332e97ca5a b4d7317b19925744db8006d3607847291b8c2d11 89d52e9a2628894ca01a5df1ae1e1837d8d1845687c97f70626835be863ef80f Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	60 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash bc7247cf39fab48b4350f02e88aeb96f 4d23a7bf9ac7b5e035ae05b03ec4d332fc8feaf3 f44ae2b913df243a9f434e4843f12c6fbd219bafe09e404ee33c2099fd5a8d2f Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	1.4 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 523300c546ce8ca360e71c0fb0dd814e 02f79ba80ee8c0382712f839f96bc756d26ccf00 aed2528851ae42ae6d46422c6ea1f1a4f80f5a12d8da6ba4faf47ba31d535f00 Loading...

	online.citi.com/TMX/TMXProfiling.js	1.3 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/TMX/TMXProfiling.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen34 Hash 0ff04f7aa700fb377b4a1a7f9f431b21 32f63ce9172fad37c97fe3d680373a5247c2bd54 157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	55 B	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash d5f6a35c544a7ddd317d05e7269f2d91 261918e10ca6bcdb237e0721f18f9ff7bb17c661 c2cc4fb4f8c58dc26361fa9861e3f0a8c37f575e9a01ca6ab41918933a45f73c Loading...

	online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js	6.2 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen33 Hash 42dcf708ed86de23deaaea0446fd9c38 1d25fe5aea16f13a83452f02be95bec22af3b5ac 629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38 Loading...

	online.citi.com/GFC/branding/olab/js/oo_engine.min.js	43 kB	2023-03-07	2024-03-02
Pretty URL online.citi.com/GFC/branding/olab/js/oo_engine.min.js IP 104.110.15.25 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:11 Times Seen31 Hash 9cf707489677b29ec6136aa27089ba09 5b37eb42f3a40a12670240452ee73f62f92b2fb2 1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2 Loading...

	mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4	1.5 kB	2023-03-07	2024-03-02
Pretty URL mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 IP 192.185.105.9 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:21:32 Last Seen2024-03-02 02:18:10 Times Seen16 Hash 80225a3b19dfe27804d23ede3e982551 48bc3baa82a3339b937f30c04a30296654a1e998 ca689295a05fa095b9c7805118d78203b18020fcba72a0b84b819eaf52e042b1 Loading...

	www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D	310 kB	2023-03-08	2023-03-12
Pretty URL www.google.com/cse/static/element/f275a300093f201a/cse_element__no.js?usqp=CAI%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:21:46 Last Seen2023-03-12 17:38:18 Times Seen1 Hash cd4dcf60325693e64ff3fe71cfb84a58 e724160941156849e66b5cec3d0fd0dbfeefd266 535b8af88e270a20f4ae2174218d6b90ffd7fb780215a2f911629455d6c8201e Loading...

HTTP Transactions (181)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14316
Expires: Fri, 02 Dec 2022 13:51:58 GMT
Date: Fri, 02 Dec 2022 09:53:22 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1286
Cache-Control: max-age=89956
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:52:38 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 09:19:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2008
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11281
Expires: Fri, 02 Dec 2022 13:01:23 GMT
Date: Fri, 02 Dec 2022 09:53:22 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: cM47jJGH2MnIM+9hQdCTye+2FaeuLmLbEaZIJIlzghQs3FMg5An+AA2YktG4S9DkboiUKIK6kBw=
x-amz-request-id: SCYK4QPNEKDDJVX9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 09:46:39 GMT
age: 403
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 09:53:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:22 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 413
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Last-Modified: Fri, 02 Dec 2022 09:46:29 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9017551118f933b99e215c8a4a8cfe15
3c7477adccaaa4deb8e14c69059e7e8b4622a54d
b1f47d3a19df0772e3976ffd2580889d5cefc310c34a94d6284260269b0126f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 413
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Last-Modified: Fri, 02 Dec 2022 09:46:29 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
315873c315af2be891e63f8b421bae65
5277bb0c4fea2b036c6faf28d66395c96166ffd2
3f6657d352a42f8257409f2ed365a3fb928ac3eb74a34a2c74a433290182cc92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D

142.250.74.164

200 OK

92 kB

URL HTTP/2
www.google.com/cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1560)
Size
92 kB (92399 bytes)
Hash
9aeb1c4b79656b106c74f75f0659e55e
fa088f735b11435c1898df5d8de153e32973ad4b
860254f9f9946d31e68a5864324badfd3bbb8dc8e8b95f7569cd911af2db602d

HTTP Headers

GET /cse/static/element/a57bc5975bc720b0/cse_element__en.js?usqp=CAM%3D HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 92399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 10:27:45 GMT
expires: Thu, 30 Nov 2023 10:27:45 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 08 Jan 2021 18:04:24 GMT
content-type: text/javascript
age: 170737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/cse/static/style/look/v4/default.css

142.250.74.164

200 OK

1.3 kB

URL HTTP/2
www.google.com/cse/static/style/look/v4/default.css
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.3 kB (1345 bytes)
Hash
b33c65c5c815696bed8292c172185bcc
d2c0eceacad1f57b25621dcdb32659c5dc6b8d9b
f5ab6924cf65ae4dc61dca35d096fa272f8b4937b733b5eb46d36af396884132

HTTP Headers

GET /cse/static/style/look/v4/default.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-length: 1345
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 09:23:11 GMT
expires: Fri, 02 Dec 2022 10:13:11 GMT
cache-control: public, max-age=3000
age: 1811
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png

151.101.65.230

200 OK

2.2 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
IP
151.101.65.230:0
ASN
#54113 FASTLY

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2219 bytes)
Hash
f72de0072180995cddf091ec1c481fc8
8da0419580ec8ea996ff617773a822ef6a1ce470
02bb7267eb1cdf51db8a9db0014dd48f4debe6f7d344a6f8a0f06a428d6e0068

HTTP Headers

GET /wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: CzFPP1gPCjs7z/KInii3GcX3SmlJUbqd/NqEjWdfODbqZAaxudqAHEH+F4NlY3hcO7Dj4Gn/MhA=
x-amz-request-id: RNGYKGZANXNHS89D
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-type: image/png
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:53:22 GMT
via: 1.1 varnish
age: 879769
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669974803.905613,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 2219
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js

151.101.65.230

200 OK

63 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1608054710811.js
IP
151.101.65.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (44679)
Size
63 kB (63129 bytes)
Hash
2814704ecc428325d52a842115a2ffdf
9c979060cdc471ee3dd6d71d0f586a7433158453
c75bc14a20adf4a951aba27b721f23e9b3c97cbcb4caeb249cdc63fde3997cc3

HTTP Headers

GET /wdcusciti/50/onsite/generic1608054710811.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Hlqd9JB84o75ey9+s41yk6BUDnxKajiI2JUmsGUUQqV5jw1SfqSE1lb8hW4xZN4HXRR/xQDXOBk=
x-amz-request-id: 28WE2YFD6404A5RC
last-modified: Tue, 15 Dec 2020 17:51:52 GMT
etag: "57e6c47a533050c63dc8fefbdeb401d1"
x-amz-version-id: Kqi2p6FS.A2AzLCJok5fsBD_5A7fWxpm
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:53:22 GMT
via: 1.1 varnish
age: 68404
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669974803.905474,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 63129
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 09:08:57 GMT
cache-control: public,max-age=3600
age: 2666
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css

104.110.15.25

200 OK

3.7 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.7 kB (3733 bytes)
Hash
912d79ed2801e57d08c6fe076d791333
aa0e1edb751a7cbff5e9ff67b948166605e19910
61984a0de22199c83dba3ac7c03e8df7cbb78f61c2de7fc6484be0fba7f14069

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_footer_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 10:48:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3733
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=4564CC552961F3FDB431BD97D5183B84; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1278
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:23 GMT
Etag: "63886ea9-1d7"
Last-Modified: Fri, 02 Dec 2022 09:32:05 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

online.citi.com/loginpage/styles/homePage.min.css

104.110.15.25

200 OK

5.0 kB

URL HTTP/2
online.citi.com/loginpage/styles/homePage.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (24793), with no line terminators
Size
5.0 kB (5046 bytes)
Hash
8b55e445be9cbbed1fff212136bf5ec4
02e215ee8c3c5f71406405a28d4112c0eea3646b
e666c4da016428bb9aa82c5e9dd9634d5731083b226e353148d28a9e1948c506

HTTP Headers

GET /loginpage/styles/homePage.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Oct 2020 18:02:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5046
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=7BF5F7C2ED6C90C10BFE7CFC275D2A93; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

104.110.15.25

200 OK

2.9 kB

URL HTTP/2
online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5928)
Size
2.9 kB (2905 bytes)
Hash
f687e0142c1437ba2f920f3cde133177
d53df064865303d36b7a7ca9624d83214da9aa99
8e39f40e7aedf48d72d8a4f79433fb5482da163fad5aff81159284d7b461de05

HTTP Headers

GET /JFP/js/jquery/plugins/jquery.tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2905
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=C440331430B624547801FAC69119EAFF; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css

104.110.15.25

200 OK

337 B

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1265), with no line terminators
Size
337 B (337 bytes)
Hash
7c863f08763bf3f9d76db3fc6135da51
6560f78733d9b78d550d8425b29f06c1c764189d
a4dc2655e535dfee0176ff9bc947cf1aecf63bb2a248eaad894f58d13591d24b

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 337
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=C015EDF8B4076E24442FC75BBE7AD4A2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

104.110.15.25

200 OK

899 B

URL HTTP/2
online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
899 B (899 bytes)
Hash
1966ad93ef6524d8032dfc706eb33b8d
ed84d116e24a1f38cf7daa0eef09d51afab433bf
61ccfaf0350644ee02e12120c193cc703650c91f17c0234cce660c921c22d4e3

HTTP Headers

GET /NCCS/smartSearch/css/cbol-smartSearch.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 899
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=A23D6DCE04E10625766E3A9C1D0787EB; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GPS/portal/css/cobrowse_overlay.css

104.110.15.25

200 OK

1.6 kB

URL HTTP/2
online.citi.com/GPS/portal/css/cobrowse_overlay.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.6 kB (1597 bytes)
Hash
48d658b8e5ecb3ec1db77b31735e6da2
264844b13d54d13baae71d535ae8c081db1552ab
f9a68c464770e4a1a293b4d08a53551600152672b531a0a64fe1ed1431f2d449

HTTP Headers

GET /GPS/portal/css/cobrowse_overlay.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1597
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=14A3D8A4B670CDB7B7929C57A2305169; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

104.110.15.25

200 OK

65 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (65509)
Size
65 kB (64910 bytes)
Hash
68cdb850dc7512e716b12ec17fcba622
cb82a9575b355ae1833085e6362cc0a1089ccc90
37d98491fbeb36c9df92570d875530129c1698b03852c3fbb71832db58a56e4d

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/vendor.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 64910
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=6ECE196557755244555076EC5C4D2922; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

104.110.15.25

200 OK

47 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (900)
Size
47 kB (47322 bytes)
Hash
c4a8e37990ee3bed5731c868053cfe48
000d710b7e21c8d980552b494d76a06fc729d55a
403cb63effef69a095bb15cb147c3d8af4a0f35e8e9430486565f81d545b3cbd

HTTP Headers

GET /GFC/branding/responsivebranding/css/main_branding.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Thu, 08 Jul 2021 15:43:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47322
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=51CBB55EF4EDE02CFCA128F04C186BAE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css

104.110.15.25

200 OK

15 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (342)
Size
15 kB (15298 bytes)
Hash
7584f29c3065db5d69256920d340f479
d6198dafe36e3ffde03aedb334123a0d096649e1
81538cf3a3fd0ff0dde297332b73edebaa76e68c437628f2ab16d66b0a97afae

HTTP Headers

GET /GFC/branding/responsivebranding/css/branding_header_v2.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 03:56:20 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 15298
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=05E60F6C95631CFB569280673E9F8986; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/css/main.css

104.110.15.25

200 OK

7.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/css/main.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (47574), with no line terminators
Size
7.3 kB (7313 bytes)
Hash
3a57d907c91d4af48687e9612624e322
4c5f56c2e6951c83d8d7a66895c042b10cca61a3
785a920d518e6cc032e88871480d0e558a1397c1ed67d90e24d1b2eb2c2a0682

HTTP Headers

GET /GFC/branding/responsivebranding/css/main.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 29 Sep 2020 09:55:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7313
content-type: text/css
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=D6B504DA3CA508322385093B9BE08CFD; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JSO/js/fp.min.js

104.110.15.25

200 OK

4.3 kB

URL HTTP/2
online.citi.com/JSO/js/fp.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (13962)
Size
4.3 kB (4322 bytes)
Hash
37d4fb4fc0d34c9d949447294c5896a2
813a89b7c7da1d1090e9d70a4b683713e47ffc20
434bec7136e03611151aad7e839486bcc95abdb5f1ad7eb8e66d1a10b3375982

HTTP Headers

GET /JSO/js/fp.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 4322
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=E1176FA91789AAA64CBAE15549BEF600; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/bcsid.js

104.110.15.25

200 OK

427 B

URL HTTP/2
online.citi.com/passivebio/bcsid.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
427 B (427 bytes)
Hash
62fc3ac7ad723e5bd299defa490b0777
b80fc4949d4bdff38aa3017c8f5ea813a91bd0d2
62f4ac02d4d03f11fcab26905d639a9797476e150f44d7793776acfa5fae87cd

HTTP Headers

GET /passivebio/bcsid.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
content-length: 427
set-cookie: AKMTLTSID=711CD5BE857A236A7306ACE0E9A9A770; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/personalization/peworkflow.min.js

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/personalization/peworkflow.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (5321), with no line terminators
Size
1.8 kB (1806 bytes)
Hash
1c9fea918bfb5581982989a70eaefabc
4918fe52d51efa97e09de94db53c621b0a335649
98348d134a2f94186ffe13541ebcf04efb5afe17f3b3be7aa8e9b69e5fbcac78

HTTP Headers

GET /personalization/peworkflow.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1806
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=A2CFEDA12BD8DC7C229870C1C69F60AC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/olab/js/oo_engine.min.js

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/olab/js/oo_engine.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32021)
Size
12 kB (11704 bytes)
Hash
4f0dfa69a1ecec87b606025cd6967565
feca411eeb031920103ea068630f93f31b5b0000
c7c01b10f0d71d2168f8975161bbb97e5dbd1b63a6e9678d752bb9a9a2dac090

HTTP Headers

GET /GFC/branding/olab/js/oo_engine.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 11704
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=412D41C12313B9E5CDA24DC2770AF8D2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js

104.110.15.25

200 OK

18 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (65331), with no line terminators
Size
18 kB (17670 bytes)
Hash
2f595116c30fa315246f7cb0b531ba15
35bd15722dce013523f23c21426076cfcac33945
5df0777d7bd5b17967c6ef6243ef3dfc4eecb0fba56dd39c0100faeba04a7439

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 17670
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=242AF4B4783401B167A19C34146E12FA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/js/main.js

104.110.15.25

200 OK

8.0 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/main.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- C source, Unicode text, UTF-8 text, with very long lines (33891), with no line terminators
Size
8.0 kB (7957 bytes)
Hash
6c7f00b72ded0bec2618305c876e16b6
48360ed4ad1b2ae2e507dc48873a3ef021586776
dc5ac3e8c6e04c6a1d9d1519b6ad99fabb5b0b87dd07d93106d6c4c1987b24ee

HTTP Headers

GET /GFC/branding/responsivebranding/js/main.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 16 Jan 2020 14:46:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 7957
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=2239BAE8D580C34117955F574FECA1FA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js

104.110.15.25

200 OK

1.0 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (3018), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
fb422777d175560b7cbafac2e69427e0
08a64e3f02f7521549e82453ec8a1baa4b0e8914
da7b8130e973ebfd3c4e34d464655f0fbe910cbb7ecb12e172f0374a86fb1cb5

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 13 Nov 2022 08:34:44 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1017
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=FA642278C96E5A16BC37F16286352221; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js

104.110.15.25

200 OK

3.0 kB

URL HTTP/2
online.citi.com/NCCS/smartSearch/js/cbol-smartSearch-inject.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
3.0 kB (3030 bytes)
Hash
cbbb42f2f92286927590740a4ddbdf12
0f4a6798edba9047e6038749c5b81192550137a7
ac708e5462ee634c6b75a1ea7faffaf577dbff4ce007c337a7fe3fabaf42a1c0

HTTP Headers

GET /NCCS/smartSearch/js/cbol-smartSearch-inject.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 11 May 2020 19:00:46 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 3030
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=CDEEB0C15496C7775E83DFACDABC16D8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/TMX/TMXProfiling.js

104.110.15.25

200 OK

546 B

URL HTTP/2
online.citi.com/TMX/TMXProfiling.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
546 B (546 bytes)
Hash
8a9d76752e354831bfeb51ea2009dc90
ab290ca00fc8be6525684405a8f655eb30e1b0e9
82775fb41297c485793eae4058db3e82b4d477bb00c6fa3bc301971e961e61c2

HTTP Headers

GET /TMX/TMXProfiling.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 546
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=CC50AF5575732FE33926B28A4FBB393E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js

104.110.15.25

200 OK

2.4 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
C source, ASCII text, with very long lines (7615)
Size
2.4 kB (2415 bytes)
Hash
e1577cfb2e8936a3c801851fff429693
1e861beca6b15a5f3d2ae277a95d7fd53e6256ec
95b8e61a19f61148c98e111e451ba37b8f27f55a415318e3fd49b56115c000a9

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-service.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 2415
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=267BE99B334386795E3BBA5603582FC8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

104.110.15.25

200 OK

70 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (53390)
Size
70 kB (69731 bytes)
Hash
1b616f5ba816bd312785d32976021e37
e3dd04ee3a2b2ca1ded2c3eef06aa1f121b7d3b0
451e9945c7041383326739797e006d8a7201b96b1ba8046c0c9c02dd9d89a851

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 06:51:10 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: text/css
content-length: 69731
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=3953E5FBB70B7D72F6E21853A39677AA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

104.110.15.25

200 OK

344 B

URL HTTP/2
online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (1035), with no line terminators
Size
344 B (344 bytes)
Hash
833a85cac30119fd1a7cdea0d63106eb
1558702028e277ce4bf3b079db7f064b96c91f0d
83b080afa657691bdb22843c5f36acc3be20ad7ed94ba84f18d1cbbb2a23933c

HTTP Headers

GET /JFP/js/modules/jfpm.autocomplete.off.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 344
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=F35E3DB10A43B27B4FD862B48D08EBAA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/pl-profile.png

104.110.15.25

200 OK

678 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/pl-profile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
678 B (678 bytes)
Hash
47511cdd2cd6ec0f1fe005ed1f1da489
c2dbbebd49f1dc760684ad937add478d05520ab1
96a25378d5d5fed38414a3d798eddc8367ebb206b45b125c837b9bab43c8799d

HTTP Headers

GET /GFC/branding/img/redesigned/pl-profile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 15:27:27 GMT
accept-ranges: bytes
content-length: 678
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=4ED37E650E65B44556AA4A9E294229ED; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg

758 B

URL
online.citi.com/GFC/branding/img/redesigned/atmbranchloc.svg
IP
:0
ASN
#0

File type
gzip compressed data, from Unix\012- data
Size
758 B (758 bytes)
Hash
2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchloc.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

online.citi.com/GFC/branding/img/redesigned/lang.svg

104.110.15.25

200 OK

1.4 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/lang.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1434 bytes)
Hash
c59330487289406bc7a589e19a748a45
3ff3a052d1b32f340847edcf7e10e8f0bcaafdc5
ff759181aba721255cb0e238fdc63fe8b32f3a130bc618ac35e012a1692a3784

HTTP Headers

GET /GFC/branding/img/redesigned/lang.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 04 Aug 2020 06:59:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 1434
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=CBA3DF6A8AEAD7957E5D69DB3388667F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-know.png

104.110.15.25

200 OK

547 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-know.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
547 B (547 bytes)
Hash
7fce81d3aee8a773e172e4da24755c08
d16e42e3104a3eede8e74f9e792c975390e3cea6
1e8296753489472722a900b40958f4cb93b5efa530499287debe37fdaac97cdb

HTTP Headers

GET /GFC/branding/img/redesigned/cc-know.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 17 Jul 2020 09:29:34 GMT
accept-ranges: bytes
content-length: 547
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=769495314A8C709D7BB8BBFB4F61A3A2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/cc-mail.png

104.110.15.25

200 OK

713 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/cc-mail.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
713 B (713 bytes)
Hash
d6aa1cf4e0f3028ec749cd5e2ef2745f
f92b9239a1ec624adf48a9fc5273df9aaf772ee3
351566f41ad89bb03b7855b58661b377836aebe50db166052eaa17f17e156799

HTTP Headers

GET /GFC/branding/img/redesigned/cc-mail.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 03 Jul 2020 10:19:28 GMT
accept-ranges: bytes
content-length: 713
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=8ADAAA79CCC97B4DDB2DFA08944ED90F; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/banking-savings.png

104.110.15.25

200 OK

917 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/banking-savings.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
917 B (917 bytes)
Hash
d4482456a56b1d78f4855f6eafa94898
6a6671bf54989ad97f457f42837d1d96f21dca53
87578cd8ec6b565afd5be1b9a00845ca3dcb8024d64f2d96e4ce00bb07c94902

HTTP Headers

GET /GFC/branding/img/redesigned/banking-savings.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 06:45:19 GMT
accept-ranges: bytes
content-length: 917
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=067EEB18F12855B1C18EEF2F4165B321; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-calculator.png

104.110.15.25

200 OK

374 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-calculator.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
374 B (374 bytes)
Hash
2425ec6b5ce2710b558ae452823680d7
2cccd21d3882308392717872f097511e58f8ba2a
77aae11467c6e42598b9c17f8a34f9ffb08c3acedd22db327fabf5b1becd24a2

HTTP Headers

GET /GFC/branding/img/redesigned/mort-calculator.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:13 GMT
accept-ranges: bytes
content-length: 374
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=3DC2F4422BEB822B78FF569CF7A1F0EC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/mort-home.png

104.110.15.25

200 OK

515 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/mort-home.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
515 B (515 bytes)
Hash
d1b8e6b91fb75607e2bf2948c9cb9d99
88b8815e54a1d1a53de0919cf1abbac50e69a70d
474a06e61c5ff0b6def6e5619529e0664e6fa2d9904ba6f796e4e1032c2ab3c3

HTTP Headers

GET /GFC/branding/img/redesigned/mort-home.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 07:56:26 GMT
accept-ranges: bytes
content-length: 515
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=6322A7995E117EAAB536C94E998677A4; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-FP.png

104.110.15.25

200 OK

399 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-FP.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
399 B (399 bytes)
Hash
4f5fc9d9f8fe83b74670f4e954bb116f
e9f9531727cfad01855e48dcc4ad0043779d763c
31a7d0a6362cd6d8fcbb3200740a252be4fc633363cc71021fb18faf4470eb5c

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-FP.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:29 GMT
accept-ranges: bytes
content-length: 399
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=71AFA376DFF10BA53BBB81756E4F74DA; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-MI.png

104.110.15.25

200 OK

822 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-MI.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
822 B (822 bytes)
Hash
9c485b70055241b255f9fafcd167447e
9f8050c8c416b1b5aca059d4d8bb4ca16b930a3b
643030db71af1915a7c02ec3589b64d1b826cb8c8c97e0f7b80d70e0c830726b

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-MI.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:58 GMT
accept-ranges: bytes
content-length: 822
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=0300A077333A1CD1669ADDDE13B260EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/Investing-II.png

104.110.15.25

200 OK

894 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/Investing-II.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
894 B (894 bytes)
Hash
ae8592f1019d7ea84ee847cbde5c8bd8
e74b70328c0e5f4cef5d094d1fb30e343be03eb6
e0a06ba70b7556d61f872bd1ca50148094683ed1ba026a78164563d3c63db0c0

HTTP Headers

GET /GFC/branding/img/redesigned/Investing-II.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 08:52:35 GMT
accept-ranges: bytes
content-length: 894
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=7A6B01E0AE41AFC9F873FD84ED34F15D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranch.png

104.110.15.25

200 OK

697 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranch.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
697 B (697 bytes)
Hash
5cb2e7bb5dd99d056313c125f74872da
26844e24c011bf9d5fd8f88a81a3a86333bfa681
489ac0d5e6bb586f0144108a782f87e10aa6387fa5925c0f7b526142dbbf9987

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranch.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:41:48 GMT
accept-ranges: bytes
content-length: 697
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=6B178D1C7DD5F7CC10576FB112C6BE08; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/WM-conce.png

104.110.15.25

200 OK

819 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/WM-conce.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 24 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
819 B (819 bytes)
Hash
e1d86261569011cb99dc98ae1bbcc391
575a762c5a2639ff9b9780c6b37efea5ea8edc64
6e866b41975af77f752d3feae581391b018128ad2cb495e783349ca49cb94c38

HTTP Headers

GET /GFC/branding/img/redesigned/WM-conce.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 06 Jul 2020 09:28:15 GMT
accept-ranges: bytes
content-length: 819
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=50E9D8F18B9751F02B870BEE9233D5AC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/search.png

104.110.15.25

200 OK

540 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/search.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
540 B (540 bytes)
Hash
2d0c9df05ec068e44e05246476eb6b0c
acf96a7bdff8f7d71096aa59243ad31d5aae425f
e1cdd8699d632d98047b60975c127bde93707685555e0894c2087105e26298ae

HTTP Headers

GET /GFC/branding/img/redesigned/search.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 12 Jul 2020 13:52:29 GMT
accept-ranges: bytes
content-length: 540
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=D8BF807A313A543833A72DDF60138290; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/navigationMobile.png

104.110.15.25

200 OK

137 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/navigationMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
137 B (137 bytes)
Hash
895e073c01fe436ee9892787c43a00eb
d5b1ebead4bc804bfee48ec3a9dbf87d3e97a82f
9704bca992680b1698b6c364e5fd7fd20991aa230c700f3378765fdf99a8b27d

HTTP Headers

GET /GFC/branding/img/redesigned/navigationMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 137
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=EE4FA23CE7222412B62375DC7D7E7083; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/closeMobile.png

104.110.15.25

200 OK

327 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/closeMobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
327 B (327 bytes)
Hash
e7a2c3c1d1710852dae94241b425631b
20ee2a5077624e2b074d9e6ab7d116480563f09a
87e414e65461d63f3c18fdec21dc973fbb3b04db9269aa2fa9f2b1e9fb4d58f0

HTTP Headers

GET /GFC/branding/img/redesigned/closeMobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Jul 2020 10:47:19 GMT
accept-ranges: bytes
content-length: 327
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=EE2FC345A70243B996EB1FF8BE665BE2; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png

104.110.15.25

200 OK

888 B

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/atmbranchlink.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
888 B (888 bytes)
Hash
2d52957ca9901e228f3cc98653d66b64
4ee4c93d50f3eed0c760c69297db539b5c747fec
424b0508d87aeff62bf98099b98490558de97db21d02343fd4b0e46252a74d58

HTTP Headers

GET /GFC/branding/img/redesigned/atmbranchlink.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 26 Jul 2020 08:00:17 GMT
accept-ranges: bytes
content-length: 888
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=68F834BDCBB29E6472E657FEE2B31CA7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png

104.110.15.25

200 OK

1.3 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/icon_globe_med-grey.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1300 bytes)
Hash
e356e33999a3af7670f87a64085b0aa1
7c65d1ba8878b0e930e73ea9a52d5f0f873828b2
f9ea3e5b79df3924376af98d3639b49ef970ef77063203b3ef3abaa84daca88a

HTTP Headers

GET /GFC/branding/img/redesigned/icon_globe_med-grey.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 08:42:08 GMT
accept-ranges: bytes
content-length: 1300
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=B58F4FDCC979DA9B80C5D19A656B760B; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png

104.110.15.25

200 OK

329 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_facebook@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
329 B (329 bytes)
Hash
15d9ce47ed55b1d16c142a6c067ddbf5
3431a1b5af3ec6a4a39176600ca213c070175eb2
9fa97f780f20b95ac6a2baeed3961d39ec6086e3417eb59cd294e4e528187b7b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_facebook@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 329
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=DE0AD33104D40C893E91047C57883FE5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png

104.110.15.25

200 OK

840 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_twitter@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 44 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
840 B (840 bytes)
Hash
766cb78a4d9ba316b9fd2efdb1e95252
f7e17f7e9663574ef1ad0ebf580ea503fff0c7ea
5d343d5e2bc616fe04642af586793b51ba2291a6c9616ee92e4246bde9fa72a5

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_twitter@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 840
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=DD90F8A3BA441F42A994065861CF2AB7; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png

104.110.15.25

200 OK

808 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/social-media_youtube@2x.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 48 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
808 B (808 bytes)
Hash
89b7dac46b6f0be69e6272cf3de06475
a74173e79f802672145fa175478bcf4698d3bf80
1f43f86e82f4cf6b5ddf863fbb8cd9bafb53790bd2016a7b2b36d51ad96fb32b

HTTP Headers

GET /GFC/branding/responsivebranding/img/social-media_youtube@2x.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 May 2020 04:51:42 GMT
accept-ranges: bytes
content-length: 808
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=FC50CD400BE967A02CB317FD62A04D87; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png

104.110.15.25

200 OK

12 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo_Mobile.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 11562
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=2081747D713F572EB38A6FA8CD68307E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/errorLogo.svg

104.110.15.25

200 OK

584 B

URL HTTP/2
online.citi.com/GFC/branding/img/errorLogo.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Size
584 B (584 bytes)
Hash
3210e315dee7ea636165f4cdd4d402cd
110a09f9a0cd87f510d3435704631aefc02d7436
09541c2109f784fd10979ed9cce037e146b756f35ffa3c2e164d3aad92532341

HTTP Headers

GET /GFC/branding/img/errorLogo.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 24 Apr 2018 15:26:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 584
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=1598CC139644E28E36AAAE61CFEA9153; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/passivebio/BiocatchATO.js

104.110.15.25

200 OK

114 kB

URL HTTP/2
online.citi.com/passivebio/BiocatchATO.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text, with very long lines (63756)
Size
114 kB (114417 bytes)
Hash
9248242d277a48e0e26b2b6aef3ce590
54c170a425a237fff13a351380d3ebc13eecb7fe
dffd94cd4d4979a7844ab3e348357a918ba4d92a07e1e20ce583295c136b6d88

HTTP Headers

GET /passivebio/BiocatchATO.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
content-length: 114417
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=882DCEC7375033747AF91EC3472DB694; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js

104.110.15.25

200 OK

62 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (7824)
Size
62 kB (61658 bytes)
Hash
72160d472dd367d8db15c5a39efd91c6
242252da9b4ac65f4e609796aba2553afca64443
d2adb062964fc932f5fdfa95db62ddd8873467a89ac132867af312ffd60607e7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-library.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
content-length: 61658
set-cookie: AKMTLTSID=0279BD628EC4085ECDE1C509431B8C89; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js

104.110.15.25

200 OK

26 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (8207)
Size
26 kB (25945 bytes)
Hash
4f41d862cbf585b1cdb8fb475f37e8e5
e3ab2e23f39fcca83588d0678f9164d199540f0d
20eb6fe6bb0bc32e7dbc56bdcc0f9880c5a24c8f8fbfc1fe24f345ecb2cfa9c7

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Apr 2021 05:43:48 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 25945
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=89C27670FF94B7E38BFE0A6F1CF21686; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/card_art/8150_cardArt.png

104.110.15.25

200 OK

45 kB

URL HTTP/2
online.citi.com/JRS/banners/card_art/8150_cardArt.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 450 x 285, 8-bit colormap, non-interlaced\012- data
Size
45 kB (45386 bytes)
Hash
d6c20edc6406a6305e5a8ca093dff8a0
f246abd4f8b69e42ba6f50558340d690d2cf1ef7
1cec78f793f28bed6cd96765e693bd6b7ba1efbfdd7d68ca5b8ea5390ff8bec0

HTTP Headers

GET /JRS/banners/card_art/8150_cardArt.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Aug 2020 19:29:08 GMT
accept-ranges: bytes
content-length: 45386
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=D39507E7E21225839AC9EC4FCA9AFEF0; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png

104.110.15.25

200 OK

28 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/Citi_FooterLogo.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /GFC/branding/responsivebranding/img/Citi_FooterLogo.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 May 2020 04:39:29 GMT
accept-ranges: bytes
content-length: 28149
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=53D60721D2282D6CADCE10B769C91A99; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg

104.110.15.25

200 OK

53 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 560x315, components 3\012- data
Size
53 kB (52559 bytes)
Hash
ee564f1c07ec63939037a30b1d48e7b1
b75a2570b6ce89c1eb112c010994bfc5bde8b4e5
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d

HTTP Headers

GET /JRS/banners/modules/Cards-tile-grey-1120.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
accept-ranges: bytes
content-length: 52559
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=8361C78AD69B34908DD4F2AD1AB0B1D5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg

104.110.15.25

200 OK

50 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
50 kB (50031 bytes)
Hash
1811b334b2e3a585567ef915ff6adcf5
858f597f8bcbcf3a16516f428565850aee1f8c98
67d342b059e3ee89919786b1a83c6ebb76b657bbbe0105d2c7c9876d08026c80

HTTP Headers

GET /JRS/banners/modules/2020_Q3_HELOC_M1-M7-3UP.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 50031
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=3F65EA454A02DECA84660A0DDB8190A5; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg

104.110.15.25

200 OK

110 kB

URL HTTP/2
online.citi.com/JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], comment: "Optimized by JPEGmini 3.12.0.2 0x8e6e2aa3", baseline, precision 8, 2160x600, components 3\012- data
Size
110 kB (110256 bytes)
Hash
adc640f5c974f259332776179906a9ba
88aa97730f84a70b8f3ec0df9763797293f6fef9
73bda4635bfa51c64ab47b1fba9a7cb20b6ab3ae44f7c1d2abf78041a9da0fee

HTTP Headers

GET /JRS/banners/hero_background/HP2.0_Diamond_Preferred_Hero_Card_Background.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 15 Mar 2018 21:03:36 GMT
accept-ranges: bytes
content-length: 110256
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=6721EF569B7188797DB45E940641DF32; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js

104.110.15.25

200 OK

748 kB

URL HTTP/2
online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (57530)
Size
748 kB (747501 bytes)
Hash
9e955595f5944b7d8f753a5cd2920e1a
e8e2cdcc3c6b2deb84d49fa0c24f73cb4dd1053f
c80f9904376bace60d69a316d993244717fda11bd5bc6f4f1072db6e73662b92

HTTP Headers

GET /JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 16 Sep 2020 07:27:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
content-length: 747501
set-cookie: AKMTLTSID=86F3CB6AA9A51A73BD010E3BFC03C221; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.35.190.173

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.35.190.173:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zHkA4QsNe0iHTC5H0VWkfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eLUXBSGKVkSWJ945/Cio7ZcwatE=

online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//ui.powerreviews.com/tag-builds/10111/4.0/styles.css
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //ui.powerreviews.com/tag-builds/10111/4.0/styles.css HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=AF713D54DFB2812C56A24AF6B0E399FC; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js

104.110.15.25

404 Not Found

5.1 kB

URL HTTP/2
online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
5.1 kB (5148 bytes)
Hash
8a083e65a5e28842e2efffad0e47f78d
d214feeff6d6760c8aa7f7c2c79854eb671f31ad
8c7ff53aadc91c2cb1e2140c9e269cecdb7c85031040531189bcfc54e7140568

HTTP Headers

GET //nexus.ensighten.com/citi/na_prod/Bootstrap.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
last-modified: Mon, 26 Apr 2021 18:11:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 5148
content-type: text/html
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=76947FEE397E551E8AF0C7FE0549090D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png

104.110.15.25

200 OK

1.8 kB

URL HTTP/2
online.citi.com/GFC/branding/img/redesigned/citilogoredesign.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /GFC/branding/img/redesigned/citilogoredesign.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_header_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 02 Jul 2020 07:18:33 GMT
accept-ranges: bytes
content-length: 1799
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=6E7F664CCCE043E7343E927892255032; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JFP/fonts/Interstate-Regular.ttf

104.110.15.25

200 OK

641 B

URL HTTP/2
online.citi.com/JFP/fonts/Interstate-Regular.ttf
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499)
Size
641 B (641 bytes)
Hash
dd59f5e29f1021e45b5e95e26f2d12da
d79fa9c39b22174b3d6d2fb7bd00f01be3ee6410
e52581c6fe976751e9059da800356b8824fe18635947ef533ff4c5fc2f313df8

HTTP Headers

GET /JFP/fonts/Interstate-Regular.ttf HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
content-length: 79753
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=AD3D12E39F95BC14296E8DC6035680EE; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/HP8564_M.jpg

104.110.15.25

200 OK

73 kB

URL HTTP/2
online.citi.com/JRS/banners/modules/HP8564_M.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x315, components 3\012- data
Size
73 kB (72898 bytes)
Hash
ca6fda0b33ffcd4733ba669c8d52c784
0232c5afd2b6fc6c079d1f15b046bb6a9cff07a9
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

HTTP Headers

GET /JRS/banners/modules/HP8564_M.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
accept-ranges: bytes
content-length: 72898
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=DE423213E2EFA9FE73F6140D432B211D; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

104.110.15.25

200 OK

76 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (76037 bytes)
Hash
e1b92482866ea052f3ffcdbff6e66ad5
ce7a650075da89bbd11e6a7b6743a410286d3973
3d4509cc1b1b3d560129ceff5ba770b0026e4aa2861349e0242cb4838855b584

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=7FF7C0D6E56B620815735599BB5BA9F8; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

104.110.15.25

200 OK

77 kB

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
77 kB (76826 bytes)
Hash
7315dfab0a68efb7fb22012551203817
5d9d65a25fd0833b1d5d02abfe71b3d3f16bf594
7803725fc747aedbcc37628f973b7bb115943951967117d4700e7d494942802f

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: https://online.citi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-type: text/plain
vary: Accept-Encoding
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=9775057717A5CC2EA9EC87136A8CA485; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png

104.110.15.25

200 OK

9.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/googlePlay_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
9.3 kB (9255 bytes)
Hash
c02d966c362e9f918a7ca664a06f339a
cf8723b1054b79ac27db08f1e0d63b1a585bc150
3c4287f94e9dc9cda82125a6f528b0d4dcd8c2e9ee26b899c4481490312b146a

HTTP Headers

GET /GFC/branding/responsivebranding/img/googlePlay_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
accept-ranges: bytes
content-length: 9255
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=C3430476ED3E1FC89325AD9D7001A29A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png

104.110.15.25

200 OK

8.3 kB

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/img/appStore_2px.png
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 240 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
8.3 kB (8272 bytes)
Hash
e783f09a2c28318b2248dcd045cd0325
e1d0ac0f63eac3b3b523fe929d416127fe7e7561
2e1950e9fecaa7d00944c88becb315026208890e3d9ffe2545504105e181ad47

HTTP Headers

GET /GFC/branding/responsivebranding/img/appStore_2px.png HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
accept-ranges: bytes
content-length: 8272
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/png
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=F1F8A084DF056406BBFB2CD77DBC0E41; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

104.110.15.25

200 OK

496 B

URL HTTP/2
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
496 B (496 bytes)
Hash
28dab60290650e5ee88386879ca17085
85043857b1d8a79816491365548e17b151a2a084
fc9dead631748747b2e1c0b60057a21282d2d7acd6f5d88f4e80bdf32e08b5c8

HTTP Headers

GET /CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.citi.com/GFC/branding/responsivebranding/css/branding_footer_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 496
content-type: image/svg+xml
date: Fri, 02 Dec 2022 09:53:24 GMT
set-cookie: AKMTLTSID=735FCE1B727A29B5AB04DB1A43A5E18A; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/ddlbase.css HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Cookie: cdContextId=1; cdContextId=1; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: login.php?primarymember_id=0ba17ae786251f58c6fd4609f
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

301 Moved Permanently

0 B

URL HTTP/1.1
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://sr.rlcdn.com:443/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 0
Date: Fri, 02 Dec 2022 09:53:24 GMT
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?

142.250.74.6

200 OK

265 B

URL HTTP/2
6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB?
IP
142.250.74.6:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Size
265 B (265 bytes)
Hash
779b9f3c315255d0d62a1113bfcd7573
152c5e4fe3ab7191b5f2696c9dacaa12bbe33493
03c89c3c2b73e5cd1107d16c408edbd3abb6cecff1b2e78d41ea853cf46c32bb

HTTP Headers

GET /activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB? HTTP/1.1
Host: 6260004.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 09:53:24 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 265
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 10:08:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bid.g.doubleclick.net/xbbe/pixel?d=KAE

64.233.162.156

200 OK

0 B

URL HTTP/2
bid.g.doubleclick.net/xbbe/pixel?d=KAE
IP
64.233.162.156:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xbbe/pixel?d=KAE HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 09:53:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 02-Dec-2022 10:08:24 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 02 Dec 2022 09:53:24 GMT
cache-control: private
X-Firefox-Spdy: h2

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.193.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.193.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Accept-Ranges: bytes
Date: Fri, 02 Dec 2022 09:53:24 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1628-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669974804.430281,VS0,VE0
Strict-Transport-Security: max-age=31557600

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da32e4b24f4f95e4e807cff2459f54c3
02db1c6d628b2f51fa0b46fcb79a71178780bc47
4d6ff368a64dc83f4a637fbf44b2256523ca7c43b824022f8f6428de6cfae368

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=445169,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77332cdfacd8b527-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
49a9684674e0f1b3974c6427c5354fe4
c201e61bcda9cc91369f0c57f8236fcdd3db26c6
27b8d50242836a45aca1fcd0cb58e7f685011c1f93b57d0e3ea9a02400f8d801

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js

151.101.193.175

200 OK

5.2 kB

URL HTTP/2
nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
IP
151.101.193.175:0
ASN
#54113 FASTLY

File type
C source, ASCII text, with very long lines (585)
Size
5.2 kB (5197 bytes)
Hash
a8a8316559534b9784a92826ab49b9f2
3836a3dbc421106117da4a97871aed09eedbdf0c
b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e

HTTP Headers

GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WYw0Epb8vcedL+7IDqJJsx/+WjGdOZ5/PeZvxp+JQZLuPSbm5TB79IsK0ZRwFxRvC3JwqmNr110=
x-amz-request-id: 6VFQ4X3D41M9VYZP
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Dec 2022 09:53:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669974805.511545,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

142.250.74.34

200 OK

267 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (497), with no line terminators
Size
267 B (267 bytes)
Hash
3d0723e9b30991791d953c41256c98e3
62f93130c92c0141280617c746ec9ef54d69c7e1
7f566075b3d057193f85088cd5992b41d6cab6b96e20e07273fc2e6f99f0d14e

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6260004.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 09:53:24 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064

23.38.201.22

200 OK

71 B

URL HTTP/2
stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064
IP
23.38.201.22:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
71 B (71 bytes)
Hash
988428fdc0079b85e995b96b0ed4b565
27aece4f871a936951d17de604853cddc9bfb5ec
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

HTTP Headers

GET /site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_pr%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB&phint=__bk_v%3D3.1.8&limit=10&r=61954064 HTTP/1.1
Host: stags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 71
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
pragma: no-cache
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: max-age=0, no-cache, no-store
bk-server: f694
date: Fri, 02 Dec 2022 09:53:24 GMT
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0ba17ae786251f58c6fd4609f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0ba17ae786251f58c6fd4609f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=0ba17ae786251f58c6fd4609f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=1; cdContextId=1; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=6ab8b25c622e1362a04a16cab
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.coprwanda.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 09:53:24 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB

142.250.74.98

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=5474828976029.28;gtm=2od1d0;auiddc=253918765.1611308789;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do%3FJFP_TOKEN%3DNOSXRGKB HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 02 Dec 2022 09:53:24 GMT
expires: Fri, 02 Dec 2022 09:53:24 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5bc03b4995299a6a2777604a4d461631
c9de39bb466bfb8f885bae78849b7049389e3483
a8155ab40b718c91379d3a995b89adb27a9044c6f48d0033bfe797e5d9f1437b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:55 GMT
Expires: Wed, 07 Dec 2022 13:42:54 GMT
Etag: "c9de39bb466bfb8f885bae78849b7049389e3483"
Cache-Control: max-age=445169,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77332ce0def3b527-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
59ccaf5f1bf1101f3d43ae777be4f6a9
2740c2403e005eac512a829e64de6a03a65fcbb6
1c6da1c071531cd11b32e943b42798202de1a80882e067773ed4d6147094587f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTc0ODAyODA5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjQxNDE3NjktMDdiZTlmZmQ2ODlkYzU4LWM1MDU0MjUtMTQwMDAwLTE4NGQyNDE0MTc3MjUyIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9tYWlsLmNvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3ByaW1hcnltZW1iZXJfaWQ9ZTVmYzNhODczZjRmNmIxMzhiMzM0YzRlNCIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNTJhNS1mYWE4LTg2N2UtOTM0MC1kMGJjLTM3ODYtYWU5Ny0zYWE0Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5NzQ4MDI2ODAiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMzAzLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zNC4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zNC4xIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTc0ODAyNjgxLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=

35.241.45.82

200 OK

0 B

URL HTTP/1.1
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTc0ODAyODA5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjQxNDE3NjktMDdiZTlmZmQ2ODlkYzU4LWM1MDU0MjUtMTQwMDAwLTE4NGQyNDE0MTc3MjUyIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9tYWlsLmNvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3ByaW1hcnltZW1iZXJfaWQ9ZTVmYzNhODczZjRmNmIxMzhiMzM0YzRlNCIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNTJhNS1mYWE4LTg2N2UtOTM0MC1kMGJjLTM3ODYtYWU5Ny0zYWE0Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5NzQ4MDI2ODAiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMzAzLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zNC4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zNC4xIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTc0ODAyNjgxLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY5OTc0ODAyODA5IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkMjQxNDE3NjktMDdiZTlmZmQ2ODlkYzU4LWM1MDU0MjUtMTQwMDAwLTE4NGQyNDE0MTc3MjUyIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9tYWlsLmNvcHJ3YW5kYS5jb20vbG9naW4ucGhwP3ByaW1hcnltZW1iZXJfaWQ9ZTVmYzNhODczZjRmNmIxMzhiMzM0YzRlNCIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNTJhNS1mYWE4LTg2N2UtOTM0MC1kMGJjLTM3ODYtYWU5Ny0zYWE0Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk5NzQ4MDI2ODAiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMzAzLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zNC4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zNC4xIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5OTc0ODAyNjgxLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:24 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Access-Control-Max-Age: 1800
X-ME: prod-instance-gatewayservice-green-43xq
X-Application-Context: application:9090
Content-Type: image/gif; charset=UTF-8
Content-Length: 0
Server: Jetty(9.2.11.v20150529)
Via: 1.1 google

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2fec0a3aa8f541f5092456d41753e63a
f7f2afd43cac3c12f5cea88960560a94d36aae05
f3dc6e26d9d8008abf17eec495ab0db714e3fbeb0d3fc45967fd8e1f2d067fcd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6284
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:24 GMT
Etag: "6388d6a7-1d7"
Last-Modified: Fri, 02 Dec 2022 08:08:41 GMT
Server: ECS (amb/6BAD)
X-Cache: HIT
Content-Length: 471

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6ab8b25c622e1362a04a16cab

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6ab8b25c622e1362a04a16cab
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=6ab8b25c622e1362a04a16cab HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d109c72eee19c1456a6168337
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:53:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:53:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:53:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Fri, 02 Dec 2022 13:26:24 GMT
Date: Fri, 02 Dec 2022 09:53:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 13956
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb8ec880-52b8-4350-bb47-d051878e78f1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6882 bytes)
Hash
25c68d8b1fae82820f93efca500fd848
45cf5e1a54ee491497ffe08a8e39fe97ba3c8a48
f0ec6b6f6ba0a931c9b71f5bc7ad1e5b89c8e4d8b7441f35eeebfba418d0e588

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb8ec880-52b8-4350-bb47-d051878e78f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6882
x-amzn-requestid: 6b5f15a5-c15b-46bf-9fd5-5d013d37a0eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGfrG3WIAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891dfd-6038ca700dfb4489230c2683;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2O6x-8-ESFDtlhcjVyGxEXCZcLbbfhsCVQeX02lbNMupPWmM-fKuLA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:54 GMT
age: 44310
etag: "45cf5e1a54ee491497ffe08a8e39fe97ba3c8a48"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 43408
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5598e9-4752-4e3f-9938-977b517ce347.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5967 bytes)
Hash
4e1372b65928f2addd9d8e44ce63ea0c
795fd611123ebde700aaff1f0dac862f9cad00dc
de9011e1f05fb2f7a202f5a6e6ed7b77a339c0af8d3409e4fc898f2b8c6963ad

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5598e9-4752-4e3f-9938-977b517ce347.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5967
x-amzn-requestid: 889cb78c-7f00-4bd5-8f58-16aeae59f384
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgfFo2IAMF7ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e02-636955ff357675180ee298ff;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7R1Dono_VzhL0RPOfUBX2GC13dxG0n0buPmhAPencEFJ7WupYOUK8w==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:08 GMT
age: 43396
etag: "795fd611123ebde700aaff1f0dac862f9cad00dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10270 bytes)
Hash
4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 43174
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7334 bytes)
Hash
498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 42226
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

1.3 kB

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (1317), with no line terminators
Size
1.3 kB (1317 bytes)
Hash
918bb791380ef1e12e6f4ff184694c4d
d4fd70b7cc91686a58e92060dda959d2d0eb0a79
97c8a55c1fab4e1d4276b7bb2d7145852987b15db5f4ece591d75620948d460d

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 172
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 1317
date: Fri, 02 Dec 2022 09:53:21 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: af53842e-3ec9-4fb8-bcc1-c138ddf39053
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d109c72eee19c1456a6168337

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d109c72eee19c1456a6168337
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=d109c72eee19c1456a6168337 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c6aa41d5d74f22ac7a014bb1e
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6aa41d5d74f22ac7a014bb1e

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6aa41d5d74f22ac7a014bb1e
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6aa41d5d74f22ac7a014bb1e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5177fd329d9434a2fd850432a
Content-Length: 0
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c9ddaa54b22df16f7077672ce62c3aaf
48c459b8e283c366b618d61c6fd45a6c465d1298
be15e4567b08d0e5cf9898c151c223b53d102451a38953498062883093039d87

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 12:17:24 GMT
Expires: Wed, 07 Dec 2022 12:17:23 GMT
Etag: "48c459b8e283c366b618d61c6fd45a6c465d1298"
Cache-Control: max-age=440037,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77332ce31a21b527-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
488ae2d5dfe09e6e60f015a2aee68e2c
b4e89be8882463d4415ff42b7f2bd66e4e43597e
fc07c95ad31735a244ec7a2f5e5a304b09051d5986190158597405230e65d792

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html

54.230.111.57

200 OK

221 B

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tE9gB1KdalJ1INrGEmHdBlaXIbNhlekIaZzEsLmlGfPMTLOaNMDYgA==
age: 65779
X-Firefox-Spdy: h2

cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

142.250.74.174

200 OK

3.7 kB

URL HTTP/1.1
cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3328)
Size
3.7 kB (3714 bytes)
Hash
95eb83564e4de219194aff33a7c35684
aba45e44f53ae62bf5e9da6afb4139d1b6cb50af
50e19b3f730476fcf570f17d2d83c4857c7e3e99ec389b9442755bd4b12d024b

HTTP Headers

GET /cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP/1.1
Host: cse.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: gws
Cache-Control: private
Content-Length: 3714
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4211d4ddd8c542cf450d0e892e384e8d
d2eaa1b5679a7b7be963954c242d71522cb71694
4f524c890be87d8b1d72145512cba9ea33c16bb4db4cc4b0718bd48a7c5d6983

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 06:00:09 GMT
Expires: Tue, 06 Dec 2022 06:00:08 GMT
Etag: "d2eaa1b5679a7b7be963954c242d71522cb71694"
Cache-Control: max-age=331002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77332ce319a61c06-OSL

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html

54.230.111.34

200 OK

221 B

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
IP
54.230.111.34:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Fri, 02 Dec 2022 08:40:32 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8Rkl4tlcHegtqkpiQy6wlrVPvYGX-fM_IuKeeoG0TzjswmAXebf00Q==
age: 4374
X-Firefox-Spdy: h2

di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38

35.244.174.68

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
di.rlcdn.com/463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38
IP
35.244.174.68:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /463166.gif?partner_uid=7d0f4114-b82d-409a-851f-1e7f7c838e38 HTTP/1.1
Host: di.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 02 Dec 2022 09:53:25 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googleadservices.com/pagead/conversion_async.js

142.250.74.66

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15190 bytes)
Hash
f2258b08ae7f4c53a27c27e21536ef06
65fe239266dc4c3f8f8e25dfd039a77733f75f67
fd9775067ede051cfe4861265da0e9374a20cd833fedcd3c9708af0b525f8921

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 02 Dec 2022 09:53:25 GMT
expires: Fri, 02 Dec 2022 09:53:25 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16595884479219046262
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a9bdfccd1df3e323e28d92aea1077409
4625fbbbbb614755a86dabddfaf40e99b3934ba6
8020fb77bd7e1b8cc3e2fed030e59d004e720c61162046fc93285c1ca07c0e66

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:53:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.34

200 OK

3.2 kB

URL HTTP/2
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.34:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.c81358859121583b7adf2ace89cb39f44.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 23:01:12 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: THK4o0VEx4va_5nkzpNPe8H7Rx9LxsMT5Ju2__M7HhlnB4d8pGswZQ==
age: 39134
X-Firefox-Spdy: h2

1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.57

200 OK

3.2 kB

URL HTTP/2
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
date: Thu, 01 Dec 2022 15:37:07 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y0q17MuMEvuhmNBkq6g2UTnMYwkgFEb6rLZVMEIOfaScAqTJM-vJnA==
age: 65779
X-Firefox-Spdy: h2

mail.coprwanda.com/favicon.ico

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/favicon.ico
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=0d489a6d613046f91fb817dbe
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f07d466e5636137d87db67fc37a6cea2
a93119333ee5d23a2478b0ee8de00ccd3c2a4566
e23351d29471681b4d657f516dc2cde485ae17dccefb3d60747025e022efccd8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 23:15:46 GMT
Expires: Thu, 08 Dec 2022 23:15:45 GMT
Etag: "a93119333ee5d23a2478b0ee8de00ccd3c2a4566"
Cache-Control: max-age=565939,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77332ce34828b505-OSL

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html

54.230.111.12

200 OK

221 B

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
221 B (221 bytes)
Hash
21e34cf6a03f570df49e212018a567d0
f0be4058936850ae0163f5137600d14b6632bbb3
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6

HTTP Headers

GET /scripts/prod/crossdomain.html HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 221
date: Thu, 01 Dec 2022 13:13:14 GMT
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: u3x9cOLWDHciUjctiI-hFoX-8iMEZjUAHd3EefdaWJnQkKGNPy3PsQ==
age: 74412
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5177fd329d9434a2fd850432a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5177fd329d9434a2fd850432a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5177fd329d9434a2fd850432a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=338f5f372d885fbd81e843066
Content-Length: 0
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js

54.230.111.12

200 OK

3.2 kB

URL HTTP/2
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3227), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
9ee48a4da9c402e8a23ad085fb71f28f
f0c59306d6313f9bee02b53ca8903991bd24bfd7
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622

HTTP Headers

GET /scripts/prod/crossdomain2.12.0.5273.b96c35cc.min.js HTTP/1.1
Host: 1.b406929acabac9b095f124c81bdfcf57f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 3227
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 01 Dec 2022 15:53:28 GMT
etag: "9ee48a4da9c402e8a23ad085fb71f28f"
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: djejxn-wmfXhGYOv1YiSTAYcUteyE5JlUsq8RnMZdrFu3AkBUE0AxQ==
age: 64798
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
17e8b57e2ed803f201575cbf9698c46d
8e1ed4174e47647af89ddbc05e8435fcca63b783
3c7f4d3402133ea425f971977cddca84554c81e1113aa92388d89a6a64f7b5b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 02 Dec 2022 09:53:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Dec 2022 20:34:38 GMT
Expires: Fri, 02 Dec 2022 20:34:38 GMT
ETag: "8e1ed4174e47647af89ddbc05e8435fcca63b783"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=338f5f372d885fbd81e843066

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=338f5f372d885fbd81e843066
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=338f5f372d885fbd81e843066 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=85157b7171eac6de6b0413796
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=85157b7171eac6de6b0413796

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=85157b7171eac6de6b0413796
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=85157b7171eac6de6b0413796 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2365c4039cc728da9dfb62105
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/login.php?primarymember_id=0d489a6d613046f91fb817dbe

192.185.105.9

200 OK

65 kB

URL HTTP/1.1
mail.coprwanda.com/login.php?primarymember_id=0d489a6d613046f91fb817dbe
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4051), with CRLF line terminators
Size
65 kB (64622 bytes)
Hash
a7a6cd622292df491951eaff70b6377b
0ff8271dce84abe73a54b372d2727a0899023532
3c055e01192c0b7143b02e67af8b7b7259fec22d6ce2dedb61927a4fdc77c15d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?primarymember_id=0d489a6d613046f91fb817dbe HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2365c4039cc728da9dfb62105

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2365c4039cc728da9dfb62105
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=2365c4039cc728da9dfb62105 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=918d44332d424ef70439abba0
Content-Length: 0
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
394cdc3a43003ea69c5b4ec44735468f
0ee113a8d79f0fba44812d223bab06ab4b1ea267
c1401624fe740c139719bf57781545778fab650cdfa4cb8932d61c4beec675aa

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3272
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 09:53:21 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: 91c5a32c-e974-49b6-8096-9bccf15323c5
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=918d44332d424ef70439abba0

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=918d44332d424ef70439abba0
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=918d44332d424ef70439abba0 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7cb69bd12eb8549ce5e41c3dc
Content-Length: 0
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cb69bd12eb8549ce5e41c3dc

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cb69bd12eb8549ce5e41c3dc
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=7cb69bd12eb8549ce5e41c3dc HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f83f9a08baaaf491641652ca9
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f83f9a08baaaf491641652ca9

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f83f9a08baaaf491641652ca9
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=f83f9a08baaaf491641652ca9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=fd542aa5993ff8b85b699d968
Content-Length: 0
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd542aa5993ff8b85b699d968

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd542aa5993ff8b85b699d968
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd542aa5993ff8b85b699d968 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5edf82725296fb0f4cfc437fe
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5edf82725296fb0f4cfc437fe

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5edf82725296fb0f4cfc437fe
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=5edf82725296fb0f4cfc437fe HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=411cb5cef250081a5ff4ab1e3
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=411cb5cef250081a5ff4ab1e3

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=411cb5cef250081a5ff4ab1e3
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=411cb5cef250081a5ff4ab1e3 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=425903f7284629d2dffb981cd
Content-Length: 0
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=425903f7284629d2dffb981cd

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=425903f7284629d2dffb981cd
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=425903f7284629d2dffb981cd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:26 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=dbc55773c40e190c0c20177b2
Content-Length: 0
Keep-Alive: timeout=5, max=61
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dbc55773c40e190c0c20177b2

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dbc55773c40e190c0c20177b2
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=dbc55773c40e190c0c20177b2 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=c6ba3500f674b3682f248365a
Content-Length: 0
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric

52.154.174.214

200 OK

558 B

URL HTTP/2
contents2.00110.citi.com/client/v3.1/web/wup?cid=cedric
IP
52.154.174.214:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
cee8a39356f2a91b598334283db663cf
61705291c75ce76397f73678c45c01b38e7facf4
4a8a319ba3d69c9822fc2c54e36e6fc3866265883f7b54067db9b1c2a3e82c1e

HTTP Headers

POST /client/v3.1/web/wup?cid=cedric HTTP/1.1
Host: contents2.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1480
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
content-length: 558
date: Fri, 02 Dec 2022 09:53:26 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache, no-store
pragma: no-cache
tail-id: eec8dcad-c1e6-4a8b-b935-1b1638b6a575
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ba3500f674b3682f248365a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ba3500f674b3682f248365a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=c6ba3500f674b3682f248365a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=fd9ce55b0fafc3ef41a88daad
Content-Length: 0
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd9ce55b0fafc3ef41a88daad

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd9ce55b0fafc3ef41a88daad
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=fd9ce55b0fafc3ef41a88daad HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=659775d0e45175c0abfb40b8e
Content-Length: 0
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=659775d0e45175c0abfb40b8e

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=659775d0e45175c0abfb40b8e
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=659775d0e45175c0abfb40b8e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=540ffcce26e784d0345ae5cbe
Content-Length: 0
Keep-Alive: timeout=5, max=57
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=540ffcce26e784d0345ae5cbe

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=540ffcce26e784d0345ae5cbe
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

GET /JRS/Marketing/common/DDL/1.1.11/styles/login.php?primarymember_id=540ffcce26e784d0345ae5cbe HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=75793c73ab6f79b23088ecbdc
Content-Length: 0
Keep-Alive: timeout=5, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57

13.89.105.232

204 No Content

0 B

URL HTTP/2
contents1.00110.citi.com/api/v1/sendLogs?cid=cedric&cdsnum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57
IP
13.89.105.232:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/sendLogs?cid=cedric&cdsnum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e&csid=null&ds=js&sdkVer=2.17.2.285.6f55d57 HTTP/1.1
Host: contents1.00110.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 908
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Fri, 02 Dec 2022 09:53:27 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/TMXProfile.jws
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi
fortinet	Phishing

HTTP Headers

POST /US/REST/ManageTMXProfile/TMXProfile.jws HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Origin: http://mail.coprwanda.com
Connection: keep-alive
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e
Content-Length: 0

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2bfd3bf21909dd9ff72e7809d
Content-Length: 0
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2bfd3bf21909dd9ff72e7809d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2bfd3bf21909dd9ff72e7809d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=2bfd3bf21909dd9ff72e7809d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=876d3cbc24b679e52e2bd88f4
Content-Length: 0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=876d3cbc24b679e52e2bd88f4

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=876d3cbc24b679e52e2bd88f4
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=876d3cbc24b679e52e2bd88f4 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=e5878a6f1d20eb9b321918ed8
Content-Length: 0
Keep-Alive: timeout=5, max=53
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e5878a6f1d20eb9b321918ed8

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=e5878a6f1d20eb9b321918ed8
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=e5878a6f1d20eb9b321918ed8 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=a5621c7d6c9af312d57bf3c15
Content-Length: 0
Keep-Alive: timeout=5, max=52
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a5621c7d6c9af312d57bf3c15

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=a5621c7d6c9af312d57bf3c15
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=a5621c7d6c9af312d57bf3c15 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=f33072ec63046c271d508fc0c
Content-Length: 0
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f33072ec63046c271d508fc0c

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=f33072ec63046c271d508fc0c
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=f33072ec63046c271d508fc0c HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=36915d8ec450373583e89d562
Content-Length: 0
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=36915d8ec450373583e89d562

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=36915d8ec450373583e89d562
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=36915d8ec450373583e89d562 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=7937a1f8b9dc4f400a8708c06
Content-Length: 0
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=7937a1f8b9dc4f400a8708c06

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=7937a1f8b9dc4f400a8708c06
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=7937a1f8b9dc4f400a8708c06 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:28 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=5800f43c2fc1bf0ef7970fd6a
Content-Length: 0
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5800f43c2fc1bf0ef7970fd6a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=5800f43c2fc1bf0ef7970fd6a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=5800f43c2fc1bf0ef7970fd6a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=8e5759741d4799533c2ba6b8d
Content-Length: 0
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8e5759741d4799533c2ba6b8d

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=8e5759741d4799533c2ba6b8d
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=8e5759741d4799533c2ba6b8d HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=033cd6dfb0398e1327da3d94f
Content-Length: 0
Keep-Alive: timeout=5, max=46
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=033cd6dfb0398e1327da3d94f

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=033cd6dfb0398e1327da3d94f
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=033cd6dfb0398e1327da3d94f HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=84b8ef8a10d353458858e2d72
Content-Length: 0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=84b8ef8a10d353458858e2d72

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=84b8ef8a10d353458858e2d72
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=84b8ef8a10d353458858e2d72 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=d4644bf95d35d9bd479e9c5a7
Content-Length: 0
Keep-Alive: timeout=5, max=44
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=d4644bf95d35d9bd479e9c5a7

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=d4644bf95d35d9bd479e9c5a7
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=d4644bf95d35d9bd479e9c5a7 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=2fc430b89ad9ddf979b68c9b9
Content-Length: 0
Keep-Alive: timeout=5, max=43
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2fc430b89ad9ddf979b68c9b9

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=2fc430b89ad9ddf979b68c9b9
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=2fc430b89ad9ddf979b68c9b9 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=30b55b65aefc80456b782d17e
Content-Length: 0
Keep-Alive: timeout=5, max=42
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=30b55b65aefc80456b782d17e

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=30b55b65aefc80456b782d17e
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=30b55b65aefc80456b782d17e HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=9aabdff6311f7d6611dd43e93
Content-Length: 0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9aabdff6311f7d6611dd43e93

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=9aabdff6311f7d6611dd43e93
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=9aabdff6311f7d6611dd43e93 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=05bcd1d54f4bcbd913dd0509a
Content-Length: 0
Keep-Alive: timeout=5, max=40
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=05bcd1d54f4bcbd913dd0509a

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=05bcd1d54f4bcbd913dd0509a
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=05bcd1d54f4bcbd913dd0509a HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=1e0d0f6a189ed248fa11403bd
Content-Length: 0
Keep-Alive: timeout=5, max=39
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1e0d0f6a189ed248fa11403bd

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=1e0d0f6a189ed248fa11403bd
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=1e0d0f6a189ed248fa11403bd HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=bf5908308a0f9e849eeac66f3
Content-Length: 0
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bf5908308a0f9e849eeac66f3

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=bf5908308a0f9e849eeac66f3
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=bf5908308a0f9e849eeac66f3 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=152654972a982626c9723fd40
Content-Length: 0
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=152654972a982626c9723fd40

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=152654972a982626c9723fd40
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=152654972a982626c9723fd40 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=64baca3c537ddbb7ab218a544
Content-Length: 0
Keep-Alive: timeout=5, max=36
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=64baca3c537ddbb7ab218a544

192.185.105.9

302 Moved Temporarily

0 B

URL HTTP/1.1
mail.coprwanda.com/US/REST/ManageTMXProfile/login.php?primarymember_id=64baca3c537ddbb7ab218a544
IP
192.185.105.9:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citi
urlquery		Phishing - Citi

HTTP Headers

GET /US/REST/ManageTMXProfile/login.php?primarymember_id=64baca3c537ddbb7ab218a544 HTTP/1.1
Host: mail.coprwanda.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: http://mail.coprwanda.com/login.php?primarymember_id=e5fc3a873f4f6b138b334c4e4
Connection: keep-alive
Cookie: cdContextId=2; cdContextId=2; bmuid=1669974802318-2714A562-E3B0-4B8F-BB14-0A61CE02E281; PHPSESSID=3be0806fa9c18beb9ef7e84447c6534b; count=0; kampyle_userid=52a5-faa8-867e-9340-d0bc-3786-ae97-3aa4; kampyleUserSession=1669974802680; kampyleSessionPageCounter=1; kampyleUserSessionsCount=1; cd_user_id=184d24141769-07be9ffd689dc58-c505425-140000-184d2414177252; cdSNum=1669974804779-sjn0000775-6d5543a0-1a21-4df2-8bb2-eb904550263e

HTTP/1.1 302 Moved Temporarily
Date: Fri, 02 Dec 2022 09:53:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php?primarymember_id=dcb08e780a542b78997730202
Content-Length: 0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/GFC/branding/responsivebranding/js/navBarRedesign.js
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /GFC/branding/responsivebranding/js/navBarRedesign.js HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 06:43:21 GMT
vary: Accept-Encoding
content-encoding: gzip
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 30559
content-type: application/x-javascript
cache-control: max-age=21600
expires: Fri, 02 Dec 2022 15:53:23 GMT
date: Fri, 02 Dec 2022 09:53:23 GMT
set-cookie: AKMTLTSID=B5FAF1C31056F71C363102D1EDE90C55; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/8763_M1-M7.jpg

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/JRS/banners/modules/8763_M1-M7.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /JRS/banners/modules/8763_M1-M7.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
accept-ranges: bytes
content-length: 45996
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=12E1F7B0606EB96D0531C63E06E08862; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /JRS/banners/modules/M1-M7_Rewards.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 35239
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=4CC256250647948AABB94DF2514555A6; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

104.110.15.25

200 OK

0 B

URL HTTP/2
online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg
IP
104.110.15.25:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /JRS/banners/modules/M1-M7_DoubleCash.jpg HTTP/1.1
Host: online.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.coprwanda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
accept-ranges: bytes
content-length: 21180
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-type: image/jpeg
date: Fri, 02 Dec 2022 09:53:22 GMT
set-cookie: AKMTLTSID=83201DCDC9E9864565CBB8D2AF82461E; path=/; domain=citi.com; secure
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (51)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations