Report - secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=

Report Overview

Submitted URL
secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
IP
20.11.65.188
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-12-03 17:51:58
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citizens Bank
Phishing - Citizens Bank
DynDNS domain detected

Detections

urlquery
19
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	519 B	35.241.45.82
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.4 kB	93.184.220.29
ocsp.entrust.net	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	9.8 kB	104.110.10.32
ocsps.ssl.com	14517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	337 B	2.2 kB	34.237.184.165
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
lptag.liveperson.net	3393	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	851 B	9.9 kB	178.249.97.23
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	118 kB	151.101.1.175
report.citizen.glassboxdigital.io	69073	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	3.5 kB	54.235.78.87
lpcdn.lpsnmedia.net	3501	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	86 kB	178.249.97.98
pdx-col.eum-appdynamics.com	4816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	512 B	937 B	34.211.243.165
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	4.5 kB	52.213.58.50
smetrics.citizensbank.com	79873	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	554 B	914 B	15.236.176.210
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.5 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.161.148.163
cdn.glassboxcdn.com	11045	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	118 kB	104.18.14.22
accdn.lpsnmedia.net	3410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	5.2 kB	178.249.97.99
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www3.citizensbankonline.com	125923	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	265 kB	104.110.3.220
www4.citizensbankonline.com	159092	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	790 B	1.8 kB	104.110.3.220
cdn.appdynamics.com	3266	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	633 B	62 kB	143.204.55.51
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	42 kB	34.120.237.76
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	143.204.42.158
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	70 kB	54.230.111.14
secure03citizen.myvnc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	30 kB	20.11.65.188
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.7 kB	104.18.32.68
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	475 B	54.229.62.148

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	secure03citizen.myvnc.com/efs/efs/jsp-ns/pm_fp.js	Phishing
2022-12-03	medium	secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js	Phishing
2022-12-03	medium	secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js	Phishing
2022-12-03	medium	secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d	Phishing
2022-12-03	medium	secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js	Phishing
2022-12-03	medium	secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d	Phishing
2022-12-03	medium	secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (38)

	URL	Size	First Seen	Last Seen
	nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js	105 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 39bf7a3a8df0e7cc7aac36800368843a 208d3de80cede9f7234c1fe91c4a4f5d7ef8db3a ce6325f6f67fbf61b933fdc3ff94e1d1ae407d5fb100d75f01bdc6ec8ade9cc4 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	2.5 kB	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen50 Hash f922a60f645c94205e1f6e9d5e2cdccb 2e93f37ce5a8eb54dd6e4ad278c81bb26dc7a2a2 cfa7d7b285a70329eebf9b81537fa0baf56fe330fdcca07676e56cdba803ff30 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js	20 kB	2023-03-07	2024-02-14
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen91 Hash e3b11713a1b616fcac5f6c3b4b0b9e1b 82a8fc6f051d8b526d167ae7862efd2a2dab95e2 57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js	15 kB	2023-03-07	2024-04-23
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:49 Last Seen2024-04-23 21:50:14 Times Seen2852 Hash 42306a279a9e831515347ae319181cd1 d069641242e4fe1beb6de8f53a77dd964c98bce0 cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8 Loading...

	cdn.appdynamics.com/adrum/adrum-latest.js?	111 kB	2023-03-07	2024-02-27
Pretty URL cdn.appdynamics.com/adrum/adrum-latest.js? IP 143.204.55.51 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:55:15 Last Seen2024-02-27 00:41:08 Times Seen22 Hash deff3987ae725d726c0db6711bd5736f 0501d79c468f185c63590ac3c1a4918db7804d10 a4ea3de02f4ec1874478b152a09b89aecc2fc4f63ae2a4208ee8fb6585cebb11 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb19821x89574	748 B	2023-03-08	2023-03-08
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb19821x89574 IP 178.249.97.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:26:28 Last Seen2023-03-08 15:26:28 Times Seen1 Hash bd82a1298cb116834e6a91ec81cecee4 2e0f4cffc07612b10a79991e3c450989257358be 0b12ec0edf45fed456d70337c82605faacad180543a33652443abc18d1c8a020 Loading...

	va.v.liveperson.net/api/js/89632304?&cb=lpCb44160x37111&t=sp&ts=1670089910226&pid=3187455111&tid=6082856461&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%229de55f1d-70bf-4331-a55f-1d70bf133149%22%2C%22account%22%3A%2289632304%22%7D%5D	167 B	2023-03-08	2023-03-08
Pretty URL va.v.liveperson.net/api/js/89632304?&cb=lpCb44160x37111&t=sp&ts=1670089910226&pid=3187455111&tid=6082856461&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%229de55f1d-70bf-4331-a55f-1d70bf133149%22%2C%22account%22%3A%2289632304%22%7D%5D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:26:28 Last Seen2023-03-08 15:26:28 Times Seen1 Hash 8c96a560da5188ccae311cb0306d6baf 1758b2db7257efdae7d52eec68712daa9ff7c865 6d5644b28207e2b8e23a57cb0548fc2ea7ad52d3ee3cf6d5ee497692daf95594 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	958 B	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen50 Hash af8a93628974f148067d327996088187 e716dcf0ef564b89f66a8732d10f826e3d11385f f43724e4ca408137c9b50930a5416481dde13a65dfbce942a85d27f09c660ba2 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	606 B	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash dd23a19bc0a3ee76846efae627d939c1 6e62c6ee934439860343c8ce77e52bb4bea94b23 8f79346ad4fce32e9971e590ec9c76d8979f72971051fb4ff37a1e6b6acb56f4 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	3.9 kB	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash 148c64d137f73878ebf0e770a496ec61 9c11df9ed3ecd282193a1571a7701b83f1cea663 de729accb6b0199ce0eccc94b41eace66d70c535c35a096f586f0db848108865 Loading...

	nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117	90 kB	2023-03-08	2023-04-02
Pretty URL nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-04-02 21:34:08 Times Seen14 Hash 7f943d1386ac8d666a04c5f7c1aca6a2 e734405ada56e5593d28b1c99c5944241ae4ec28 3b531a8826aeb7dd365eb418b6aee5b8204f5e38c311f588ad75bbe7de570b16 Loading...

	lptag.liveperson.net/tag/tag.js?site=89632304	22 kB	2023-03-07	2024-04-12
Pretty URL lptag.liveperson.net/tag/tag.js?site=89632304 IP 178.249.97.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen539 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	nebula-cdn.kampyle.com/wu/356861/onsite/embed.js	1.1 kB	2023-03-08	2023-03-11
Pretty URL nebula-cdn.kampyle.com/wu/356861/onsite/embed.js IP 151.101.1.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-11 23:43:38 Times Seen1 Hash d702a2b9ebe4f8826d0a3b100f1e7b3d 03063df39d9f17724a28725c103443c92b4a7e00 be4225ec95dc89c7bb1f8ee1c9f1011fc412563bc59aa80785b5f6b6b0234601 Loading...

	citizensbank.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fsecure03citizen.myvnc.com	6.7 kB	2023-03-07	2024-03-23
Pretty URL citizensbank.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fsecure03citizen.myvnc.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	33 B	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen52 Hash 6abbcd946457998168ba6d439131e235 1d17c8ddac7abb2e14207b93cc3a8944044a3fa3 3d8de306ff5e9f5db214def3fb090fc9a8a37efc4117276a58b5ccd4eeb46017 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js	4.3 kB	2023-03-07	2024-04-09
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:12 Last Seen2024-04-09 04:55:43 Times Seen640 Hash b8a2edb156c147c3164f7faf6efc9f44 0b23deffad7cac9066bc216213b666ccbcb13279 babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	158 B	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:00:58 Last Seen2024-02-14 12:12:56 Times Seen75 Hash d063dd0adcd30d7f7ad112d0da02babe 7ff2e92c27808292fc2d6a58632baa4d0a92ca9a b45d35ed1d2f794538ea853ff3d60ec817168ef505ad5462afe8a9236ecf539b Loading...

	nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D	397 B	2023-03-08	2023-03-08
Pretty URL nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:26:28 Last Seen2023-03-08 15:26:28 Times Seen1 Hash 692a8fc3bc4d4c46f19149f4567bd9ed faa990320e16971f700c625d16d97a9f73eeb5ab 6176f70ae948c321878aa66eb38fd325d75dc24781500ada481de03c19dffe7f Loading...

	nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909	28 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 83105033d3f7f9905b026d4c409b655e b9c548527d700f4694956ef3f78f0eb7bcf24568 1b58da2beae29b1bd0013f8de492b624065c80e4c856a8888607b916ac9a2d2a Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	4.8 kB	2023-03-08	2023-03-11
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 178.249.97.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:48:14 Last Seen2023-03-11 23:43:31 Times Seen1 Hash 0941b90def0a8bd1772317cb7e81fd69 7634cbc3c78ba322d1e19956527fabbd6cea6148 4aefdb1686ecab265154e1f886aab236a648330cd854612b617507049f4acfa4 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB	6.9 kB	2023-03-08	2023-03-13
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB IP 178.249.97.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-13 05:20:07 Times Seen1 Hash 25b354fc45086b915fa94f97c9cc58ae 5bd0d310a8f47a61e2334f21639f42ab311084a6 af66cd639d81a60d2fefeb1de44d09fd7e4c5500a9487e68a15a9a73449ac3ac Loading...

	va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1670089910243&loc=http%3A%2F%2Fsecure03citizen.myvnc.com	11 kB	2023-03-07	2024-01-24
Pretty URL va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1670089910243&loc=http%3A%2F%2Fsecure03citizen.myvnc.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:29 Last Seen2024-01-24 23:53:16 Times Seen76 Hash 684a1d2bbad42091bd0b0f0e93b4789c d3b36b031484bebf727128400274618226131a37 7271e3119ee8205a39f0c06adafde464aa535e02519a0884296950aede89f177 Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 03:16:41 Times Seen37029941 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549	94 kB	2023-03-07	2024-04-23
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-23 15:08:43 Times Seen444 Hash d32e789b3183ed4536dc36e4cabf74ec 6b90b3e6dc44c30dcfa273e7c48d31ec00aac82b 5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549	40 kB	2023-03-08	2024-04-23
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:32:35 Last Seen2024-04-23 15:08:43 Times Seen481 Hash 0dfc7fa7d2051d776d5937b7a3a7c4dd e0548931c28581b7f1975bf8c2d8b03b94591b87 3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983 Loading...

	cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?	373 kB	2023-03-07	2023-03-17
Pretty URL cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js? IP 104.18.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2023-03-17 12:37:45 Times Seen1 Hash 845173368b011e7fa14658b57426fe09 e848d5550ae3d080f6d17dcb7bb9bda7f30e0f35 539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549	7.9 kB	2023-03-07	2024-04-23
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-23 15:08:43 Times Seen363 Hash d53092c1d6e0a7a3d1bb802c67a6e1e9 2556ea4f15518fa36d0b92666e22ce28edec6745 0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	147 B	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash 4455727e85ed6be9deb3422e34ea2129 30f51ab43939efd904518cf3e0bcbd961245fc4d bbb46962b6f3dc24db2df9f8747abee8bed42adea34cb385ff012131b81c7ff5 Loading...

	cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js	54 kB	2023-03-07	2024-02-27
Pretty URL cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js IP 143.204.55.51 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:55:15 Last Seen2024-02-27 00:41:08 Times Seen30 Hash 2f00c36a98a61ed5bacde3c5ad0a3efe b6fcd72181d79a4225bb7cd4288260fa9aa44624 9b0f859e5508780a810e47e772554395a5d2ae5e679c338df1b6cd600d69dad2 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&force=1&env=prod&isCrossDomain=true	38 kB	2023-03-08	2023-05-14
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&force=1&env=prod&isCrossDomain=true IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-05-14 04:54:44 Times Seen42 Hash b56f93ab24c5150fa2ac4d7bf2ba02a7 0f896104da3f556119616da6ad0484c28f4f9395 a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549	984 kB	2023-03-08	2023-07-23
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-07-23 21:43:58 Times Seen11 Hash 09fab59974228dd3746a95d0540621a6 c6481e3f91a22e047b5d134838c4daece1a2853b 6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331 Loading...

	secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=	138 B	2023-03-07	2024-02-14
Pretty URL secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= IP 20.11.65.188 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash e2d3b0bd12282cea9200f36be44b4f14 bf32cee71e578707194ab684a887709881585ccc 411d2d562326e1db3612706ee2907e6271e1443784ada6c347402120d3558d78 Loading...

	nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js	809 kB	2023-03-08	2023-03-11
Pretty URL nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js IP 151.101.1.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:35:17 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 7dd7a0cbfa04919de4a6dd07c7075dbc a3c0397f46134a2b55e625aaabd801a2545ffd82 b9e9bc139770d4f0e96fe24c026a5d2fb0a57642939f1beaecf454d1c0750f18 Loading...

	lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3	295 kB	2023-03-08	2023-03-08
Pretty URL lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 IP 178.249.97.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:26:28 Last Seen2023-03-08 15:26:28 Times Seen1 Hash eed86d67b12227c215078d7b88f00062 936a4868b1479b87433a96a0641af5612e5dda42 ef02d42d1a4102ae51cb385a425e376eb69f96a51045f0b3226916d681caddc5 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&env=prod&isCrossDomain=true	39 kB	2023-03-07	2024-03-12
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&env=prod&isCrossDomain=true IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-03-12 06:48:19 Times Seen234 Hash a3a38a5d6888ddc1831a811e9d428c77 2ca5b076aea8b4c6ff7ad1873de4ade91d66511f d4676cbbadec76c9f89f5b771a7f4927d544b4d76801e40e9957493e038e0db4 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js	93 kB	2023-03-07	2024-04-21
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:42 Last Seen2024-04-21 02:46:50 Times Seen446 Hash 663628f795cb62444143fde1ebdf2b5b 1ec97b491c8a1c72055bd635f0c8dd843cae43d6 aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801 Loading...

		Size	First Seen	Last Seen
	#1 Eval - fa28bae7148454e1f6d8052e5c403243	84 kB	2023-03-07	2023-04-18
Pretty Observations First Seen2023-03-07 17:55:22 Last Seen2023-04-18 20:43:16 Times Seen32 Hash fa28bae7148454e1f6d8052e5c403243 a168b44f58bbf9c1ae68e5415d55749e810a9e02 594eaf3a5ff472b716d25d866978e1b336decf1d6efe6923a65b4627fa8e2d6b Loading...

		Size	First Seen	Last Seen
	#1 Write - 7a09c7092e8f36a0dc39b789b49dcf62	102 B	2023-03-07	2024-02-14
Pretty Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen52 Hash 7a09c7092e8f36a0dc39b789b49dcf62 97a3667b625bf026f5f16bc2fa33affaefd47a5b 8703c94f4b4a9f3c9274d316563d3edaf890f903523a5ccc7fab8488d6684d79 Loading...

HTTP Transactions (102)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9744
Expires: Sat, 03 Dec 2022 20:34:11 GMT
Date: Sat, 03 Dec 2022 17:51:47 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4239
Cache-Control: max-age=150604
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 17:51:47 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:41:51 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 17:20:00 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1907
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15869
Expires: Sat, 03 Dec 2022 22:16:16 GMT
Date: Sat, 03 Dec 2022 17:51:47 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: d2DFy1j1MsQbZkbQAvuZQWdQILEOXlG2ByRPhjUe+znjf6ycrQ8FcmbkoQrtfznpuI9EN70xlRY=
x-amz-request-id: YYXX0N0PVEKNS3CC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 17:46:39 GMT
age: 308
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 17:51:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

54.230.111.14

200 OK

32 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (594)
Size
32 kB (32167 bytes)
Hash
61123b2865b71f2625a4d0c8056f3ceb
b1f90f08ff182c355179703809d8bae5674bf55b
f1afbe14528a3ae3b360e9e0c47a414207266c56935aa6e98c9cd24031973d3f

HTTP Headers

GET /citizensbank/olbprod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 30 Nov 2022 15:57:24 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:22 GMT
ETag: W/"39bf7a3a8df0e7cc7aac36800368843a"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=300
x-amz-version-id: n.3u3tglJzlUidakqrAu0WJ9p85U4QzX
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9e9Ngq8KANthmCGsDGossFrHFgP_3ZUUh6YqQg0yEk6SItQEmPaBBA==
Age: 266064

secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=

20.11.65.188

200 OK

26 kB

URL HTTP/1.1
secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672), with CRLF line terminators
Size
26 kB (26142 bytes)
Hash
b27bd01402693bedb7107dec85a3f2df
0129e5275b6bbdd6355d291eaebc22e6da532c41
bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected

HTTP Headers

GET /login.php?online_id=50b15935b6891d843962a9ad2&country=&iso= HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:47 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
d4f7376e613199e6cef4e47515ccad25
5ce176918333e8cbb4a346cb65866b73781c2a7d
c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1938
Expires: Sat, 03 Dec 2022 18:24:06 GMT
Date: Sat, 03 Dec 2022 17:51:48 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
d4f7376e613199e6cef4e47515ccad25
5ce176918333e8cbb4a346cb65866b73781c2a7d
c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1919
Expires: Sat, 03 Dec 2022 18:23:47 GMT
Date: Sat, 03 Dec 2022 17:51:48 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
d4f7376e613199e6cef4e47515ccad25
5ce176918333e8cbb4a346cb65866b73781c2a7d
c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1938
Expires: Sat, 03 Dec 2022 18:24:06 GMT
Date: Sat, 03 Dec 2022 17:51:48 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
d4f7376e613199e6cef4e47515ccad25
5ce176918333e8cbb4a346cb65866b73781c2a7d
c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1919
Expires: Sat, 03 Dec 2022 18:23:47 GMT
Date: Sat, 03 Dec 2022 17:51:48 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
d4f7376e613199e6cef4e47515ccad25
5ce176918333e8cbb4a346cb65866b73781c2a7d
c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1938
Expires: Sat, 03 Dec 2022 18:24:06 GMT
Date: Sat, 03 Dec 2022 17:51:48 GMT
Connection: keep-alive

secure03citizen.myvnc.com/efs/efs/jsp-ns/pm_fp.js

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/efs/efs/jsp-ns/pm_fp.js
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:47 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

104.110.3.220

200 OK

10 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
10 kB (10382 bytes)
Hash
e8a5a242bcaea8c7314ccbb04612d922
101e2286a81e108dd00c618032d793b2dc5366b3
8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5edc9641aad15"
last-modified: Sat, 03 Dec 2022 07:29:17 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2125
x-olb-req-received: t=1670052545056164
content-length: 10382
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www4.citizensbankonline.com/akam/11/7c3ed55c

104.110.3.220

404 Not Found

9 B

URL HTTP/2
www4.citizensbankonline.com/akam/11/7c3ed55c
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 03 Dec 2022 17:51:48 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=0D7D9817AE832232F347230E5B8D6B5F~000000000000000000000000000000~YAAQnE8kF4nkg4SEAQAAop8d2RGXSYV9J4dLKlNZZ7hIopj01ZJFu+4PjRNOrj2xrGBszkSwlDleqVi/eHWmv9ZTFd7CxFxj3HNNNEaQdMTH8sHsZmLdzCHIjiLtw94o/jBcxgff8KL71vVS/aV1F+bozInj1sHu2M2gUfNerC/KjQadGL6SWSHrTA0BN8IP3igAj7oNAm7MW147MRLG/gybx9RAun6iQwkFaeZwdzKyBdwTz9tef5NWkQ7ZFGXL90cp+w6EcFu233pqzgq8wtUfmE54ecBe0+4LSyH/T+QO8CYbBOZsgibhUjE0I6DBPzzHbQG33H8ypTE3y31G020DOlD+gYxLuVgS9EYSxRbLxmSBJYzAdgiuiGpI6SCdg+cS+/tCUVYGOnKHYYIXk2j082uY; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 03 Dec 2022 19:51:48 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 17:08:58 GMT
cache-control: public,max-age=3600
age: 2570
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

104.110.3.220

200 OK

4.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
4.0 kB (3967 bytes)
Hash
cc2102df58511c9a2653b1dff48ca8d7
64790e6adff6768178ab7d0ad9a4fbc2849b81f2
b9abbff7d9e75763790fd3b291f21525fe85583b397fe5f4b260bc99ff48aab7

HTTP Headers

GET /efs/efs/jsp-ns/scripts/main.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4c03-5edc964846475"
last-modified: Sat, 03 Dec 2022 07:33:46 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=893
x-olb-req-received: t=1670052545697850
content-length: 3967
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

104.110.3.220

200 OK

39 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
39 kB (38875 bytes)
Hash
2940c843ff15ab8e9f02511625f33e57
98ccd0fb1d60770a1aadf90d41daa49cab543cb3
4aed3165815cc1806999483e40a47863accf1cead25769de0162921f2f590298

HTTP Headers

GET /efs/efs/jsp-ns/scripts/plugins.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "31d24-5edc964dee165"
last-modified: Sat, 03 Dec 2022 07:30:01 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=8422
x-olb-req-received: t=1670052551104316
content-length: 38875
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

104.110.3.220

200 OK

1.4 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (4237)
Size
1.4 kB (1394 bytes)
Hash
f42064b9d324029ba5cb5afccc50b641
3993f47a728f00ee410a143361ab33b0339455f7
b02a1a4d60ab1f5c740784e9a27a7f0a85178466573fb29fb0bd7afdccf7b5f0

HTTP Headers

GET /efs/efs/jsp-ns/scripts/placeholders.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "10aa-5edc9641ad425"
last-modified: Sat, 03 Dec 2022 07:30:05 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=323
x-olb-req-received: t=1670052545707479
content-length: 1394
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

104.110.3.220

200 OK

5.3 kB

URL HTTP/2
www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5277 bytes)
Hash
beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

HTTP Headers

GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 02:04:01 GMT
etag: "149d-5e849138ad893"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1670052546786770
x-olb-req-duration: D=135
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567549
expires: Sat, 10 Dec 2022 07:30:57 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

104.110.3.220

200 OK

5.5 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
HTML document, ASCII text, with very long lines (14756)
Size
5.5 kB (5535 bytes)
Hash
088d590db53a3ede82a998537283c75d
87ed57fd5e2a623f35f80a3684c2de916ce4e2f8
d45c62a7108121887dc8866d445dde985d96b82143b3da2c9068e32caf316db4

HTTP Headers

GET /efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "3c36-5edc9641ad03d"
last-modified: Sat, 03 Dec 2022 07:29:56 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=727
x-olb-req-received: t=1670052550872925
content-length: 5535
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

104.110.3.220

200 OK

2.3 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
2.3 kB (2300 bytes)
Hash
0a445a15e0f09a7738952731fdf3fe9d
3d4cef20189303cc4f24c27da1b8d2043e700cea
173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5edc9641aad15"
last-modified: Sat, 03 Dec 2022 07:30:08 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=474
x-olb-req-received: t=1670052545638108
content-length: 2300
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

104.110.3.220

200 OK

3.1 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (17412)
Size
3.1 kB (3118 bytes)
Hash
ac9a70a6f100c02749dfadb709b6eadf
69906e55ace36c217a52d428029a3c71dc16a7e4
466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5edc964843d65"
last-modified: Sat, 03 Dec 2022 07:30:45 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=636
x-olb-req-received: t=1670052545660571
content-length: 3118
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4202
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 17:51:48 GMT
Last-Modified: Sat, 03 Dec 2022 16:41:46 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

104.110.3.220

200 OK

2.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
2.0 kB (1975 bytes)
Hash
07507f946ee4b2b9d4affc283b431119
00218cebeb305b00ae4ef74e4a67957d3c43e6f2
44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5edc9641a5725"
last-modified: Sat, 03 Dec 2022 07:33:21 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=460
x-olb-req-received: t=1670052545738118
content-length: 1975
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

104.110.3.220

200 OK

1.2 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.2 kB (1227 bytes)
Hash
e9404d7ddc1ef0b93851879620bfea8a
69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5edc9641a533d"
last-modified: Sat, 03 Dec 2022 07:30:07 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=480
x-olb-req-received: t=1670052545714612
content-length: 1227
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

104.110.3.220

200 OK

32 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Size
32 kB (31968 bytes)
Hash
d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "7ce0-5edc9641aa545"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1670052549320560
x-olb-req-duration: D=161
access-control-allow-origin: *
cache-control: max-age=567325
expires: Sat, 10 Dec 2022 07:27:13 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19330%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

104.110.3.220

200 OK

29 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32089)
Size
29 kB (29409 bytes)
Hash
82481a92ac472d179954d66e38f72d07
ea65071dbc1ab11ed29e76bdd30eabbe6cdbc3ec
c8e2e6f9e0e01dcfec7f2633efdd7f8f9d78ba3920e86a0d1231f487928b5fe4

HTTP Headers

GET /efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "169d6-5edc9641ab8cd"
last-modified: Sat, 03 Dec 2022 07:34:12 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=4617
x-olb-req-received: t=1670052613286413
content-length: 29409
cache-control: max-age=71873
expires: Sun, 04 Dec 2022 13:49:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19330%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www4.citizensbankonline.com/akam/11/7c3ed55c

104.110.3.220

404 Not Found

9 B

URL HTTP/2
www4.citizensbankonline.com/akam/11/7c3ed55c
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 03 Dec 2022 17:51:48 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=3FD76E31EA214639F846A9C665E16B51~000000000000000000000000000000~YAAQnE8kF4/kg4SEAQAApKAd2RGWjHlUVrhpAOP5y8mpaOTRE9dHmV0Ord+tY8+/qRwPjXm5SO+XNFNmkVjA7tbeyE4d0FKbYQmDPHKTGeZAiAQ9zN9XPEjxq1dfQV5myHc4U06JttdyBd+osZ/kAS40G9X2/04/6mrE3HdND/zIckEmNaQMrrOqLUKVlsA2TTKLxcpnCjxW5n9k2wf1SFRCsym6OG7VI7oy52jpvM6+NW/GanULJ3mjf9yPM0UuKhrZ37OuRS6YVqNwMnGZ2nJMnoSrjfMj7zl8mCtvAev3qwA5I+ypOeK8qGiQ/yVoUSM+0Maw68x/V7nDd8x52RHmPVeoE0gXOh9DSVtSBT5d4t1xECT+IheEHDFOmn8LtzUiIbZEzA9VKL0/0Vx4FlGPRLJn; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 03 Dec 2022 19:51:48 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.161.148.163

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.148.163:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NDdDY41t5+pNVZugsuxItg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cl0IcbcxUyUh2XsDGzJyAN8565Y=

secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19330%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/js/tealeaf.js

104.110.3.220

404 Not Found

9.9 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
9.9 kB (9934 bytes)
Hash
7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411

HTTP Headers

GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:35:21 GMT
etag: "26ce-5c06931abe040"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1670089908525981
x-olb-req-duration: D=174
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=855
expires: Sat, 03 Dec 2022 18:06:03 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=387, origin; dur=65
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=6F9DCECA0FEF4387E2E99E45C5CAEC5B~000000000000000000000000000000~YAAQnE8kF5rkg4SEAQAAiqEd2REOE2sMfjuuVXOCdE246lJ2uyOG6Q7tfwko9Hfi+E13ev2Fclr1dmurISqgUvBEOIUTQsY39NzbyaYvz+fbT4Vb/9gNattcoXAu/iijC/idUSSt7git4w3ae9GvqdNI3jZHQxtoT3c7+qXibmIcioCJcsZz0/sB2qZvHa7BFCfeuMJeerdYWIg8Qn5B1NRRD1+SZ+opaMWvncNbAH3Dd8Bt+GdtCbq6nDRyMlYjgDqtttpucUJ69HIARe21Et/L+YAyMpD+SDH5sypvbxWT4bF2a20hyGCpuG+gugU+L0KHf21aqQ2YLhirDIkYVJF28QiU62k+YO56rlxaD3yMAScSckJo+juQGDJCbgK5g/lnzSmGDE1w/jDJV/0ECK0i7FoC; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 03 Dec 2022 19:51:48 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

104.110.3.220

200 OK

292 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
292 B (292 bytes)
Hash
18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

HTTP Headers

GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cbd9f7"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1670052546994214
x-olb-req-duration: D=95
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567403
expires: Sat, 10 Dec 2022 07:28:31 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

104.110.3.220

200 OK

364 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

HTTP Headers

GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbd78f"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1670052547320038
x-olb-req-duration: D=134
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567475
expires: Sat, 10 Dec 2022 07:29:43 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

104.110.3.220

200 OK

1.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1017 bytes)
Hash
e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

HTTP Headers

GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4f6f"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1670052547219726
x-olb-req-duration: D=138
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567571
expires: Sat, 10 Dec 2022 07:31:19 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

104.110.3.220

200 OK

1.1 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1054 bytes)
Hash
dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

HTTP Headers

GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4f6f"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1670052547314221
x-olb-req-duration: D=103
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567413
expires: Sat, 10 Dec 2022 07:28:41 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

104.110.3.220

200 OK

165 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
165 B (165 bytes)
Hash
1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

HTTP Headers

GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5108"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1670052547334987
x-olb-req-duration: D=122
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567410
expires: Sat, 10 Dec 2022 07:28:38 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

104.110.3.220

200 OK

18 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Size
18 kB (18524 bytes)
Hash
022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "485c-5edc964de6c36"
accept-ranges: bytes
content-length: 18524
x-olb-req-received: t=1670052549105303
x-olb-req-duration: D=189
access-control-allow-origin: *
cache-control: max-age=567506
expires: Sat, 10 Dec 2022 07:30:14 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

104.110.3.220

200 OK

32 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Size
32 kB (31864 bytes)
Hash
0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "7c78-5edc9641a7a4d"
accept-ranges: bytes
content-length: 31864
x-olb-req-received: t=1670052549611568
x-olb-req-duration: D=175
access-control-allow-origin: *
cache-control: max-age=567451
expires: Sat, 10 Dec 2022 07:29:19 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

104.110.3.220

200 OK

28 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "6ccc-5edc9641a89ed"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1670052549307657
x-olb-req-duration: D=180
access-control-allow-origin: *
cache-control: max-age=567522
expires: Sat, 10 Dec 2022 07:30:30 GMT
date: Sat, 03 Dec 2022 17:51:48 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19330%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:48 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/content/930e113327rn2365aa3b7b98b0447e8d
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19330%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:49 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js

20.11.65.188

404 Not Found

315 B

URL HTTP/1.1
secure03citizen.myvnc.com/efs/efs/jsp-ns/scripts/common.js
IP
20.11.65.188:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Citizens Bank
urlquery		DynDNS domain detected
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: secure03citizen.myvnc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/login.php?online_id=50b15935b6891d843962a9ad2&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19330%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 17:51:49 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png

104.110.3.220

200 OK

14 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13907 bytes)
Hash
172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e

HTTP Headers

GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "3653-5edc9641b8005"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1670052563182568
x-olb-req-duration: D=181
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567357
expires: Sat, 10 Dec 2022 07:27:46 GMT
date: Sat, 03 Dec 2022 17:51:49 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png

104.110.3.220

200 OK

11 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10871 bytes)
Hash
f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f

HTTP Headers

GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "2a77-5edc964df98fd"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1670052545026832
x-olb-req-duration: D=132
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=567402
expires: Sat, 10 Dec 2022 07:28:31 GMT
date: Sat, 03 Dec 2022 17:51:49 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D

54.230.111.14

200 OK

397 B

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (396)
Size
397 B (397 bytes)
Hash
692a8fc3bc4d4c46f19149f4567bd9ed
faa990320e16971f700c625d16d97a9f73eeb5ab
6176f70ae948c321878aa66eb38fd325d75dc24781500ada481de03c19dffe7f

HTTP Headers

GET /citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Fsecure03citizen.myvnc.com%2Flogin.php%3Fonline_id%3D50b15935b6891d843962a9ad2%26country%3D%26iso%3D HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 397
Connection: keep-alive
Server: nginx
Date: Sat, 03 Dec 2022 17:51:49 GMT
Expires: Sat, 03 Dec 2022 17:51:48 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GS5RZbkkwJ8sofp9YAdaFagUGUXg23VMy29dIQo0qKOTv5v1vzQabw==

nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117

54.230.111.14

200 OK

31 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1970)
Size
31 kB (30927 bytes)
Hash
a0dba5dbfa16042bda087c6083552e9a
cc89e54e8e3270b77981a7432eab61216566d142
591fc45eb6acfef9e3b2135060c5aa24a0a1d2e16ee8212bbce4707a28904428

HTTP Headers

GET /citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 15 Nov 2022 01:44:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 04:24:01 GMT
ETag: W/"7f943d1386ac8d666a04c5f7c1aca6a2"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: 7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TCMsYDnzYpQP-yUkICv6tOI2k9RwuoI2djHIRXsuvP0dTPZgwiBPqw==
Age: 1613243

nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909

54.230.111.14

200 OK

4.5 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (564)
Size
4.5 kB (4511 bytes)
Hash
4eee113a2cbdf5637739f6a81b76e867
ca348fd2104cca87655b1b8e628cedf28ab602c7
4f07acd76593e8e79d3b728d040920b09dd91517601cfd7b082694db3ba4a450

HTTP Headers

GET /citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 01:28:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:21 GMT
ETag: W/"83105033d3f7f9905b026d4c409b655e"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: UC6_GkBHShiJU9saRInmbngEX7lPiXpp
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: k8jScqAF8LzH3EiBblyEzprCJ953jTmcq8sMsGwX_nYSfl8AWg_ElA==
Age: 2564603

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ba8ff02e11d13ba757cfecb100ac92a
b37d0ed2c4c9c6199e84928a39c0dc32b77c1c9f
3545aa0f186551f560b9324b6887811b6966fe4500610438a2db5d7805f5d724

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4028
Cache-Control: max-age=134533
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 17:51:49 GMT
Etag: "638ae77e-1d7"
Expires: Mon, 05 Dec 2022 07:14:02 GMT
Last-Modified: Sat, 03 Dec 2022 06:06:54 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862

52.213.58.50

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862
IP
52.213.58.50:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure03citizen.myvnc.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=08107908780846810193268462051528334189; Max-Age=15552000; Expires=Thu, 01 Jun 2023 17:51:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: RzvHGucGQU0=
Content-Length: 0
Connection: keep-alive

cdn.appdynamics.com/adrum/adrum-latest.js?

143.204.55.51

200 OK

40 kB

URL HTTP/1.1
cdn.appdynamics.com/adrum/adrum-latest.js?
IP
143.204.55.51:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (644)
Size
40 kB (40203 bytes)
Hash
cd86db0f552897dc33e8433d0cf9bad2
676df314ca85d1418ffb110f3979c31281da027d
fd30f76d2b4bebd4b4bd680793a8a993b46a15808c0cea0533e629fc2990889f

HTTP Headers

GET /adrum/adrum-latest.js? HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 06:21:09 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:13 GMT
ETag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uFRmvasE-MEmcHIEYmfSvStLqvJ8uTq-Umz7aZrkQhDAcBO84xxA0A==
Age: 2547040

dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862

52.213.58.50

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862
IP
52.213.58.50:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1670089905862 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure03citizen.myvnc.com
Content-Type: application/x-www-form-urlencoded
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure03citizen.myvnc.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0a2056b15.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: RrgYwMVgRLk=
Content-Length: 124
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
9f2378d6e2b4b5346f097d96548e9813
7852b0cc2dd933548cc640e04e9e4acd53c72850
b62b2705dab87a78159a77c0c70f1d894cce1d1435a94c2336f86fedb8d5a161

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 15:43:23 GMT
Expires: Sat, 10 Dec 2022 15:43:22 GMT
Etag: "7852b0cc2dd933548cc640e04e9e4acd53c72850"
Cache-Control: max-age=596492,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e270eb9860b3d-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3713
Expires: Sat, 03 Dec 2022 18:53:42 GMT
Date: Sat, 03 Dec 2022 17:51:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3713
Expires: Sat, 03 Dec 2022 18:53:42 GMT
Date: Sat, 03 Dec 2022 17:51:49 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5354 bytes)
Hash
1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:53:40 GMT
age: 43089
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 69165
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9715 bytes)
Hash
45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 72835
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7657 bytes)
Hash
3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 72842
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
fcb89ca25035b2bbb71ae5dd175fcd40
544428cdad754b1bb7be3cd46a79bf078fd5b450
36dcbbe6cd2710ee502776b4bcf32053e92b750a55e2bd4cdeadbc694c7c2699

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: c824c317-e6e3-4006-9f9d-ea54e8170a4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cf2_tGErIAMF8_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63896b97-7fc523296afea4dd4b5d1de8;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 03:05:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tp50A9LYeT1RvSPImBUoQNKtarPryKb8Zacm_nxqDh-gegwdQov7Nw==
via: 1.1 40b967aa4aa18637c4b91214147f3cb4.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 03:50:52 GMT
age: 50457
etag: "544428cdad754b1bb7be3cd46a79bf078fd5b450"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

lptag.liveperson.net/tag/tag.js?site=89632304

178.249.97.23

200 OK

7.6 kB

URL HTTP/2
lptag.liveperson.net/tag/tag.js?site=89632304
IP
178.249.97.23:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (21652), with no line terminators
Size
7.6 kB (7567 bytes)
Hash
6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd

HTTP Headers

GET /tag/tag.js?site=89632304 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:49 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 42659
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js

143.204.55.51

200 OK

20 kB

URL HTTP/1.1
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP
143.204.55.51:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (574)
Size
20 kB (20314 bytes)
Hash
cca1b9c013b93bd73bf4f55b122ba8db
ed011720d910a5b69db06ebaabcd95d013255752
d5ef573c9770681c3a75ec78445d0c785ca6659a0cf25f145ddfbae414b0b77a

HTTP Headers

GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 16 Nov 2022 01:06:39 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:12 GMT
ETag: W/"6317b608-d132"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lce5DTRL7oK7ERTeKBpJp-pxDPSMXsaluiVhK4yZLgol8_0vWTaLtA==
Age: 1529110

cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?

104.18.14.22

301 Moved Permanently

167 B

URL HTTP/1.1
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP
104.18.14.22:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 17:51:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
X-Cache: Redirect from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Frb_xmF469mXQF00UXK5is9RcM4egLnjTTQgt4cwMyj_GIKqi2VaOg==
CF-Cache-Status: HIT
Age: 3706
Expires: Sat, 03 Dec 2022 21:51:49 GMT
Cache-Control: public, max-age=14400
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773e2710c895b500-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e37af1ab543b0f7accfc3afda28ea42e
9846490c052231f35f0e69a32d4af11477cf8ea7
eef1ab31f5dd7bc61dd39ce80c30ce760dc8c2d45b9c271d5e21ddd53d5848bc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=110012
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 17:51:49 GMT
Etag: "638a9771-1d7"
Expires: Mon, 05 Dec 2022 00:25:21 GMT
Last-Modified: Sat, 03 Dec 2022 00:25:21 GMT
Server: nginx
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
7268b39f4d9c908504e6e6c81297a5d9
91a7451234e3337edbb92c05b08b19d9cdb715c5
9264c1e6087f7b8b208fbfc95b594dd6beaa89ff23118a60609db217e6b7c491

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5115
Cache-Control: max-age=97108
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 17:51:49 GMT
Etag: "638a510e-116"
Expires: Sun, 04 Dec 2022 20:50:17 GMT
Last-Modified: Fri, 02 Dec 2022 19:25:02 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 278

smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1670089907570

15.236.176.210

200 OK

48 B

URL HTTP/2
smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1670089907570
IP
15.236.176.210:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
be29a960e8709a540e38191768d166ac
dc25b6a90330f7be3b803a0e181286163964dfd2
e1f302dc9b30391909988b8a7e918dd40c3b0ff3b5501f506e93f241391666a9

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1670089907570 HTTP/1.1
Host: smetrics.citizensbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://secure03citizen.myvnc.com
access-control-allow-credentials: true
date: Sat, 03 Dec 2022 17:51:49 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=0%7CMCMID%7C42913155655631040710506900679344564823; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Mon, 02 Dec 2024 17:51:51 GMT;
s_ecid=MCMID%7C42913155655631040710506900679344564823; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Mon, 02 Dec 2024 17:51:51 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

nebula-cdn.kampyle.com/wu/356861/onsite/embed.js

151.101.1.175

200 OK

516 B

URL HTTP/2
nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (573)
Size
516 B (516 bytes)
Hash
0949250dbf9dfbf5a4b558745f9c2777
501ab60bb5a0f1febd09ff9335c897391f8fb8e4
25ca704d115ceeb422832620edfaf6425e94e31b10ecb420644a967e20105943

HTTP Headers

GET /wu/356861/onsite/embed.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 7q4E+xJya3JQN02XYVcawmxqX7Vp8BBOuEH782L5SG5wU1Ky5WmN4+xTgd0GSFqBZygzHz92MKg=
x-amz-request-id: T3YET0YCYQ48Q1VS
last-modified: Thu, 17 Nov 2022 01:43:28 GMT
etag: "d702a2b9ebe4f8826d0a3b100f1e7b3d"
x-amz-version-id: mptjfWx1ykDRDnf_B8nj8XXvWUEoGBBU
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 17:51:49 GMT
via: 1.1 varnish
x-served-by: cache-bma1672-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670089910.958237,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 516
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=42913155655631040710506900679344564823&ts=1670089907830

52.213.58.50

200 OK

1.3 kB

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=42913155655631040710506900679344564823&ts=1670089907830
IP
52.213.58.50:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (3749), with no line terminators
Size
1.3 kB (1316 bytes)
Hash
1adb9deb564de55820e33c3b90b7606b
ff8aa8051fdc429ee72ee89bea1262938c5c6f21
3e9e873309e134a7d90600aa12c0a58c3b0f89221dd1d4c6572669c1d911310e

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=42913155655631040710506900679344564823&ts=1670089907830 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://secure03citizen.myvnc.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-03c381005.edge-irl1.demdex.com 10 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=42882396458007073600506633530209489968; Max-Age=15552000; Expires=Thu, 01 Jun 2023 17:51:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: CCV2YrSWTnQ=
Content-Length: 1316
Connection: keep-alive

nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js

151.101.1.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
Accept-Ranges: bytes
Date: Sat, 03 Dec 2022 17:51:49 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1657-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1670089910.998709,VS0,VE0
Strict-Transport-Security: max-age=31557600

nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js

151.101.1.175

200 OK

115 kB

URL HTTP/2
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP
151.101.1.175:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (53474)
Size
115 kB (115133 bytes)
Hash
7ed0576023d7e4cdb6411897ed856328
38ea0ed2a3b78b8ad6b474be67c5922124342c11
fbfdcefb6749b742b55a9d6c2d2e294772d67cf51a3ef7b1929ee75107ea1f7c

HTTP Headers

GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: R245FGFYgLzgm6CjhZXX391x+/nrm8EsevbjLVXUitRuMOvvg1EDEb/G66Uls1eoe7HL3lmQCiY=
x-amz-request-id: T3Y691PWPTBXF4W3
last-modified: Thu, 17 Nov 2022 01:43:27 GMT
etag: "7dd7a0cbfa04919de4a6dd07c7075dbc"
x-amz-version-id: 9Qu9pUDBqhBI0WezIkmyLK82GWZf1Oui
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 17:51:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1672-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670089910.022499,VS0,VE2
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 115133
X-Firefox-Spdy: h2

cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?

104.18.14.22

200 OK

117 kB

URL HTTP/2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP
104.18.14.22:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (62048), with CRLF line terminators
Size
117 kB (116842 bytes)
Hash
e5b7d9a32349f6283728100e9303611a
a1f0ccb9c08c0a3c120da92a60ee0e44c5562b3e
214b0f43cd6abf49bcf27c975af3f37c2f6eb00f8292203393ad8a2b284ed83a

HTTP Headers

GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:49 GMT
content-type: application/javascript
last-modified: Thu, 13 May 2021 10:48:21 GMT
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding: gzip
etag: W/"845173368b011e7fa14658b57426fe09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TjES7ym4ShstKtpj1GLznZjl8VeU-G2N0yGQlAXn4IB-OQXucq9_RQ==
cf-cache-status: HIT
age: 4809
expires: Sat, 03 Dec 2022 21:51:49 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 773e27111865b50c-OSL
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d84f332a20d4a9c17f1644f797a3af07
aaba01a86b2abcde81e39756bc696ee4d52b35ad
8e4e470dbb95393d82167c0a339a2c84df6a06d923fd4296949a2c996f0aded0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 17:51:50 GMT
Last-Modified: Sat, 03 Dec 2022 16:04:45 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x-_qznROsv5EtrEr8ht2oHXfc4SXQdHL5bbsbPYalsy_ZSY0gzUC1w==
Age: 6425

ocsps.ssl.com/

34.237.184.165

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
34.237.184.165:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
cd00f4427814f0c2c472e714dfd1b6d3
dfb50b52e201f8e78ff4ff9f558c7266b7564d4e
fc4239b3df0f64b5a27a8e000c0bebbe5c23183e09a50e62ed2aa0a65823bae7

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 17:51:50 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Sat, 10 Dec 2022 15:31:02 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "dfb50b52e201f8e78ff4ff9f558c7266b7564d4e"
Last-Modified: Sat, 03 Dec 2022 15:31:03 GMT
X-Proxy-Cache: HIT

report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac%3A0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pv=2&f_cls_s=true

54.235.78.87

200 OK

428 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac%3A0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pv=2&f_cls_s=true
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
428 B (428 bytes)
Hash
f65c2f6026422b3eb2a41abc94a1bc4f
19c107063fbea6cab32e203beb46c7fca77a1e3a
b468c256c22768ee6fb2aceed3510d53be152ea9ec7234b2124e83361d7d020b

HTTP Headers

GET /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac%3A0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pv=2&f_cls_s=true HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:50 GMT
Content-Type: application/json
Content-Length: 428
Connection: keep-alive
Set-Cookie: AWSALB=NjSwr8cTrU/i2EkcWLu3eA4m0T+K0acDUgkEit9JsRw1WSdzqs+mdcFdzmf8lqIeWpckXqWaohpAePxTpd25kn2Q+o/n2ekCt1thUFnsxw97UYQhWpXrbRMlwWCc; Expires=Sat, 10 Dec 2022 17:51:50 GMT; Path=/
AWSALBCORS=NjSwr8cTrU/i2EkcWLu3eA4m0T+K0acDUgkEit9JsRw1WSdzqs+mdcFdzmf8lqIeWpckXqWaohpAePxTpd25kn2Q+o/n2ekCt1thUFnsxw97UYQhWpXrbRMlwWCc; Expires=Sat, 10 Dec 2022 17:51:50 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0; Secure; SameSite=None
_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://secure03citizen.myvnc.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5025

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ff01833196b3205b8fb48274485a96a1
e1672efdac991316f321eff3cf9cbbfc5233ca16
b861b8505c7916f02acdadf2eb886e1bf89d93875c4e7f4f11498e94164cb35e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=162848
Date: Sat, 03 Dec 2022 17:51:50 GMT
Etag: "638b569f-1d7"
Expires: Mon, 05 Dec 2022 15:05:58 GMT
Last-Modified: Sat, 03 Dec 2022 14:01:03 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O_M43r-CTuqEed7BT3p5CcLhWyTlfCXXYkrwaVmB3uRZlTf6NzpXcw==
Age: 3895

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vc2VjdXJlMDNjaXRpemVuLm15dm5jLmNvbS9sb2dpbi5waHA/b25saW5lX2lkPTUwYjE1OTM1YjY4OTFkODQzOTYyYTlhZDImY291bnRyeT0maXNvPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjcwMDg5OTA4MDc3IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkOTFkOWY1OTI2Ni0wMjRhNTc0ZGIwYjEyMS1jNTA1NDI1LTE0MDAwMC0xODRkOTFkOWY1YTM2ZiIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1tYWluIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cDovL3NlY3VyZTAzY2l0aXplbi5teXZuYy5jb20vbG9naW4ucGhwP29ubGluZV9pZD01MGIxNTkzNWI2ODkxZDg0Mzk2MmE5YWQyJmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjFhNGYtNTlmMy1mYjNlLTEyYjktZGMzNS04NWQ3LWQzZTUtYzNhYSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjcwMDg5OTA4MDc2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDU3MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDguMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDguMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3MDA4OTkwODA3NywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vc2VjdXJlMDNjaXRpemVuLm15dm5jLmNvbS9sb2dpbi5waHA/b25saW5lX2lkPTUwYjE1OTM1YjY4OTFkODQzOTYyYTlhZDImY291bnRyeT0maXNvPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjcwMDg5OTA4MDc3IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkOTFkOWY1OTI2Ni0wMjRhNTc0ZGIwYjEyMS1jNTA1NDI1LTE0MDAwMC0xODRkOTFkOWY1YTM2ZiIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1tYWluIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cDovL3NlY3VyZTAzY2l0aXplbi5teXZuYy5jb20vbG9naW4ucGhwP29ubGluZV9pZD01MGIxNTkzNWI2ODkxZDg0Mzk2MmE5YWQyJmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjFhNGYtNTlmMy1mYjNlLTEyYjktZGMzNS04NWQ3LWQzZTUtYzNhYSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjcwMDg5OTA4MDc2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDU3MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDguMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDguMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3MDA4OTkwODA3NywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vc2VjdXJlMDNjaXRpemVuLm15dm5jLmNvbS9sb2dpbi5waHA/b25saW5lX2lkPTUwYjE1OTM1YjY4OTFkODQzOTYyYTlhZDImY291bnRyeT0maXNvPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjcwMDg5OTA4MDc3IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODRkOTFkOWY1OTI2Ni0wMjRhNTc0ZGIwYjEyMS1jNTA1NDI1LTE0MDAwMC0xODRkOTFkOWY1YTM2ZiIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1tYWluIiwiYWNjb3VudElkIjogMzU2ODYwLCJ1cmwiOiAiaHR0cDovL3NlY3VyZTAzY2l0aXplbi5teXZuYy5jb20vbG9naW4ucGhwP29ubGluZV9pZD01MGIxNTkzNWI2ODkxZDg0Mzk2MmE5YWQyJmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjFhNGYtNTlmMy1mYjNlLTEyYjktZGMzNS04NWQ3LWQzZTUtYzNhYSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjcwMDg5OTA4MDc2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDU3MCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDguMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDguMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY3MDA4OTkwODA3NywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:50 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-56qw
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cm.everesttech.net/cm/dd?d_uuid=42882396458007073600506633530209489968

54.229.62.148

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=42882396458007073600506633530209489968
IP
54.229.62.148:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=42882396458007073600506633530209489968 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Sat, 03 Dec 2022 17:51:50 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4uMtgAAAFMugwN-; Domain=.everesttech.net; Expires=Sun, 03-Dec-2023 17:51:50 GMT; Path=/
everest_session_v2=Y4uMtgAAAFMuhAN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4uMtgAAAFMugwN-
Server: AMO-cookiemap/1.1

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1126f1e04d4a66a5983300682b479f5c
c1378e33218d36d2fbc895fabc38070ba488384f
ee6041e4cb354ae424882552141f52399d1e90524353240bc940c12201ba10ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 16:31:55 GMT
Expires: Fri, 09 Dec 2022 16:31:54 GMT
Etag: "c1378e33218d36d2fbc895fabc38070ba488384f"
Cache-Control: max-age=513002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e27177ce00b02-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1126f1e04d4a66a5983300682b479f5c
c1378e33218d36d2fbc895fabc38070ba488384f
ee6041e4cb354ae424882552141f52399d1e90524353240bc940c12201ba10ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 16:31:55 GMT
Expires: Fri, 09 Dec 2022 16:31:54 GMT
Etag: "c1378e33218d36d2fbc895fabc38070ba488384f"
Cache-Control: max-age=513002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e271779510b3d-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1126f1e04d4a66a5983300682b479f5c
c1378e33218d36d2fbc895fabc38070ba488384f
ee6041e4cb354ae424882552141f52399d1e90524353240bc940c12201ba10ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 16:31:55 GMT
Expires: Fri, 09 Dec 2022 16:31:54 GMT
Etag: "c1378e33218d36d2fbc895fabc38070ba488384f"
Cache-Control: max-age=513002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e2717782ab527-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1126f1e04d4a66a5983300682b479f5c
c1378e33218d36d2fbc895fabc38070ba488384f
ee6041e4cb354ae424882552141f52399d1e90524353240bc940c12201ba10ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 16:31:55 GMT
Expires: Fri, 09 Dec 2022 16:31:54 GMT
Etag: "c1378e33218d36d2fbc895fabc38070ba488384f"
Cache-Control: max-age=513002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e27177f21b517-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1126f1e04d4a66a5983300682b479f5c
c1378e33218d36d2fbc895fabc38070ba488384f
ee6041e4cb354ae424882552141f52399d1e90524353240bc940c12201ba10ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 16:31:55 GMT
Expires: Fri, 09 Dec 2022 16:31:54 GMT
Etag: "c1378e33218d36d2fbc895fabc38070ba488384f"
Cache-Control: max-age=513002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e27177ceab4f1-OSL

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

31 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (32002)
Size
31 kB (30876 bytes)
Hash
495e842b15e519d6c0ff0d2a498697ce
638497a9991110470f2a4b67df478e4bb58d1cfc
f734a710b7de2ebb3ad622acdeb956dfb463cf4b5edba966edcda754440650b1

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 03 Dec 2023 17:51:51 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4uMtgAAAFMugwN-

52.213.58.50

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4uMtgAAAFMugwN-
IP
52.213.58.50:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4uMtgAAAFMugwN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure03citizen.myvnc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0e6039550.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 5kjAcKdqT5I=
Content-Length: 59
Connection: keep-alive

report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pid=bdd7c7b7-c34c-4e1b-a4fa-ad34b75e0193&sn=1&cfg&pv=2&aid=

54.235.78.87

200 OK

428 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pid=bdd7c7b7-c34c-4e1b-a4fa-ad34b75e0193&sn=1&cfg&pv=2&aid=
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
428 B (428 bytes)
Hash
f65c2f6026422b3eb2a41abc94a1bc4f
19c107063fbea6cab32e203beb46c7fca77a1e3a
b468c256c22768ee6fb2aceed3510d53be152ea9ec7234b2124e83361d7d020b

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pid=bdd7c7b7-c34c-4e1b-a4fa-ad34b75e0193&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4667
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Cookie: _cls_cfgver=27baeec; _cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0; _cls_v=bce79616-67b5-4cb6-a382-dc0434a561db; AWSALBCORS=NjSwr8cTrU/i2EkcWLu3eA4m0T+K0acDUgkEit9JsRw1WSdzqs+mdcFdzmf8lqIeWpckXqWaohpAePxTpd25kn2Q+o/n2ekCt1thUFnsxw97UYQhWpXrbRMlwWCc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/json
Content-Length: 428
Connection: keep-alive
Set-Cookie: AWSALB=Cl/mnvRaLsXlHPU04nCn/q5Pyn2vnfGRe5qHU3PC6O1Vt+R21W9Mf1YBzyFDd+1Kug6cwjVGKUJh8A4tmN2Io7KoT6Fx2otVGWxRh5kKMffphOWnBmCeT3Nm82/J; Expires=Sat, 10 Dec 2022 17:51:51 GMT; Path=/
AWSALBCORS=Cl/mnvRaLsXlHPU04nCn/q5Pyn2vnfGRe5qHU3PC6O1Vt+R21W9Mf1YBzyFDd+1Kug6cwjVGKUJh8A4tmN2Io7KoT6Fx2otVGWxRh5kKMffphOWnBmCeT3Nm82/J; Expires=Sat, 10 Dec 2022 17:51:51 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://secure03citizen.myvnc.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5025

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

30 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (33529)
Size
30 kB (30260 bytes)
Hash
3f9b33ffa14458fb91afb0de67c3bb67
2b5cc582242615bb5bf45735b3d0b46604382cdd
e0c49831af2637f0e3c07bec0c136741f818a6f4fe69628513f1d6ae778040cd

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 03 Dec 2023 17:51:51 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&force=1&env=prod&isCrossDomain=true

178.249.97.98

200 OK

15 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&force=1&env=prod&isCrossDomain=true
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (38486), with no line terminators
Size
15 kB (15041 bytes)
Hash
f5f315e348a764aae67445a91f3b9b73
2a0a3f6092b3d013dd3bf0c1d363dc42324c6984
3728a703da9c4362733911c3bfc34b5e42b1207668e7499931e325d8f939cebf

HTTP Headers

GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Fsecure03citizen.myvnc.com&site=89632304&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 03 Dec 2023 17:51:51 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

54.235.78.87

200 OK

138 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pid=bdd7c7b7-c34c-4e1b-a4fa-ad34b75e0193&sn=4&cfg=27baeec&pv=2&aid=
IP
54.235.78.87:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with no line terminators
Size
138 B (138 bytes)
Hash
e1b1cc2371fd062767c43b96d7a31706
1eec64eadce6521f66211659a26e064c9c3281e4
002166cee00cddd09eb34757c76f9d8baf3cc0b547e1e2c391a0e5b01037d19c

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0&_cls_v=bce79616-67b5-4cb6-a382-dc0434a561db&pid=bdd7c7b7-c34c-4e1b-a4fa-ad34b75e0193&sn=4&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 299
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Cookie: _cls_cfgver=27baeec; _cls_s=0bc56707-778a-4cfe-9a64-1b16ce27c2ac:0; _cls_v=bce79616-67b5-4cb6-a382-dc0434a561db; AWSALBCORS=DDFNJaokcSg5U3EKy9sBsFebMa6FUWsTscy0A1nMoPKp44DKC4+YQAOU61APw8osyqXk1yAgntRLO0tXjiwfY3NCZpI7ZNKoJL9LYmCcW8WKwIO7Vn29Gu3hWOnp
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:51 GMT
Content-Type: application/json
Content-Length: 138
Connection: keep-alive
Set-Cookie: AWSALB=HZ4s1ZL0hwhy2pYVxFP7gEoM0reumWFX4TzD9BDI33fT3at/ccIcd5tR+N3xq4uR7Psd9QSDynNM9oRK3vhGGTyZXyT9wv2fzmDUqpRC56kazn8+8j47uxMITKik; Expires=Sat, 10 Dec 2022 17:51:51 GMT; Path=/
AWSALBCORS=HZ4s1ZL0hwhy2pYVxFP7gEoM0reumWFX4TzD9BDI33fT3at/ccIcd5tR+N3xq4uR7Psd9QSDynNM9oRK3vhGGTyZXyT9wv2fzmDUqpRC56kazn8+8j47uxMITKik; Expires=Sat, 10 Dec 2022 17:51:51 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://secure03citizen.myvnc.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5025

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
18f6a1223c311fb7ade7ce3d349ba0d5
49bea51b8ed8c83ddd7bcf8b3e1933fa6e497815
d26447171e2e74ed97cbebde001f77b981d2af8c48d218be83d062c19460062e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 13:42:47 GMT
Expires: Wed, 07 Dec 2022 13:42:46 GMT
Etag: "49bea51b8ed8c83ddd7bcf8b3e1933fa6e497815"
Cache-Control: max-age=330053,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e27229af30b3d-OSL

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

3.3 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
data
Size
3.3 kB (3334 bytes)
Hash
37d5b068277a4c1871724d67a507744a
e5b97f2f92420795422ffb94d26e2ebd1fb7b860
9dbc6882c7270525b8415ced54344a07362297b2487296de909412bcdad2ce79

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 03 Dec 2023 17:51:51 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
c20948a829f2ed65a8fad8d07937b333
2555563186067eb53aad5979d1230a50329ce86f
264c8ca999deea58dcdcad281d608d1a62475c4c2b41044058c10f7e2896418f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:51:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 11:37:44 GMT
Expires: Fri, 09 Dec 2022 11:37:43 GMT
Etag: "2555563186067eb53aad5979d1230a50329ce86f"
Cache-Control: max-age=495349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773e2729288e0b3d-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ddb75db50c854f27d611cadc8e6b000d
551a1af8c8015ab2d3baf689507c0e7a841bace0
13a0380063c5aef81673be073e9a452f8ae3e955201193e16cffb95561823e2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 17:51:55 GMT
Last-Modified: Sat, 03 Dec 2022 17:29:06 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:24 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 03 Dec 2023 17:51:51 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

178.249.97.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP
178.249.97.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:33|g:6f0878f7-370d-49c5-bf24-7f31fa3b25ec; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
ADRUM_BTa=R:33|g:6f0878f7-370d-49c5-bf24-7f31fa3b25ec|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:2241648; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
ADRUM_BT1=R:33|i:2241648|e:4; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
vary: Accept
expires: Sat, 03 Dec 2022 17:52:51 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB

178.249.97.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
IP
178.249.97.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:33|g:b5fdf0a1-dcee-4cf2-b749-4a11a5e6067f; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
ADRUM_BTa=R:33|g:b5fdf0a1-dcee-4cf2-b749-4a11a5e6067f|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/; Secure
ADRUM_BT1=R:33|i:2241648; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
ADRUM_BT1=R:33|i:2241648|e:4; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
vary: Accept
expires: Sat, 03 Dec 2022 17:52:51 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb19821x89574

178.249.97.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb19821x89574
IP
178.249.97.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb19821x89574 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lpcdn.lpsnmedia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:51 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:28|g:9b7d5f65-1ef9-4817-8563-b8c9e864db7c; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
ADRUM_BTa=R:28|g:9b7d5f65-1ef9-4817-8563-b8c9e864db7c|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/; Secure
ADRUM_BT1=R:28|i:2241648; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
ADRUM_BT1=R:28|i:2241648|e:4; Max-Age=30; Expires=Sat, 03-Dec-2022 17:52:21 GMT; Path=/
vary: Accept
expires: Sat, 03 Dec 2022 17:52:51 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3

178.249.97.23

200 OK

0 B

URL HTTP/2
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP
178.249.97.23:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:50 GMT
content-type: application/x-javascript
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/adrum

34.211.243.165

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/adrum
IP
34.211.243.165:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 12925
Origin: http://secure03citizen.myvnc.com
Connection: keep-alive
Referer: http://secure03citizen.myvnc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 17:51:55 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:33|g:f2c7d90f-151d-48d7-b0c9-e1f83603504d;Path=/;Expires=Sat, 03-Dec-2022 17:52:25 GMT;Max-Age=30
ADRUM_BTa=R:33|g:f2c7d90f-151d-48d7-b0c9-e1f83603504d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e;Path=/;Expires=Sat, 03-Dec-2022 17:52:25 GMT;Max-Age=30
SameSite=None;Path=/;Expires=Sat, 03-Dec-2022 17:52:25 GMT;Max-Age=30;Secure
ADRUM_BT1=R:33|i:559461;Path=/;Expires=Sat, 03-Dec-2022 17:52:25 GMT;Max-Age=30
ADRUM_BT1=R:33|i:559461|e:5;Path=/;Expires=Sat, 03-Dec-2022 17:52:25 GMT;Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations