r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15537
Expires: Mon, 06 Feb 2023 17:03:40 GMT
Date: Mon, 06 Feb 2023 12:44:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12502
Expires: Mon, 06 Feb 2023 16:13:05 GMT
Date: Mon, 06 Feb 2023 12:44:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 12:34:04 GMT
content-type: application/json
age: 639
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4c86e101065df2c16481edbc756534fa
fdc5d1a079b9690e2ad92d824c130e6584295028
00bda9238fc5e2b8b438d9306513816647a0206fe943214f787cc993bf7694f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 12:44:43 GMT
Server: ECS (amb/6BA8)
Content-Length: 278
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7143
Expires: Mon, 06 Feb 2023 14:43:46 GMT
Date: Mon, 06 Feb 2023 12:44:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: UUB3ejiugPbpatcDgcjnOlHtPA0yHo0bmrUVGXQmKBVM58uQf17KVeezAxTzJlRhAom46ZOPxqk=
x-amz-request-id: 4QX36AXN9H5T8YRM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 12:24:56 GMT
age: 1187
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, Pragma, Alert, Cache-Control, Content-Length, Expires, Retry-After, Backoff, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 12:07:20 GMT
age: 2243
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/css/40454bbab671217b.css
104.16.244.78200 OK 1.5 kB URL HTTP/2 ctznnvf.click/_next/static/css/40454bbab671217b.css
IP 104.16.244.78:0
File type ASCII text, with very long lines (7079), with no line terminators
Hash af23387e1eba127ff00981135e253463
e7dbeb3fafd81a1262e83e9a933f9c6f6b980311
eab61711ebaa8de3ac27f69396a888bde71c21e7853dfd12a0ef117c90a173a8
GET /_next/static/css/40454bbab671217b.css HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"1ba7-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa9568320b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/images/feedback.png
104.16.244.78200 OK 824 B URL HTTP/2 ctznnvf.click/images/feedback.png
IP 104.16.244.78:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
GET /images/feedback.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/png
content-length: 824
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"338-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa95784b0b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/elh.gif
104.16.244.78200 OK 1.4 kB URL HTTP/2 ctznnvf.click/images/elh.gif
IP 104.16.244.78:0
File type GIF image data, version 89a, 31 x 24\012- data
Hash f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
GET /images/elh.gif HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/gif
content-length: 1433
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"599-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa9578530b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/equal-housing.gif
104.16.244.78200 OK 1.1 kB URL HTTP/2 ctznnvf.click/images/equal-housing.gif
IP 104.16.244.78:0
File type GIF image data, version 89a, 14 x 9\012- data
Hash 39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
GET /images/equal-housing.gif HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/gif
content-length: 1134
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"46e-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa95784c0b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/footer-follow-youtube.png
104.16.244.78200 OK 3.3 kB URL HTTP/2 ctznnvf.click/images/footer-follow-youtube.png
IP 104.16.244.78:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
GET /images/footer-follow-youtube.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/png
content-length: 3278
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"cce-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa9578520b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/footer-follow-facebook.png
104.16.244.78200 OK 395 B URL HTTP/2 ctznnvf.click/images/footer-follow-facebook.png
IP 104.16.244.78:0
File type PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash 25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
GET /images/footer-follow-facebook.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/png
content-length: 395
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"18b-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa95784e0b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/CTZ_Green-01.png
104.16.244.78200 OK 5.3 kB URL HTTP/2 ctznnvf.click/images/CTZ_Green-01.png
IP 104.16.244.78:0
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
GET /images/CTZ_Green-01.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/png
content-length: 5277
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"149d-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa9578490b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/footer-follow-linkedin.png
104.16.244.78200 OK 3.2 kB URL HTTP/2 ctznnvf.click/images/footer-follow-linkedin.png
IP 104.16.244.78:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
GET /images/footer-follow-linkedin.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/png
content-length: 3239
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"ca7-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa9578500b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/fdicFooter.gif
104.16.244.78200 OK 2.2 kB URL HTTP/2 ctznnvf.click/images/fdicFooter.gif
IP 104.16.244.78:0
File type GIF image data, version 89a, 56 x 24\012- data
Hash a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
GET /images/fdicFooter.gif HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/gif
content-length: 2245
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"8c5-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa9578550b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/images/footer-follow-twitter.png
104.16.244.78200 OK 3.3 kB URL HTTP/2 ctznnvf.click/images/footer-follow-twitter.png
IP 104.16.244.78:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
GET /images/footer-follow-twitter.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: image/png
content-length: 3295
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"cdf-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa95784f0b3d-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sksCQBiQUCczqUidkFCTsQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hfHN3euHEzBE4nyFpXW3cEcShOQ=
ctznnvf.click/_next/static/chunks/170-eb8e8532566fbaf1.js
104.16.244.78200 OK 8.0 kB URL HTTP/2 ctznnvf.click/_next/static/chunks/170-eb8e8532566fbaf1.js
IP 104.16.244.78:0
File type ASCII text, with very long lines (19133), with no line terminators
Hash ad01e8be9fddf98509739f7b95c31988
e528bbc2f995f08436024d34d98d69f013a1f75f
dbc1c3e16671f4e7ec434638c490054961e4644056fde19870ca3af2bccb0bdd
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/170-eb8e8532566fbaf1.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4abd-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa95683a0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/4vmRGRpwZj2g3C4mjFG5R/_buildManifest.js
104.16.244.78200 OK 1.8 kB URL HTTP/2 ctznnvf.click/_next/static/4vmRGRpwZj2g3C4mjFG5R/_buildManifest.js
IP 104.16.244.78:0
File type ASCII text, with very long lines (2350), with no line terminators
Hash 511fa10f6484e58aec6f59a754c7cb48
aaa04229f4685afb3ba870d89f7885127909162f
f8050f0308ca2125ca7356ca08c5415bc45179081cc12c3789b1cd3a54d1b3aa
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/4vmRGRpwZj2g3C4mjFG5R/_buildManifest.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"92e-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa95683e0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/4vmRGRpwZj2g3C4mjFG5R/_ssgManifest.js
104.16.244.78200 OK 1.1 kB URL HTTP/2 ctznnvf.click/_next/static/4vmRGRpwZj2g3C4mjFG5R/_ssgManifest.js
IP 104.16.244.78:0
File type ASCII text, with no line terminators
Hash 2bbee7c20c0bb19ef3bd1d75db123533
5787e8fd5e7b9a702088a1bdab5560402fabed0e
4ca50d224891a8dbe31e2da6a8798389f2590bc5d5c5acb5f38567804602952f
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/4vmRGRpwZj2g3C4mjFG5R/_ssgManifest.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4c-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa95683f0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/pages/login-bed72fdd6862d088.js
104.16.244.78200 OK 4.5 kB URL HTTP/2 ctznnvf.click/_next/static/chunks/pages/login-bed72fdd6862d088.js
IP 104.16.244.78:0
File type ASCII text, with very long lines (12893), with no line terminators
Hash faa5c20627706ad836f876aa5e5615ff
230ec0ec55df780dbe84fdadbaa95e8173f17951
99cb9e4e7e46caac9dbc0c0100cef181a9fead492c927f4c0b30a0ebc9bb7a03
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/pages/login-bed72fdd6862d088.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"325d-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa95683d0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/fonts/citizen_bold.woff
104.16.244.78200 OK 29 kB URL HTTP/2 ctznnvf.click/fonts/citizen_bold.woff
IP 104.16.244.78:0
File type Web Open Font Format, TrueType, length 29304, version 1.0\012- data
Hash c0f795cba89d0c65078577b8b1b7c62a
6fd231b6616aad9abdfc37562541da3db904e6ac
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
Analyzer Verdict Alert fortinet Phishing
GET /fonts/citizen_bold.woff HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: font/woff
content-length: 29304
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"7278-49773873e8"
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7953fa99acad0b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_bold.ttf
104.16.244.78404 Not Found 29 kB URL HTTP/2 ctznnvf.click/font/citizen_bold.ttf
IP 104.16.244.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1428)
Hash fb45ab64fe996e9aa8a73157ccf66690
bd4126a8e34e0078793f3aa6d07fd71cd07c7891
f0ebcc9fd8ca74cbdf938f097cc25bc0e0b1bd1c323f4ef5832df592630556d0
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_bold.ttf HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa988b790b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_extrabold.ttf
104.16.244.78404 Not Found 33 kB URL HTTP/2 ctznnvf.click/font/citizen_extrabold.ttf
IP 104.16.244.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1428)
Hash 397e83ff74ebe6c46ce501fe4d2463a4
cda1b7a51f96a0761133027a8cfbe2d56f6f9d68
84000b4ab1a63d265b44de0fadf91fccfe15cc52fb43b2d6634083d69d4a97ff
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_extrabold.ttf HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa986b560b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_roman.ttf
104.16.244.78404 Not Found 20 kB URL HTTP/2 ctznnvf.click/font/citizen_roman.ttf
IP 104.16.244.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1428)
Hash b381b0eef43fa46a96d0092cd8dc8b11
01ef4030f5fb74fd2a931d13479c433f3ad584f4
7f02d3436170bfde89d8d55a7e1d8fbcd36c03ba739f84a69f31e2f9e83e8bc6
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_roman.ttf HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa986b530b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_book.ttf
104.16.244.78404 Not Found 33 kB URL HTTP/2 ctznnvf.click/font/citizen_book.ttf
IP 104.16.244.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1428)
Hash 3ad54ffc66434de446a6cfe126cedd1c
674e08e4dffcc53e5bddd32d82bb40e486b455dd
815b583652f2671739e123b6864fd2663340becc4719b46bd44ee8c41ae62846
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_book.ttf HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa986b520b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19407
Expires: Mon, 06 Feb 2023 18:08:12 GMT
Date: Mon, 06 Feb 2023 12:44:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19407
Expires: Mon, 06 Feb 2023 18:08:12 GMT
Date: Mon, 06 Feb 2023 12:44:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ixAMZh_xOYWVESJ0jOEPOXZ4GQBDUZZsh26yEDYfl8APcBF2x2sZYg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 53682
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: c474008d-a6a9-409b-88e2-c55062044575
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzQtnFGhoAMF5Zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddfb23-54dd67257ba25ad24e977a9c;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 06:28:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0Of3BK3VqVMGQGDIODQthVmi7BC8Ney4zgGCpVuzYc1j6D8RRP-AxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 12:01:53 GMT
age: 2572
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:09 GMT
age: 53676
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 53682
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13572f84ad268caedcc897f2ad7b9baf
afb91ab43953e8915a2169618d2ab5e330cde0a1
0fb8b09608dc293b2084953b948cc7d8a7aa7bcb525090a7e44d5cb2a725fab3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7851
x-amzn-requestid: 11d3fe95-844b-4e5d-b31c-f99e96e2b608
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHeEIAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-602b91422dff88a750b8e3e9;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LXNdWi5iKCUI61c2z3spsg5_DGu1jnZ4cIACc3MCmqWP57RveBMGw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 53682
etag: "afb91ab43953e8915a2169618d2ab5e330cde0a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31cf5553-4c3f-4c6d-8dfb-d292e38275bb.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31cf5553-4c3f-4c6d-8dfb-d292e38275bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5f54c8725e5dab88b12d42876fa61b12
89c734d690981e30f9d566a7763a1870724d65aa
b8cc5148ae01e1a1fe32f56bdce71de086da320cdd8a55a746609c9773fdaf77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31cf5553-4c3f-4c6d-8dfb-d292e38275bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9809
x-amzn-requestid: 533de5fa-8173-430e-a657-4386728723eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpc-VEGbIAMFSmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da0ec1-4e160c5c2a46d2913cc8e71e;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 07:03:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BgSfqU3WmIhR8N86AEfaU7pXN7jIKs_lKJVD6yCSaJBl5AVx13e5hw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:54:03 GMT
etag: "89c734d690981e30f9d566a7763a1870724d65aa"
content-type: image/jpeg
age: 53442
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/webpack-bb469f829a664d48.js
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/_next/static/chunks/webpack-bb469f829a664d48.js
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/webpack-bb469f829a664d48.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"891-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa9568330b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/pages/_app-3f4ecf471eb01eda.js
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/_next/static/chunks/pages/_app-3f4ecf471eb01eda.js
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/pages/_app-3f4ecf471eb01eda.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4cc-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa9568360b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_book.woff
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/font/citizen_book.woff
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_book.woff HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa9659470b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/90-2e7f07d1e1b830d5.js
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/_next/static/chunks/90-2e7f07d1e1b830d5.js
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/90-2e7f07d1e1b830d5.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"620de-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa95683b0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_extrabold.woff
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/font/citizen_extrabold.woff
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_extrabold.woff HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa96694b0b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/favicon.ico
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/favicon.ico
IP 104.16.244.78:0
GET /favicon.ico HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:45 GMT
content-type: image/x-icon
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"654b-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa9d89650b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citiolb_icons.ttf
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/font/citiolb_icons.ttf
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /font/citiolb_icons.ttf HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa987b590b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/framework-9b5d6ec4444c80fa.js
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/_next/static/chunks/framework-9b5d6ec4444c80fa.js
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/framework-9b5d6ec4444c80fa.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"228c5-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa9568340b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/237-d83b95ec01fca10d.js
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/_next/static/chunks/237-d83b95ec01fca10d.js
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/237-d83b95ec01fca10d.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"b444-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa9568380b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_roman.woff
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/font/citizen_roman.woff
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_roman.woff HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa9659420b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/_next/static/chunks/main-3123a443c688934f.js
104.16.244.78200 OK 0 B URL HTTP/2 ctznnvf.click/_next/static/chunks/main-3123a443c688934f.js
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /_next/static/chunks/main-3123a443c688934f.js HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"199f6-49773873e8"
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
x-do-orig-status: 200
cf-cache-status: HIT
server: cloudflare
cf-ray: 7953fa9568350b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/efs/efs/grafx/arrow-right-orange.png
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/efs/efs/grafx/arrow-right-orange.png
IP 104.16.244.78:0
GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa9618f00b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
ctznnvf.click/font/citiolb_icons.woff
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/font/citiolb_icons.woff
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /font/citiolb_icons.woff HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa9669530b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/font/citizen_bold.woff
104.16.244.78404 Not Found 0 B URL HTTP/2 ctznnvf.click/font/citizen_bold.woff
IP 104.16.244.78:0
Analyzer Verdict Alert fortinet Phishing
GET /font/citizen_bold.woff HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ctznnvf.click/login
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 06 Feb 2023 12:44:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa9689720b3d-OSL
X-Firefox-Spdy: h2
ctznnvf.click/login
104.16.244.78200 OK 0 B IP 104.16.244.78:0
Analyzer Verdict Alert openphish RBS Citizens Bank
fortinet Phishing
GET /login HTTP/1.1
Host: ctznnvf.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 06 Feb 2023 12:44:43 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: e9e7afd9-de74-49c1-87b6-e5e9452e37e1
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
server: cloudflare
cf-ray: 7953fa91ac7a0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2