Report - favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=

Report Overview

Submitted URL
favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=
IP
45.133.200.3
ASN
#200313 WEB_GroupInternet INC
Submitted
2022-11-26 17:24:05
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citizens Bank

Detections

urlquery
1
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
smetrics.citizensbank.com	79873	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	524 B	899 B	15.188.95.229
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
cdn.glassboxcdn.com	11045	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	685 B	244 kB	104.18.14.22
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	54.230.245.118
report.citizen.glassboxdigital.io	69073	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	4.7 kB	3.87.234.62
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	420 B	488 B	99.80.65.0
accdn.lpsnmedia.net	3410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	879 B	8.4 kB	178.249.101.99
va.v.liveperson.net	3906	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	819 B	1.2 kB	208.89.12.87
favaey.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	12 kB	45.133.200.3
www3.citizensbankonline.com	125923	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	265 kB	104.110.3.220
ocsps.ssl.com	14517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	337 B	2.2 kB	52.6.97.148
va.idp.liveperson.net	13470	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	543 B	6.5 kB	208.89.15.170
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.7 kB	104.18.32.68
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	32 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.5 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.6 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.234.253
lptag.liveperson.net	3393	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	8.8 kB	178.249.101.23
citizensbank.demdex.net	68781	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	485 B	3.5 kB	52.213.200.83
lpcdn.lpsnmedia.net	3501	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	80 kB	178.249.97.98
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	70 kB	54.230.111.74
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.5 kB	52.213.200.83
nebula-cdn.kampyle.com	3739	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	118 kB	151.101.85.175
cdn.appdynamics.com	3266	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	603 B	62 kB	143.204.55.39
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	519 B	35.241.45.82
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.entrust.net	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	9.8 kB	104.110.10.32
www4.citizensbankonline.com	159092	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	760 B	1.8 kB	104.110.3.220

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	favaey.com/efs/efs/jsp-ns/pm_fp.js	Phishing
2022-11-26	medium	favaey.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js	Phishing
2022-11-26	medium	favaey.com/content/930e113327rn2365aa3b7b98b0447e8d	Phishing
2022-11-26	medium	favaey.com/efs/efs/jsp-ns/scripts/common.js	Phishing
2022-11-26	medium	favaey.com/efs/efs/jsp-ns/pm_fp.js	Phishing
2022-11-26	medium	favaey.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js	Phishing
2022-11-26	medium	favaey.com/content/930e113327rn2365aa3b7b98b0447e8d	Phishing
2022-11-26	medium	favaey.com/efs/efs/jsp-ns/scripts/common.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (40)

	URL	Size	First Seen	Last Seen
	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549	40 kB	2023-03-08	2024-04-16
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:32:35 Last Seen2024-04-16 18:46:55 Times Seen479 Hash 0dfc7fa7d2051d776d5937b7a3a7c4dd e0548931c28581b7f1975bf8c2d8b03b94591b87 3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549	984 kB	2023-03-08	2023-07-23
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-07-23 21:43:58 Times Seen11 Hash 09fab59974228dd3746a95d0540621a6 c6481e3f91a22e047b5d134838c4daece1a2853b 6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb28284x71392	748 B	2023-03-11	2023-03-11
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb28284x71392 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:51:35 Last Seen2023-03-11 20:51:35 Times Seen1 Hash 20d3e0edff2525279fad30a02b4dc543 7a72d51e5dab0d720cd816a29c749a57c3eb2e22 fe723de9a6501e0d38172cb8e4ebc813d28f14da3563bfc82e458749039ae7bc Loading...

	va.v.liveperson.net/api/js/89632304?sid=vSs22vYjSSSVV4g7yWNlJQ&cb=lpCb48792x2304&t=pl&ts=1669483438214&pid=7349094189&tid=8842617083&vid=U1ZDhkOWUyOTg5YmJmYzA0	110 B	2023-03-11	2023-03-11
Pretty URL va.v.liveperson.net/api/js/89632304?sid=vSs22vYjSSSVV4g7yWNlJQ&cb=lpCb48792x2304&t=pl&ts=1669483438214&pid=7349094189&tid=8842617083&vid=U1ZDhkOWUyOTg5YmJmYzA0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:51:35 Last Seen2023-03-11 20:51:35 Times Seen1 Hash a85410bdb0c1a6afedd68138e39f9021 0ec698cf3ae1a73a9d3a5da6c3c28931b56e8d58 fdd87d2e8e128e4b4c14fedff50a05b1ed3bc75259bb141edb571e0ab0b91e3c Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 18:19:00 Times Seen36965276 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	138 B	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash e2d3b0bd12282cea9200f36be44b4f14 bf32cee71e578707194ab684a887709881585ccc 411d2d562326e1db3612706ee2907e6271e1443784ada6c347402120d3558d78 Loading...

	lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3	295 kB	2023-03-11	2023-03-11
Pretty URL lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:51:35 Last Seen2023-03-11 20:51:35 Times Seen1 Hash 43721367cdd3e75b9aab38d7cdc6bf03 7fb3d4b47f16c24fd134f8961ed4d40539c4c485 4f8db6558670dcfa0eb76a9c70182946e87738829b1f374c61f848643ac12cd0 Loading...

	cdn.appdynamics.com/adrum/adrum-latest.js?	111 kB	2023-03-07	2024-02-27
Pretty URL cdn.appdynamics.com/adrum/adrum-latest.js? IP 143.204.55.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:55:15 Last Seen2024-02-27 00:41:08 Times Seen22 Hash deff3987ae725d726c0db6711bd5736f 0501d79c468f185c63590ac3c1a4918db7804d10 a4ea3de02f4ec1874478b152a09b89aecc2fc4f63ae2a4208ee8fb6585cebb11 Loading...

	cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?	373 kB	2023-03-07	2023-03-17
Pretty URL cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js? IP 104.18.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2023-03-17 12:37:45 Times Seen1 Hash 845173368b011e7fa14658b57426fe09 e848d5550ae3d080f6d17dcb7bb9bda7f30e0f35 539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5 Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	4.8 kB	2023-03-08	2023-03-11
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:35:17 Last Seen2023-03-11 23:43:27 Times Seen1 Hash 060392ddb007d4e5313ef0e062f60f59 b2e064433e369388bf461a0c8b72575945474d34 c35ed6a7f7be36f52304bca350eecdf59921e44de9a9eaa6d9d8bb8dca70bb6d Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549	7.9 kB	2023-03-07	2024-04-16
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-16 18:46:55 Times Seen361 Hash d53092c1d6e0a7a3d1bb802c67a6e1e9 2556ea4f15518fa36d0b92666e22ce28edec6745 0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549	94 kB	2023-03-07	2024-04-16
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-16 18:46:55 Times Seen442 Hash d32e789b3183ed4536dc36e4cabf74ec 6b90b3e6dc44c30dcfa273e7c48d31ec00aac82b 5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js	15 kB	2023-03-07	2024-04-18
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:49 Last Seen2024-04-18 11:55:40 Times Seen2848 Hash 42306a279a9e831515347ae319181cd1 d069641242e4fe1beb6de8f53a77dd964c98bce0 cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js	4.3 kB	2023-03-07	2024-04-09
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:12 Last Seen2024-04-09 04:55:43 Times Seen640 Hash b8a2edb156c147c3164f7faf6efc9f44 0b23deffad7cac9066bc216213b666ccbcb13279 babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5 Loading...

	nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909	28 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 83105033d3f7f9905b026d4c409b655e b9c548527d700f4694956ef3f78f0eb7bcf24568 1b58da2beae29b1bd0013f8de492b624065c80e4c856a8888607b916ac9a2d2a Loading...

	va.v.liveperson.net/api/js/89632304?&cb=lpCb96995x66664&t=sp&ts=1669483437318&pid=7349094189&tid=8842617083&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2241210493-f0dd-4742-a104-93f0dd074299%22%2C%22account%22%3A%2289632304%22%7D%5D	237 B	2023-03-11	2023-03-11
Pretty URL va.v.liveperson.net/api/js/89632304?&cb=lpCb96995x66664&t=sp&ts=1669483437318&pid=7349094189&tid=8842617083&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2241210493-f0dd-4742-a104-93f0dd074299%22%2C%22account%22%3A%2289632304%22%7D%5D IP 208.89.12.87 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:51:35 Last Seen2023-03-11 20:51:35 Times Seen1 Hash 5a992a231589a1a680e5c06f7c222a4a 67dc68bb5020d4484c43f12e0e036d4e96364b1f b72c19c26eb5b6c7ce961f68a82a74edd8b11f86e6503262197d6bc7a86b2c6e Loading...

	nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js	105 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 39bf7a3a8df0e7cc7aac36800368843a 208d3de80cede9f7234c1fe91c4a4f5d7ef8db3a ce6325f6f67fbf61b933fdc3ff94e1d1ae407d5fb100d75f01bdc6ec8ade9cc4 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	606 B	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash dd23a19bc0a3ee76846efae627d939c1 6e62c6ee934439860343c8ce77e52bb4bea94b23 8f79346ad4fce32e9971e590ec9c76d8979f72971051fb4ff37a1e6b6acb56f4 Loading...

	lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549	90 kB	2023-03-08	2024-04-16
Pretty URL lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2024-04-16 18:46:55 Times Seen431 Hash 8f52a626981f930e71e87f22a5f0080d 4c1cdf091636a6d733fd9c7141d52fc07ecb9e1c 57554877947a356911e17034359412ea444c15f58884c0100062788dd3660bb8 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js	93 kB	2023-03-07	2024-04-11
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:42 Last Seen2024-04-11 17:50:08 Times Seen444 Hash 663628f795cb62444143fde1ebdf2b5b 1ec97b491c8a1c72055bd635f0c8dd843cae43d6 aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Ffavaey.com&site=89632304&force=1&env=prod&isCrossDomain=true	38 kB	2023-03-08	2023-05-14
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Ffavaey.com&site=89632304&force=1&env=prod&isCrossDomain=true IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-05-14 04:54:44 Times Seen42 Hash b56f93ab24c5150fa2ac4d7bf2ba02a7 0f896104da3f556119616da6ad0484c28f4f9395 a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Ffavaey.com&site=89632304&env=prod&isCrossDomain=true	39 kB	2023-03-07	2024-03-12
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Ffavaey.com&site=89632304&env=prod&isCrossDomain=true IP 178.249.97.98 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-03-12 06:48:19 Times Seen234 Hash a3a38a5d6888ddc1831a811e9d428c77 2ca5b076aea8b4c6ff7ad1873de4ade91d66511f d4676cbbadec76c9f89f5b771a7f4927d544b4d76801e40e9957493e038e0db4 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	158 B	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:00:58 Last Seen2024-02-14 12:12:56 Times Seen75 Hash d063dd0adcd30d7f7ad112d0da02babe 7ff2e92c27808292fc2d6a58632baa4d0a92ca9a b45d35ed1d2f794538ea853ff3d60ec817168ef505ad5462afe8a9236ecf539b Loading...

	cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js	54 kB	2023-03-07	2024-02-27
Pretty URL cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js IP 143.204.55.39 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:55:15 Last Seen2024-02-27 00:41:08 Times Seen30 Hash 2f00c36a98a61ed5bacde3c5ad0a3efe b6fcd72181d79a4225bb7cd4288260fa9aa44624 9b0f859e5508780a810e47e772554395a5d2ae5e679c338df1b6cd600d69dad2 Loading...

	nebula-cdn.kampyle.com/wu/356861/onsite/embed.js	1.1 kB	2023-03-08	2023-03-11
Pretty URL nebula-cdn.kampyle.com/wu/356861/onsite/embed.js IP 151.101.85.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-11 23:43:38 Times Seen1 Hash d702a2b9ebe4f8826d0a3b100f1e7b3d 03063df39d9f17724a28725c103443c92b4a7e00 be4225ec95dc89c7bb1f8ee1c9f1011fc412563bc59aa80785b5f6b6b0234601 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	147 B	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash 4455727e85ed6be9deb3422e34ea2129 30f51ab43939efd904518cf3e0bcbd961245fc4d bbb46962b6f3dc24db2df9f8747abee8bed42adea34cb385ff012131b81c7ff5 Loading...

	nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D	397 B	2023-03-11	2023-03-11
Pretty URL nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:51:35 Last Seen2023-03-11 20:51:35 Times Seen1 Hash c94acb72df7bf163799e96978f04bd5e 0d5016b83402da46425c3b58e6acd76a647b6932 f6282fca4d197a2b96a00c0568e02cddd7d96fa8721589918e42f99177b0357a Loading...

	lptag.liveperson.net/tag/tag.js?site=89632304	22 kB	2023-03-07	2024-04-12
Pretty URL lptag.liveperson.net/tag/tag.js?site=89632304 IP 178.249.101.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen539 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669483437333&loc=http%3A%2F%2Ffavaey.com	11 kB	2023-03-07	2024-01-24
Pretty URL va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669483437333&loc=http%3A%2F%2Ffavaey.com IP 208.89.15.170 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:29 Last Seen2024-01-24 23:53:16 Times Seen76 Hash 684a1d2bbad42091bd0b0f0e93b4789c d3b36b031484bebf727128400274618226131a37 7271e3119ee8205a39f0c06adafde464aa535e02519a0884296950aede89f177 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	2.5 kB	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen50 Hash f922a60f645c94205e1f6e9d5e2cdccb 2e93f37ce5a8eb54dd6e4ad278c81bb26dc7a2a2 cfa7d7b285a70329eebf9b81537fa0baf56fe330fdcca07676e56cdba803ff30 Loading...

	www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js	20 kB	2023-03-07	2024-02-14
Pretty URL www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js IP 104.110.3.220 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen91 Hash e3b11713a1b616fcac5f6c3b4b0b9e1b 82a8fc6f051d8b526d167ae7862efd2a2dab95e2 57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	33 B	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen52 Hash 6abbcd946457998168ba6d439131e235 1d17c8ddac7abb2e14207b93cc3a8944044a3fa3 3d8de306ff5e9f5db214def3fb090fc9a8a37efc4117276a58b5ccd4eeb46017 Loading...

	citizensbank.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Ffavaey.com	6.7 kB	2023-03-07	2024-03-23
Pretty URL citizensbank.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Ffavaey.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB	6.9 kB	2023-03-08	2023-03-13
Pretty URL accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:06 Last Seen2023-03-13 05:20:07 Times Seen1 Hash 25b354fc45086b915fa94f97c9cc58ae 5bd0d310a8f47a61e2334f21639f42ab311084a6 af66cd639d81a60d2fefeb1de44d09fd7e4c5500a9487e68a15a9a73449ac3ac Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	958 B	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen50 Hash af8a93628974f148067d327996088187 e716dcf0ef564b89f66a8732d10f826e3d11385f f43724e4ca408137c9b50930a5416481dde13a65dfbce942a85d27f09c660ba2 Loading...

	favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=	3.9 kB	2023-03-07	2024-02-14
Pretty URL favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= IP 45.133.200.3 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen49 Hash 148c64d137f73878ebf0e770a496ec61 9c11df9ed3ecd282193a1571a7701b83f1cea663 de729accb6b0199ce0eccc94b41eace66d70c535c35a096f586f0db848108865 Loading...

	nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117	90 kB	2023-03-08	2023-04-02
Pretty URL nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:07 Last Seen2023-04-02 21:34:08 Times Seen14 Hash 7f943d1386ac8d666a04c5f7c1aca6a2 e734405ada56e5593d28b1c99c5944241ae4ec28 3b531a8826aeb7dd365eb418b6aee5b8204f5e38c311f588ad75bbe7de570b16 Loading...

	nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js	809 kB	2023-03-08	2023-03-11
Pretty URL nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js IP 151.101.85.175 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:35:17 Last Seen2023-03-11 23:43:38 Times Seen1 Hash 7dd7a0cbfa04919de4a6dd07c7075dbc a3c0397f46134a2b55e625aaabd801a2545ffd82 b9e9bc139770d4f0e96fe24c026a5d2fb0a57642939f1beaecf454d1c0750f18 Loading...

		Size	First Seen	Last Seen
	#1 Eval - fa28bae7148454e1f6d8052e5c403243	84 kB	2023-03-07	2023-04-18
Pretty Observations First Seen2023-03-07 17:55:22 Last Seen2023-04-18 20:43:16 Times Seen32 Hash fa28bae7148454e1f6d8052e5c403243 a168b44f58bbf9c1ae68e5415d55749e810a9e02 594eaf3a5ff472b716d25d866978e1b336decf1d6efe6923a65b4627fa8e2d6b Loading...

		Size	First Seen	Last Seen
	#1 Write - 7a09c7092e8f36a0dc39b789b49dcf62	102 B	2023-03-07	2024-02-14
Pretty Observations First Seen2023-03-07 17:55:22 Last Seen2024-02-14 12:12:56 Times Seen52 Hash 7a09c7092e8f36a0dc39b789b49dcf62 97a3667b625bf026f5f16bc2fa33affaefd47a5b 8703c94f4b4a9f3c9274d316563d3edaf890f903523a5ccc7fab8488d6684d79 Loading...

HTTP Transactions (101)

URL IP Response Size

favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=

45.133.200.3

200 OK

7.4 kB

URL HTTP/1.1
favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672), with CRLF line terminators
Size
7.4 kB (7412 bytes)
Hash
5e74e2618266ee942a46444b2194fc68
2d8caa39afae12504ca9f287bd969754cc12b282
11843c63be3956ef1c198cebf6312a6b1dfe018a42dd2c7bd81105d41eb9092b

HTTP Headers

GET /citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso= HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 17:23:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16962
Expires: Sat, 26 Nov 2022 22:06:36 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3966
Cache-Control: max-age=152000
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 17:23:54 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:37:14 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 17:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 281
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9001
Expires: Sat, 26 Nov 2022 19:53:55 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: gO8ht/MYPKChs3kj6CNuHOfJeYnbew3dC9kgwvviAa6tuGwAJgL309FRnJzWBij5xmn8MPvyPLI=
x-amz-request-id: DHG11T8YNSRTW39B
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 16:44:18 GMT
age: 2376
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 17:23:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

54.230.111.74

200 OK

32 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (594)
Size
32 kB (32212 bytes)
Hash
f3d0583a90191a6f465c09fe2afd4e46
7b0f701824dc9f5286dc06186e260bcc03d1f980
70dab6777acd9b32b462dceae9e949e58e860162136f505b95f7333b9ce25862

HTTP Headers

GET /citizensbank/olbprod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 01 Nov 2022 00:57:32 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:22 GMT
ETag: W/"39bf7a3a8df0e7cc7aac36800368843a"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=300
x-amz-version-id: n.3u3tglJzlUidakqrAu0WJ9p85U4QzX
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WH4FKTHXr-AP3F3vNqhhuvVyWowZtmIUCTDaa_itqcIcwUUxbcPhvA==
Age: 2219183

favaey.com/efs/efs/jsp-ns/pm_fp.js

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/efs/efs/jsp-ns/pm_fp.js
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

favaey.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

favaey.com/content/930e113327rn2365aa3b7b98b0447e8d

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/content/930e113327rn2365aa3b7b98b0447e8d
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

favaey.com/efs/efs/jsp-ns/scripts/common.js

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/efs/efs/jsp-ns/scripts/common.js
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
0be248ab35b108ffc525de8aef305799
b83dd8b19545e10a429c2525b9f21c72d881e217
83efa634e6c31a1f1126f276ab761a2ec0e1a5ebbed17639d08d494a6e393581

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83EFA634E6C31A1F1126F276AB761A2EC0E1A5EBBED17639D08D494A6E393581"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3567
Expires: Sat, 26 Nov 2022 18:23:21 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
0be248ab35b108ffc525de8aef305799
b83dd8b19545e10a429c2525b9f21c72d881e217
83efa634e6c31a1f1126f276ab761a2ec0e1a5ebbed17639d08d494a6e393581

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83EFA634E6C31A1F1126F276AB761A2EC0E1A5EBBED17639D08D494A6E393581"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Sat, 26 Nov 2022 18:23:54 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
0be248ab35b108ffc525de8aef305799
b83dd8b19545e10a429c2525b9f21c72d881e217
83efa634e6c31a1f1126f276ab761a2ec0e1a5ebbed17639d08d494a6e393581

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83EFA634E6C31A1F1126F276AB761A2EC0E1A5EBBED17639D08D494A6E393581"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3551
Expires: Sat, 26 Nov 2022 18:23:05 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
0be248ab35b108ffc525de8aef305799
b83dd8b19545e10a429c2525b9f21c72d881e217
83efa634e6c31a1f1126f276ab761a2ec0e1a5ebbed17639d08d494a6e393581

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83EFA634E6C31A1F1126F276AB761A2EC0E1A5EBBED17639D08D494A6E393581"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Sat, 26 Nov 2022 18:23:54 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
0be248ab35b108ffc525de8aef305799
b83dd8b19545e10a429c2525b9f21c72d881e217
83efa634e6c31a1f1126f276ab761a2ec0e1a5ebbed17639d08d494a6e393581

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83EFA634E6C31A1F1126F276AB761A2EC0E1A5EBBED17639D08D494A6E393581"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Sat, 26 Nov 2022 18:23:54 GMT
Date: Sat, 26 Nov 2022 17:23:54 GMT
Connection: keep-alive

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

104.110.3.220

200 OK

10 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
10 kB (10382 bytes)
Hash
e8a5a242bcaea8c7314ccbb04612d922
101e2286a81e108dd00c618032d793b2dc5366b3
8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5edc964deba56"
last-modified: Fri, 25 Nov 2022 05:35:31 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2188
x-olb-req-received: t=1668827814838463
content-length: 10382
cache-control: max-age=51080
expires: Sun, 27 Nov 2022 07:35:14 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

favaey.com/efs/efs/jsp-ns/pm_fp.js

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/efs/efs/jsp-ns/pm_fp.js
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/pm_fp.js HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19323%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

104.110.3.220

200 OK

4.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
4.0 kB (3967 bytes)
Hash
cc2102df58511c9a2653b1dff48ca8d7
64790e6adff6768178ab7d0ad9a4fbc2849b81f2
b9abbff7d9e75763790fd3b291f21525fe85583b397fe5f4b260bc99ff48aab7

HTTP Headers

GET /efs/efs/jsp-ns/scripts/main.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4c03-5edc964dedd7d"
last-modified: Sat, 19 Nov 2022 03:18:44 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=843
x-olb-req-received: t=1668827817542522
content-length: 3967
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

104.110.3.220

200 OK

39 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
39 kB (38875 bytes)
Hash
2940c843ff15ab8e9f02511625f33e57
98ccd0fb1d60770a1aadf90d41daa49cab543cb3
4aed3165815cc1806999483e40a47863accf1cead25769de0162921f2f590298

HTTP Headers

GET /efs/efs/jsp-ns/scripts/plugins.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "31d24-5edc96484685d"
last-modified: Sat, 19 Nov 2022 05:17:34 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=8436
x-olb-req-received: t=1668827814199087
content-length: 38875
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

104.110.3.220

200 OK

1.4 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (4237)
Size
1.4 kB (1394 bytes)
Hash
f42064b9d324029ba5cb5afccc50b641
3993f47a728f00ee410a143361ab33b0339455f7
b02a1a4d60ab1f5c740784e9a27a7f0a85178466573fb29fb0bd7afdccf7b5f0

HTTP Headers

GET /efs/efs/jsp-ns/scripts/placeholders.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "10aa-5edc9641ad425"
last-modified: Sat, 19 Nov 2022 05:49:10 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=364
x-olb-req-received: t=1668827814917307
content-length: 1394
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

104.110.3.220

200 OK

5.3 kB

URL HTTP/2
www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5277 bytes)
Hash
beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

HTTP Headers

GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 02:04:01 GMT
etag: "149d-5e849138ad893"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1669372146212644
x-olb-req-duration: D=142
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493391
expires: Fri, 02 Dec 2022 10:27:05 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

104.110.3.220

200 OK

3.1 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (17412)
Size
3.1 kB (3118 bytes)
Hash
ac9a70a6f100c02749dfadb709b6eadf
69906e55ace36c217a52d428029a3c71dc16a7e4
466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5edc9641aa92d"
last-modified: Sat, 19 Nov 2022 03:28:54 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=622
x-olb-req-received: t=1668827814981885
content-length: 3118
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

104.110.3.220

200 OK

1.2 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.2 kB (1227 bytes)
Hash
e9404d7ddc1ef0b93851879620bfea8a
69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5edc964de6466"
last-modified: Fri, 25 Nov 2022 04:03:03 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=474
x-olb-req-received: t=1669260236896980
content-length: 1227
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

104.110.3.220

200 OK

2.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Unicode text, UTF-8 text
Size
2.0 kB (1975 bytes)
Hash
07507f946ee4b2b9d4affc283b431119
00218cebeb305b00ae4ef74e4a67957d3c43e6f2
44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5edc9641a5725"
last-modified: Sat, 19 Nov 2022 03:46:29 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=572
x-olb-req-received: t=1668827815527521
content-length: 1975
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

104.110.3.220

200 OK

2.3 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
2.3 kB (2300 bytes)
Hash
0a445a15e0f09a7738952731fdf3fe9d
3d4cef20189303cc4f24c27da1b8d2043e700cea
173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5edc964debe3e"
last-modified: Thu, 24 Nov 2022 12:44:12 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=561
x-olb-req-received: t=1668827834741856
content-length: 2300
cache-control: max-age=44697
expires: Sun, 27 Nov 2022 05:48:51 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

104.110.3.220

200 OK

5.5 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
HTML document, ASCII text, with very long lines (14756)
Size
5.5 kB (5535 bytes)
Hash
088d590db53a3ede82a998537283c75d
87ed57fd5e2a623f35f80a3684c2de916ce4e2f8
d45c62a7108121887dc8866d445dde985d96b82143b3da2c9068e32caf316db4

HTTP Headers

GET /efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "3c36-5edc9641ad03d"
last-modified: Sat, 19 Nov 2022 03:32:42 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=843
x-olb-req-received: t=1668827814838439
content-length: 5535
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www4.citizensbankonline.com/akam/11/7c3ed55c

104.110.3.220

404 Not Found

9 B

URL HTTP/2
www4.citizensbankonline.com/akam/11/7c3ed55c
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 26 Nov 2022 17:23:54 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=69188B00930BAF4A02E36EABBC793234~000000000000000000000000000000~YAAQnE8kF8oW7IOEAQAAPZL3tBF1Zo8pfYk8ksdt+99Q1gGQ/cHBhu9vaJTA1sEs9g3c9BwEQ031M/oSIUJ0leGKvR2NAKN7Lj30wLIj8vKNXkkTiwrIHtiPKCTJSz70esCni+eHDWwF4lKrB4cFg9zc0bh1yMnOgQ9k6fMJxaFrGuFwBjLMY+cjJUQY2O1s6grkd/cxKx1aDPlQR7Qf0pVpU1cbbHLlL//lcd+uZ5jYHyRXKCwMODZhqDt/HNxEpqaIeLCux+48bKn/FLk8cGDVAhuyBGbUrJCAahMubMcHmTaOGxq37XdFkmYpf58vY+xdoPO6cLG4ir0IuLOB4RTGtZcyw1rBGCRX+jxgR3mBZkn3NFCjHoxbPt1zcqWCILvjdIFguTyHwVlJ0UuNfbmptRZa; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 26 Nov 2022 19:23:54 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

104.110.3.220

200 OK

32 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Size
32 kB (31968 bytes)
Hash
d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://favaey.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "7ce0-5edc9641aa545"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1668827814563595
x-olb-req-duration: D=167
access-control-allow-origin: *
cache-control: max-age=493503
expires: Fri, 02 Dec 2022 10:28:57 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

104.110.3.220

200 OK

29 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32089)
Size
29 kB (29409 bytes)
Hash
82481a92ac472d179954d66e38f72d07
ea65071dbc1ab11ed29e76bdd30eabbe6cdbc3ec
c8e2e6f9e0e01dcfec7f2633efdd7f8f9d78ba3920e86a0d1231f487928b5fe4

HTTP Headers

GET /efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "169d6-5edc9641ab8cd"
last-modified: Sat, 19 Nov 2022 05:49:15 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=4869
x-olb-req-received: t=1668836954687926
content-length: 29409
cache-control: max-age=55875
expires: Sun, 27 Nov 2022 08:55:09 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2

www4.citizensbankonline.com/akam/11/7c3ed55c

104.110.3.220

404 Not Found

9 B

URL HTTP/2
www4.citizensbankonline.com/akam/11/7c3ed55c
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

HTTP Headers

GET /akam/11/7c3ed55c HTTP/1.1
Host: www4.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
content-length: 9
cache-control: max-age=0
expires: Sat, 26 Nov 2022 17:23:54 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
set-cookie: ak_bmsc=AB2EBE7400733D1B2946038ADFDA45C5~000000000000000000000000000000~YAAQnE8kF88W7IOEAQAA/5L3tBGJGQHUvET/2PMuBs0mWfkx2HVdzCn2+oJFYaehKOYDw+9Xe7//jw4G/vA7/x8lSGqILUQ2dIru0w9FFoITav2CQva6JYyYe0sl7trP+9v9ThJlfxETt/y4bqEMbJLSrXHyX0YNJhgDSUoxL7sDXzAHZlob52IsDGvwDmAWxFK+vKp5wlR1OC0apGh4nr+wULXadiouz/pd8s4n3fmtm29rRdl0Xy5VuYzswZryokt3ghXq3v2CiuwOJfJUdmDSsNKENIGSfP+mAuG29Rhlfgx1CWPbHkqJbRnTOFMMdqQBmZXOU/ysmwuRtEH6QnvOKJ6fOD5qnyf3tHTEs3Y4t3B1rcerR5T+5PRb/fCRhYCRBQClDOg8G+JVylxS2/M6D2ve; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 26 Nov 2022 19:23:54 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/js/tealeaf.js

104.110.3.220

404 Not Found

9.9 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/js/tealeaf.js
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
9.9 kB (9934 bytes)
Hash
7a50763a326038e01ff7f9624d28066c
cae9d82811966f159a734f9402ace74eb01f17f8
c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411

HTTP Headers

GET /efs/efs/js/tealeaf.js HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:42:54 GMT
etag: "26ce-5c0694cac1b80"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1669483434654222
x-olb-req-duration: D=246
access-control-allow-origin: *
content-type: text/html
cache-control: max-age=824
expires: Sat, 26 Nov 2022 17:37:38 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=179, origin; dur=76
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=415E6D54F2159BA311C0205C219F2E5C~000000000000000000000000000000~YAAQnE8kF84W7IOEAQAA+ZL3tBFsWnySdBWbUovvQfDOQU4O2vLIpkagf880pXsvQd28RqSOY6eXSr4xOlyM7XE2xwWwa94WJ7QbnDIyabLPIUUdOxdhZtSjXY7inywXXJFy/2OTNyAUU1zqqKrHzigSJ8INANzfc9zYGXsBAIe8Yoxr5l2TPfkPNEtb8/LakSs+G6517VyZL0TPwtVy4rV0fWvIjjgAYhlVj5+4olECc9WbTuq3CwTJnN86JzYNwguDbBwEP79UrH2OAO/Y7A4m5NIFUdaUVcW0VFBJLoCP8AGVWI7NtibWog0/jsiNZvxzPrRx+GHZs+BgdrXxkQeuxTfrUoHLAa8M3vZgM7KUTYPp0UgUmNz7zCRnav1eyN2rLo021UzsPfxsyN4QhhldtlPT; Domain=.citizensbankonline.com; Path=/; Expires=Sat, 26 Nov 2022 19:23:54 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

104.110.3.220

200 OK

292 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
292 B (292 bytes)
Hash
18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

HTTP Headers

GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cc02a1"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1668827815970170
x-olb-req-duration: D=133
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493498
expires: Fri, 02 Dec 2022 10:28:52 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

favaey.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /efs/hhf/js/citizensHeaderFooter-citizensns42588.js HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19323%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

104.110.3.220

200 OK

364 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

HTTP Headers

GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbab17"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1668827815342368
x-olb-req-duration: D=104
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493475
expires: Fri, 02 Dec 2022 10:28:29 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

104.110.3.220

200 OK

1.0 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1017 bytes)
Hash
e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

HTTP Headers

GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1668827816045009
x-olb-req-duration: D=142
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493590
expires: Fri, 02 Dec 2022 10:30:24 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

104.110.3.220

200 OK

1.1 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1054 bytes)
Hash
dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

HTTP Headers

GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1668827815423547
x-olb-req-duration: D=123
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493608
expires: Fri, 02 Dec 2022 10:30:42 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

104.110.3.220

200 OK

165 B

URL HTTP/2
www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
165 B (165 bytes)
Hash
1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

HTTP Headers

GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5108"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1668827815734789
x-olb-req-duration: D=195
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493585
expires: Fri, 02 Dec 2022 10:30:19 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

104.110.3.220

200 OK

18 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Size
18 kB (18524 bytes)
Hash
022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://favaey.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:14 GMT
etag: "485c-5edc96483ef44"
accept-ranges: bytes
content-length: 18524
x-olb-req-received: t=1669372154801649
x-olb-req-duration: D=200
access-control-allow-origin: *
cache-control: max-age=493573
expires: Fri, 02 Dec 2022 10:30:07 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

104.110.3.220

200 OK

32 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Size
32 kB (31864 bytes)
Hash
0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://favaey.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "7c78-5edc964de8b76"
accept-ranges: bytes
content-length: 31864
x-olb-req-received: t=1668827816469223
x-olb-req-duration: D=162
access-control-allow-origin: *
cache-control: max-age=493666
expires: Fri, 02 Dec 2022 10:31:40 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

104.110.3.220

200 OK

28 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

HTTP Headers

GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://favaey.com
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "6ccc-5edc964de9b16"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1668827814877571
x-olb-req-duration: D=160
access-control-allow-origin: *
cache-control: max-age=493521
expires: Fri, 02 Dec 2022 10:29:15 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

favaey.com/content/930e113327rn2365aa3b7b98b0447e8d

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/content/930e113327rn2365aa3b7b98b0447e8d
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /content/930e113327rn2365aa3b7b98b0447e8d HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19323%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

favaey.com/efs/efs/jsp-ns/scripts/common.js

45.133.200.3

404 Not Found

238 B

URL HTTP/1.1
favaey.com/efs/efs/jsp-ns/scripts/common.js
IP
45.133.200.3:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1
Host: favaey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/citizen_bank/login.php?online_id=ed9560c7a1910618007433af5&country=&iso=
Cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=359503849%7CMCIDTS%7C19323%7CvVersion%7C5.0.1

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 17:11:12 GMT
cache-control: public,max-age=3600
age: 762
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png

104.110.3.220

200 OK

14 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13907 bytes)
Hash
172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e

HTTP Headers

GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:07 GMT
etag: "3653-5edc9641b8005"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1668827838626575
x-olb-req-duration: D=152
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493527
expires: Fri, 02 Dec 2022 10:29:21 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png

104.110.3.220

200 OK

11 kB

URL HTTP/2
www3.citizensbankonline.com/efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png
IP
104.110.3.220:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10871 bytes)
Hash
f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f

HTTP Headers

GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1
Host: www3.citizensbankonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Sat, 19 Nov 2022 02:15:20 GMT
etag: "2a77-5edc964df98fd"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1668827814386315
x-olb-req-duration: D=141
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=493465
expires: Fri, 02 Dec 2022 10:28:19 GMT
date: Sat, 26 Nov 2022 17:23:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2

nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D

54.230.111.74

200 OK

397 B

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (396)
Size
397 B (397 bytes)
Hash
c94acb72df7bf163799e96978f04bd5e
0d5016b83402da46425c3b58e6acd76a647b6932
f6282fca4d197a2b96a00c0568e02cddd7d96fa8721589918e42f99177b0357a

HTTP Headers

GET /citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Oct%2026%2015:44:19%20GMT%202022&ClientID=397&PageID=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 397
Connection: keep-alive
Server: nginx
Date: Sat, 26 Nov 2022 17:23:54 GMT
Expires: Sat, 26 Nov 2022 17:23:53 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GiiloMUthFui_KnZ-oGrpGaT8nqCFzSpMukCPIlTBQ3jwn0chvfgCw==

nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117

54.230.111.74

200 OK

31 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1970)
Size
31 kB (30927 bytes)
Hash
a0dba5dbfa16042bda087c6083552e9a
cc89e54e8e3270b77981a7432eab61216566d142
591fc45eb6acfef9e3b2135060c5aa24a0a1d2e16ee8212bbce4707a28904428

HTTP Headers

GET /citizensbank/olbprod/code/28663fdb1da63e0b261fc581f8084619.js?conditionId0=4921117 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 15 Nov 2022 01:44:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 12 Oct 2022 04:24:01 GMT
ETag: W/"7f943d1386ac8d666a04c5f7c1aca6a2"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: 7Vz_bNM1vqq_ptJsDOdn8z3nddxBTl2j
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DmpqM7o_40uMq305dUDEIfvsI424wXjs3rPJ3M5i_J-BDzHYbVRF9A==
Age: 1006769

nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909

54.230.111.74

200 OK

4.5 kB

URL HTTP/1.1
nexus.ensighten.com/citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (564)
Size
4.5 kB (4511 bytes)
Hash
4eee113a2cbdf5637739f6a81b76e867
ca348fd2104cca87655b1b8e628cedf28ab602c7
4f07acd76593e8e79d3b728d040920b09dd91517601cfd7b082694db3ba4a450

HTTP Headers

GET /citizensbank/olbprod/code/536077c15f077befae99755e07dfbfad.js?conditionId0=421909 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 01:28:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Wed, 26 Oct 2022 15:44:21 GMT
ETag: W/"83105033d3f7f9905b026d4c409b655e"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: UC6_GkBHShiJU9saRInmbngEX7lPiXpp
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HubzZzsMgqUHhNkM8HnIYjex_WIcEDsCkeutIrkUi-pSbE-h87XqRg==
Age: 1958129

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
f700a34fbaa5509fc98fa3e192f57174
1c2a4dbc974d066d387f71087f112dabf702be66
2fa1bb4c30ef1a1b899997a8038f2a4a4320117ce3c42e81475d143d5f110250

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:43:25 GMT
Expires: Sat, 03 Dec 2022 15:43:24 GMT
Etag: "1c2a4dbc974d066d387f71087f112dabf702be66"
Cache-Control: max-age=598168,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7704508d2e2eb523-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1d9982c4a878719ddada7e301fb40eca
b088389e7b4dca42ef7391324d6ebc7fc7d8e796
64dbc2a8bcfd6e778293004e63430dc61138124ce7a82e564d9bde62e90b5a60

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2736
Cache-Control: max-age=134918
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 17:23:55 GMT
Etag: "6381ad01-1d7"
Expires: Mon, 28 Nov 2022 06:52:33 GMT
Last-Modified: Sat, 26 Nov 2022 06:06:57 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

cdn.appdynamics.com/adrum/adrum-latest.js?

143.204.55.39

200 OK

40 kB

URL HTTP/1.1
cdn.appdynamics.com/adrum/adrum-latest.js?
IP
143.204.55.39:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (644)
Size
40 kB (40203 bytes)
Hash
cd86db0f552897dc33e8433d0cf9bad2
676df314ca85d1418ffb110f3979c31281da027d
fd30f76d2b4bebd4b4bd680793a8a993b46a15808c0cea0533e629fc2990889f

HTTP Headers

GET /adrum/adrum-latest.js? HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 06:21:09 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:13 GMT
ETag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2o4b8N06JDDqyc-tknQsP42a96OQq7V1XFHXr78B7d-re-dbffsDwQ==
Age: 1940566

dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300

52.213.200.83

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300
IP
52.213.200.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://favaey.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=28659144540930900972213312905793930897; Max-Age=15552000; Expires=Thu, 25 May 2023 17:23:55 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: NP9qgwASQt8=
Content-Length: 0
Connection: keep-alive

lptag.liveperson.net/tag/tag.js?site=89632304

178.249.101.23

200 OK

7.6 kB

URL HTTP/2
lptag.liveperson.net/tag/tag.js?site=89632304
IP
178.249.101.23:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (21652), with no line terminators
Size
7.6 kB (7567 bytes)
Hash
6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd

HTTP Headers

GET /tag/tag.js?site=89632304 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:55 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5758
Cache-Control: max-age=148734
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 17:23:55 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:42:49 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300

52.213.200.83

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300
IP
52.213.200.83:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1669483434300 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://favaey.com
Content-Type: application/x-www-form-urlencoded
Referer: http://favaey.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://favaey.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0078884aa.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: OdBlAjaxRH0=
Content-Length: 124
Connection: keep-alive

cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js

143.204.55.39

200 OK

20 kB

URL HTTP/1.1
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP
143.204.55.39:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (574)
Size
20 kB (20314 bytes)
Hash
cca1b9c013b93bd73bf4f55b122ba8db
ed011720d910a5b69db06ebaabcd95d013255752
d5ef573c9770681c3a75ec78445d0c785ca6659a0cf25f145ddfbae414b0b77a

HTTP Headers

GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Wed, 16 Nov 2022 01:06:39 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:12 GMT
ETag: W/"6317b608-d132"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RBTGTg3HUQEwSZxcP0Hylrn1AuMhlJVNk8Isgm-o4UJ0LrsAtUOBoQ==
Age: 922636

nebula-cdn.kampyle.com/wu/356861/onsite/embed.js

151.101.85.175

200 OK

516 B

URL HTTP/2
nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
IP
151.101.85.175:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (573)
Size
516 B (516 bytes)
Hash
0949250dbf9dfbf5a4b558745f9c2777
501ab60bb5a0f1febd09ff9335c897391f8fb8e4
25ca704d115ceeb422832620edfaf6425e94e31b10ecb420644a967e20105943

HTTP Headers

GET /wu/356861/onsite/embed.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 7q4E+xJya3JQN02XYVcawmxqX7Vp8BBOuEH782L5SG5wU1Ky5WmN4+xTgd0GSFqBZygzHz92MKg=
x-amz-request-id: T3YET0YCYQ48Q1VS
last-modified: Thu, 17 Nov 2022 01:43:28 GMT
etag: "d702a2b9ebe4f8826d0a3b100f1e7b3d"
x-amz-version-id: mptjfWx1ykDRDnf_B8nj8XXvWUEoGBBU
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 17:23:55 GMT
via: 1.1 varnish
age: 834002
x-served-by: cache-bma1636-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1669483435.323169,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 516
X-Firefox-Spdy: h2

nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js

151.101.85.175

301 Moved Permanently

0 B

URL HTTP/1.1
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP
151.101.85.175:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
Accept-Ranges: bytes
Date: Sat, 26 Nov 2022 17:23:55 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1643-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1669483435.375800,VS0,VE0
Strict-Transport-Security: max-age=31557600

nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js

151.101.85.175

200 OK

115 kB

URL HTTP/2
nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1668649406636.js
IP
151.101.85.175:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (53474)
Size
115 kB (115133 bytes)
Hash
7ed0576023d7e4cdb6411897ed856328
38ea0ed2a3b78b8ad6b474be67c5922124342c11
fbfdcefb6749b742b55a9d6c2d2e294772d67cf51a3ef7b1929ee75107ea1f7c

HTTP Headers

GET /us/wu/356861/onsite/generic1668649406636.js HTTP/1.1
Host: nebula-cdn.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://favaey.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: R245FGFYgLzgm6CjhZXX391x+/nrm8EsevbjLVXUitRuMOvvg1EDEb/G66Uls1eoe7HL3lmQCiY=
x-amz-request-id: T3Y691PWPTBXF4W3
last-modified: Thu, 17 Nov 2022 01:43:27 GMT
etag: "7dd7a0cbfa04919de4a6dd07c7075dbc"
x-amz-version-id: 9Qu9pUDBqhBI0WezIkmyLK82GWZf1Oui
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 17:23:55 GMT
via: 1.1 varnish
age: 834001
x-served-by: cache-bma1636-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1669483435.391473,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 115133
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
592389e535284cee4f6659f96994623b
89c472e79c36b06b3100c5eeccc47506015ef97d
00cca55c8aedba581b0bd42e0839a3913639777238fd4e7704156a33882d0c62

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=111665
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 17:23:55 GMT
Etag: "63815cdc-1d7"
Expires: Mon, 28 Nov 2022 00:25:00 GMT
Last-Modified: Sat, 26 Nov 2022 00:25:00 GMT
Server: nginx
Content-Length: 471

cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?

104.18.14.22

301 Moved Permanently

167 B

URL HTTP/1.1
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP
104.18.14.22:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://favaey.com/

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 17:23:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
X-Cache: Redirect from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wnqq_ZOKWHupT4nTp00o3zBRM0aoM_xn26Bu_JndBuYxz6YokV4a8A==
CF-Cache-Status: EXPIRED
Expires: Sat, 26 Nov 2022 21:23:55 GMT
Cache-Control: public, max-age=14400
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7704508e3bb6b4f4-OSL

smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669483435171

15.188.95.229

200 OK

48 B

URL HTTP/2
smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669483435171
IP
15.188.95.229:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
7452010a3561213b3094160bd5f65399
7ab8753a301e4a7d301b11304d040b774611e34c
d39a6bd74565ef523f07cca3cdfac18c6147fc8f4a09fcff920361ed010e9c2d

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1669483435171 HTTP/1.1
Host: smetrics.citizensbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://favaey.com
access-control-allow-credentials: true
date: Sat, 26 Nov 2022 17:23:55 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=0%7CMCMID%7C15178531482737223832785519712551286569; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Mon, 25 Nov 2024 17:23:23 GMT;
s_ecid=MCMID%7C15178531482737223832785519712551286569; Path=/; Domain=citizensbank.com; Max-Age=63072000; Expires=Mon, 25 Nov 2024 17:23:23 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
44f0dcff45b0899dd5f65000708d61e1
1a8f6f4585c68487da3adb790061c991168f0724
b922aaca991f53c094310868162c4a67e08bdab14e84b9b8fc65d1a141b614ab

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4596
Cache-Control: max-age=98259
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 17:23:55 GMT
Etag: "6381168a-117"
Expires: Sun, 27 Nov 2022 20:41:34 GMT
Last-Modified: Fri, 25 Nov 2022 19:24:58 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

push.services.mozilla.com/

52.42.234.253

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.234.253:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Kb9exP8xkskMaDTA7XazzQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VcczqfmZBkJLuoAr26O0/zLLLkk=

dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=15178531482737223832785519712551286569&ts=1669483435414

52.213.200.83

200 OK

1.3 kB

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=15178531482737223832785519712551286569&ts=1669483435414
IP
52.213.200.83:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (3749), with no line terminators
Size
1.3 kB (1312 bytes)
Hash
d7ebaaf19ee33e8fdbfad03c5dbbb546
3b5d3d923034e06333b165c62f989fc4aa86a3bb
ae78baaadeb14bac9e9c5af902d02dfb987c7b857bdcd685576563d79552457c

HTTP Headers

GET /id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=15178531482737223832785519712551286569&ts=1669483435414 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://favaey.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=15220194357960198162785217512029768014; Max-Age=15552000; Expires=Thu, 25 May 2023 17:23:55 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: bvijU6I9QGE=
Content-Length: 1312
Connection: keep-alive

citizensbank.demdex.net/dest5.html?d_nsid=0

52.213.200.83

200 OK

2.8 kB

URL HTTP/1.1
citizensbank.demdex.net/dest5.html?d_nsid=0
IP
52.213.200.83:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: citizensbank.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 26 Nov 2022 17:23:55 GMT
DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: ZgQ0JUt2Tbo=
transfer-encoding: chunked
Connection: keep-alive

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
cdc5682981929a8f836ca46e009febf5
bc1935501d17732f8fd910ef12eb5b9951ce938c
17dcbcd7f974a09574574c22f1707a423f8f12bce8b20033342b210e58f30bab

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 17:23:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Sat, 03 Dec 2022 14:16:27 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "bc1935501d17732f8fd910ef12eb5b9951ce938c"
Last-Modified: Sat, 26 Nov 2022 14:16:28 GMT
X-Proxy-Cache: HIT

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vZmF2YWV5LmNvbS9jaXRpemVuX2JhbmsvbG9naW4ucGhwP29ubGluZV9pZD1lZDk1NjBjN2ExOTEwNjE4MDA3NDMzYWY1JmNvdW50cnk9Jmlzbz0iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2OTQ4MzQzNTQ1NiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTg0YjRmNzk1YWMyYjYtMGExNTNiOTE5MzYwNWQtYzUwNTQyNS0xNDAwMDAtMTg0YjRmNzk1YWQ0NjEiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9mYXZhZXkuY29tL2NpdGl6ZW5fYmFuay9sb2dpbi5waHA/b25saW5lX2lkPWVkOTU2MGM3YTE5MTA2MTgwMDc0MzNhZjUmY291bnRyeT0maXNvPSIsIndlYnNpdGVJZCI6IDM1Njg2MSwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiOWY5OS01Y2U1LTU3ZjgtYjkyNy00ZWI1LWRlZjEtNDkxMS1mMmEwIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk0ODM0MzU0NTEiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDY3LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40OC4wIiwib25zaXRlX3ZlcnNpb24iOiAiMi40OC4wIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5NDgzNDM1NDU2LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vZmF2YWV5LmNvbS9jaXRpemVuX2JhbmsvbG9naW4ucGhwP29ubGluZV9pZD1lZDk1NjBjN2ExOTEwNjE4MDA3NDMzYWY1JmNvdW50cnk9Jmlzbz0iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2OTQ4MzQzNTQ1NiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTg0YjRmNzk1YWMyYjYtMGExNTNiOTE5MzYwNWQtYzUwNTQyNS0xNDAwMDAtMTg0YjRmNzk1YWQ0NjEiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9mYXZhZXkuY29tL2NpdGl6ZW5fYmFuay9sb2dpbi5waHA/b25saW5lX2lkPWVkOTU2MGM3YTE5MTA2MTgwMDc0MzNhZjUmY291bnRyeT0maXNvPSIsIndlYnNpdGVJZCI6IDM1Njg2MSwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiOWY5OS01Y2U1LTU3ZjgtYjkyNy00ZWI1LWRlZjEtNDkxMS1mMmEwIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk0ODM0MzU0NTEiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDY3LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40OC4wIiwib25zaXRlX3ZlcnNpb24iOiAiMi40OC4wIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5NDgzNDM1NDU2LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiT25saW5lIExvZ2luIHwgQ2l0aXplbnMiLCJwYWdlX3VybCI6ICJodHRwOi8vZmF2YWV5LmNvbS9jaXRpemVuX2JhbmsvbG9naW4ucGhwP29ubGluZV9pZD1lZDk1NjBjN2ExOTEwNjE4MDA3NDMzYWY1JmNvdW50cnk9Jmlzbz0iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2OTQ4MzQzNTQ1NiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTg0YjRmNzk1YWMyYjYtMGExNTNiOTE5MzYwNWQtYzUwNTQyNS0xNDAwMDAtMTg0YjRmNzk1YWQ0NjEiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtbWFpbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9mYXZhZXkuY29tL2NpdGl6ZW5fYmFuay9sb2dpbi5waHA/b25saW5lX2lkPWVkOTU2MGM3YTE5MTA2MTgwMDc0MzNhZjUmY291bnRyeT0maXNvPSIsIndlYnNpdGVJZCI6IDM1Njg2MSwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiOWY5OS01Y2U1LTU3ZjgtYjkyNy00ZWI1LWRlZjEtNDkxMS1mMmEwIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2Njk0ODM0MzU0NTEiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNDY3LCJrYW1weWxlX3ZlcnNpb24iOiAiMi40OC4wIiwib25zaXRlX3ZlcnNpb24iOiAiMi40OC4wIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY5NDgzNDM1NDU2LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-green-01fg
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=514678,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77045091dc7db523-OSL

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
985bbf89aec799e816fb9f4c192403c5
9f80e875be559a9b2c6c7d9f7896e70953e83e70
a553ed90a2ba0025f626eb7fc59a64aefd1bdf2a6bbcacdf50a5f811efc5ebd4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125804
Date: Sat, 26 Nov 2022 17:23:55 GMT
Etag: "63817d4a-1d7"
Expires: Mon, 28 Nov 2022 04:20:39 GMT
Last-Modified: Sat, 26 Nov 2022 02:43:22 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YAZYsFboSnGXAKf3rPE2tvcUmjutTO3q6Ek5z5GkybKBFV_UxYXYGg==
Age: 5837

report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c%3A0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pv=2&f_cls_s=true

3.87.234.62

200 OK

428 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c%3A0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pv=2&f_cls_s=true
IP
3.87.234.62:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
428 B (428 bytes)
Hash
84eb406e3cad888dde634a8338b03b43
e03ced3dc9bdb25b794bfcf933eed26ed2b829c7
b9e73a5ddb8907f9fa06a848452f638c69f401220d673a8b0fcaf5ad4c332365

HTTP Headers

GET /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c%3A0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pv=2&f_cls_s=true HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:55 GMT
Content-Type: application/json
Content-Length: 428
Connection: keep-alive
Set-Cookie: AWSALB=GArBahZWkVdsHBoXHuE7d9Y1tzGdeF41njusLFcwd0JM1Y9oH3OVt/q/iBEbhfsGKMgUDLHMTZTSN2j67UHNTUO4f8jk13an4qUsYRRbSfbRPzYGzWFEzamj4aRz; Expires=Sat, 03 Dec 2022 17:23:55 GMT; Path=/
AWSALBCORS=GArBahZWkVdsHBoXHuE7d9Y1tzGdeF41njusLFcwd0JM1Y9oH3OVt/q/iBEbhfsGKMgUDLHMTZTSN2j67UHNTUO4f8jk13an4qUsYRRbSfbRPzYGzWFEzamj4aRz; Expires=Sat, 03 Dec 2022 17:23:55 GMT; Path=/; SameSite=None; Secure
_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0; Secure; SameSite=None
_cls_cfgver=27baeec; Secure; SameSite=None
_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://favaey.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5035

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=514678,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77045091ec5db505-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=514677,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770450922c24b503-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
886ef3f0739f32fad7714c0b7cdfd6f3
740a8d656210f0842a8fe52659b9251549707d46
c2a27ff581a9dffe103cb677e4dd531f2c686fd0e57bcfdaacb9f60bdbbfe0d1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 16:31:55 GMT
Expires: Fri, 02 Dec 2022 16:31:54 GMT
Etag: "740a8d656210f0842a8fe52659b9251549707d46"
Cache-Control: max-age=514677,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770450922cccb523-OSL

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d3a5b4edb3e666614bdc18634f9588f7
7562e9eefe1da0a93c457950466c805d60278ddd
e43bf5f136f59507ca4d69c5fe57cdda15f97a857ea7237093725bff3f246800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 26 Nov 2022 17:23:56 GMT
Last-Modified: Sat, 26 Nov 2022 16:18:12 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: I0BlordSYLoPwg2CsmDQYWCvrlWoni5-UXlybtrStR5vMtNY5FGrzA==
Age: 3945

cm.everesttech.net/cm/dd?d_uuid=15220194357960198162785217512029768014

99.80.65.0

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=15220194357960198162785217512029768014
IP
99.80.65.0:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=15220194357960198162785217512029768014 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Sat, 26 Nov 2022 17:23:56 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4JLrAAAAE_GLgNn; Domain=.everesttech.net; Expires=Sun, 26-Nov-2023 17:23:56 GMT; Path=/
everest_session_v2="Y4JLrAAAAE@GLwNn"; Version=1; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4JLrAAAAE_GLgNn
Server: AMO-cookiemap/1.1

dpm.demdex.net/ibs:dpid=411&dpuuid=Y4JLrAAAAE_GLgNn

52.213.200.83

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4JLrAAAAE_GLgNn
IP
52.213.200.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y4JLrAAAAE_GLgNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://favaey.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0bb46f593.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4JLrAAAAE_GLgNn
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=01262643640133415474360345994951018959; Max-Age=15552000; Expires=Thu, 25 May 2023 17:23:56 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Bk9kXuBTSq0=
Content-Length: 0
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14477
Expires: Sat, 26 Nov 2022 21:25:13 GMT
Date: Sat, 26 Nov 2022 17:23:56 GMT
Connection: keep-alive

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

31 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
data
Size
31 kB (31379 bytes)
Hash
f8fb6ad11a18fdb46e44700a74ffe8a7
50d2f5f653accf93c6da643a3857b3b2c03d1200
61ef3b261755e5723ae74abdb5a050d8314db15540ec976a3543ddf1039d5292

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:56 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 26 Nov 2023 17:23:56 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14477
Expires: Sat, 26 Nov 2022 21:25:13 GMT
Date: Sat, 26 Nov 2022 17:23:56 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15818 bytes)
Hash
17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HgiyaodE2vJx5JL8QfOiTersSAgAwq74gtsPkpHUhnQ3In2vZ-3rbQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:09 GMT
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
age: 67847
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ezHvyK3va4SioabOjSittTiLQRs_Q8k4TPxkiGp_svtZ8omDPTUN-A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 05:04:28 GMT
age: 44368
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

30 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (32003)
Size
30 kB (29683 bytes)
Hash
58d2afa996d203d2a83d0b7916a9e633
6c325ea0e320b996782f0c1c5d2ef07012b81213
4cf73850c23da4c905b6a25f76e0aaad7e8e4d87b7b3c4578ee6a179b5d10d6d

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:56 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:24 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 26 Nov 2023 17:23:56 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

12 kB

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type
data
Size
12 kB (11705 bytes)
Hash
ba1a20b15e69f2db3cb11bbc8ac63b2d
9c80125cb0f2352272344c727390a076b026c830
18fe0387ba228e971a4773c2606dea5fd080c15ad37e910d7ce102e91b4b4634

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:55 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 26 Nov 2023 17:23:55 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB

178.249.101.99

200 OK

4.9 kB

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type
data
Size
4.9 kB (4884 bytes)
Hash
186e4db2ccb4aa21305c5effa9cee9e9
5db39447cbe8713035f3e73eafc2f18c9ab02e86
d3a62f0914a3fb2034d99ed777823fc01122bea4d4675de2414b7bc68796d75d

HTTP Headers

GET /api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:56 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:18|g:49d5ee8c-7c99-4772-8842-f7ad9ea7c4f0; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:26 GMT; Path=/
ADRUM_BTa=R:18|g:49d5ee8c-7c99-4772-8842-f7ad9ea7c4f0|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:26 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:26 GMT; Path=/; Secure
ADRUM_BT1=R:18|i:2241585; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:26 GMT; Path=/
ADRUM_BT1=R:18|i:2241585|e:6; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:26 GMT; Path=/
vary: Accept
expires: Sat, 26 Nov 2022 17:24:56 GMT
x-envoy-upstream-service-time: 2
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?

104.18.14.22

200 OK

242 kB

URL HTTP/2
cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
IP
104.18.14.22:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
242 kB (242425 bytes)
Hash
49c304e6bc47eefffde5ce40e7dd78ea
48782459dc4c487d832a4c039f851fd07f6d516a
02d14c7cb6b4fcdd5438b44135ffa8d417f9aa9aeb0066d33c5f9de28b159017

HTTP Headers

GET /citizen/OLB/p/detector-dom.min.js? HTTP/1.1
Host: cdn.glassboxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://favaey.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:55 GMT
content-type: application/javascript
last-modified: Thu, 13 May 2021 10:48:21 GMT
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
content-encoding: gzip
etag: W/"845173368b011e7fa14658b57426fe09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: TjES7ym4ShstKtpj1GLznZjl8VeU-G2N0yGQlAXn4IB-OQXucq9_RQ==
cf-cache-status: HIT
age: 3904
expires: Sat, 26 Nov 2022 21:23:55 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 7704508fcad4b518-OSL
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8913 bytes)
Hash
5088223f5973e3cd56f03f50a1e84b79
0b6c9b51d10762a4747286ab5b1c2354fa39c622
8159e4f7eec7bea518bb29e3fdb070bab4fb70116205577f7b7d74ad4d0dfbc7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8913
x-amzn-requestid: d0a9414c-eccf-44e8-adb7-92654544eeb5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWXEpeIAMFnzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-5825510666b3e80a5f83cafa;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LDrq5UcFhG63XFZhmeS5Z_mEkwrvuQ2bLfT8hV9I3E1s1lJLZF5Dww==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
age: 70652
etag: "0b6c9b51d10762a4747286ab5b1c2354fa39c622"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=1&cfg&pv=2&aid=

3.87.234.62

200 OK

428 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=1&cfg&pv=2&aid=
IP
3.87.234.62:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
428 B (428 bytes)
Hash
84eb406e3cad888dde634a8338b03b43
e03ced3dc9bdb25b794bfcf933eed26ed2b829c7
b9e73a5ddb8907f9fa06a848452f638c69f401220d673a8b0fcaf5ad4c332365

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4683
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Cookie: _cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0; _cls_cfgver=27baeec; _cls_v=364c7036-2b06-404d-a599-142b0a75e8ee; AWSALBCORS=GArBahZWkVdsHBoXHuE7d9Y1tzGdeF41njusLFcwd0JM1Y9oH3OVt/q/iBEbhfsGKMgUDLHMTZTSN2j67UHNTUO4f8jk13an4qUsYRRbSfbRPzYGzWFEzamj4aRz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:57 GMT
Content-Type: application/json
Content-Length: 428
Connection: keep-alive
Set-Cookie: AWSALB=OLaPVQTQ5eGPQdLl3+YiJbHzacoiQOA9nQdqwFwMV9bLSiWxnKZC3i6IacpSpdSBRsPdwSVgbUSOflFSItri98uj9rLd+SkuXNkmg4s2oOcyoKXO811OSLse9L2f; Expires=Sat, 03 Dec 2022 17:23:57 GMT; Path=/
AWSALBCORS=OLaPVQTQ5eGPQdLl3+YiJbHzacoiQOA9nQdqwFwMV9bLSiWxnKZC3i6IacpSpdSBRsPdwSVgbUSOflFSItri98uj9rLd+SkuXNkmg4s2oOcyoKXO811OSLse9L2f; Expires=Sat, 03 Dec 2022 17:23:57 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://favaey.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5035

3.87.234.62

200 OK

428 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=2&cfg&pv=2&aid=
IP
3.87.234.62:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (737), with no line terminators
Size
428 B (428 bytes)
Hash
84eb406e3cad888dde634a8338b03b43
e03ced3dc9bdb25b794bfcf933eed26ed2b829c7
b9e73a5ddb8907f9fa06a848452f638c69f401220d673a8b0fcaf5ad4c332365

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=2&cfg&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 7902
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Cookie: _cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0; _cls_cfgver=27baeec; _cls_v=364c7036-2b06-404d-a599-142b0a75e8ee; AWSALBCORS=GArBahZWkVdsHBoXHuE7d9Y1tzGdeF41njusLFcwd0JM1Y9oH3OVt/q/iBEbhfsGKMgUDLHMTZTSN2j67UHNTUO4f8jk13an4qUsYRRbSfbRPzYGzWFEzamj4aRz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:57 GMT
Content-Type: application/json
Content-Length: 428
Connection: keep-alive
Set-Cookie: AWSALB=yY35Nco56vUun51s/yhGmNxknFkTKJj3Tz0knN5Iuqo2j74KrgpmdkCs7uQc9fitK3eouos+2DZsjpCAS96RdohOGHQLlb7loM03xPQ358moaHj3KxXexQaUGbAo; Expires=Sat, 03 Dec 2022 17:23:57 GMT; Path=/
AWSALBCORS=yY35Nco56vUun51s/yhGmNxknFkTKJj3Tz0knN5Iuqo2j74KrgpmdkCs7uQc9fitK3eouos+2DZsjpCAS96RdohOGHQLlb7loM03xPQ358moaHj3KxXexQaUGbAo; Expires=Sat, 03 Dec 2022 17:23:57 GMT; Path=/; SameSite=None; Secure
_cls_cfgver=27baeec; Secure; SameSite=None
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://favaey.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5035

3.87.234.62

200 OK

139 B

URL HTTP/1.1
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=3&cfg=27baeec&pv=2&aid=
IP
3.87.234.62:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
84135181ca91cfc5da90d3a4f9ebf6b2
6df87c9fb17c88e99d7803cee263223515a0aaf7
524ed2396ac1deb6b451abefda06c3b7245906a26a6802e2a929b24c99b00bf7

HTTP Headers

POST /glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0&_cls_v=364c7036-2b06-404d-a599-142b0a75e8ee&pid=b1da549f-d44c-4a4f-a8c3-3ed98d030477&sn=3&cfg=27baeec&pv=2&aid= HTTP/1.1
Host: report.citizen.glassboxdigital.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 314
Origin: http://favaey.com
Connection: keep-alive
Referer: http://favaey.com/
Cookie: _cls_s=c00c43db-ad75-4520-82f3-b3e522175c0c:0; _cls_cfgver=27baeec; _cls_v=364c7036-2b06-404d-a599-142b0a75e8ee; AWSALBCORS=OLaPVQTQ5eGPQdLl3+YiJbHzacoiQOA9nQdqwFwMV9bLSiWxnKZC3i6IacpSpdSBRsPdwSVgbUSOflFSItri98uj9rLd+SkuXNkmg4s2oOcyoKXO811OSLse9L2f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:57 GMT
Content-Type: application/json
Content-Length: 139
Connection: keep-alive
Set-Cookie: AWSALB=uZW2zkzZIOcKs5eH+JscVG3jxNwUkwYebmo/eeUas9CzDBrVKv6EXAZZgpyYFqkaKMap7iJ2/Konft2vcF8zl2OfHVMOwPd4hepnp6nZSQIRNZYJKt0wuw8/VRhw; Expires=Sat, 03 Dec 2022 17:23:57 GMT; Path=/
AWSALBCORS=uZW2zkzZIOcKs5eH+JscVG3jxNwUkwYebmo/eeUas9CzDBrVKv6EXAZZgpyYFqkaKMap7iJ2/Konft2vcF8zl2OfHVMOwPd4hepnp6nZSQIRNZYJKt0wuw8/VRhw; Expires=Sat, 03 Dec 2022 17:23:57 GMT; Path=/; SameSite=None; Secure
ROUTEID=.cligate1; path=/
Server: GlassBox Cligate
access-control-allow-origin: http://favaey.com
vary: origin
access-control-allow-credentials: true
content-encoding: gzip
X-Robots-Tag: noindex
GB-Server: g5035

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
b00c05af4a5c6ed7029ce684de0f278b
836e13265c8ff69b0c0418f1be9eb739a8ef18e8
d5a3dfc88731e891c3c63778cb11c98a58245478b82b4d4895128f7005bd3976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 13:42:45 GMT
Expires: Wed, 30 Nov 2022 13:42:44 GMT
Etag: "836e13265c8ff69b0c0418f1be9eb739a8ef18e8"
Cache-Control: max-age=331726,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7704509dac1eb523-OSL

va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669483437333&loc=http%3A%2F%2Ffavaey.com

208.89.15.170

200 OK

5.3 kB

URL HTTP/2
va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1669483437333&loc=http%3A%2F%2Ffavaey.com
IP
208.89.15.170:0
ASN
#11054 LIVEPERSON

File type
data
Size
5.3 kB (5342 bytes)
Hash
16071ba2abe3625cef8d2c0db0ffbe91
0842d82796d06bb2f5d53b0a495069b4045d6367
913cc863c304b9a36572bdd15a6fb119bd7e8bbbec2ed154d9641785412fb260

HTTP Headers

GET /postmessage/postmessage.min.html?bust=1669483437333&loc=http%3A%2F%2Ffavaey.com HTTP/1.1
Host: va.idp.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:57 GMT
content-type: text/html
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
etag: W/"5f2ff440-2a51"
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ac05074fa9d0ea07b44c3d559178cb4f
f1247b69ed3e53b036499fb00adea527f837358f
ea465a630f433ef3029df16f0426fccb39140bc17ae0049f27b710fbde8669c0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 17:23:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 11:37:41 GMT
Expires: Fri, 02 Dec 2022 11:37:40 GMT
Etag: "f1247b69ed3e53b036499fb00adea527f837358f"
Cache-Control: max-age=497021,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770450a32a8eb523-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f9ce01388b204e5885532315b3f768e8
1799f5d81be7b8407f7876c82b0d9c68db99e646
33a849a169895ae3f500f7ecd737dca32e509b6687b211e425f240a0805207ec

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5676
Cache-Control: max-age=88565
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 17:24:02 GMT
Etag: "6380ec7b-1d7"
Expires: Sun, 27 Nov 2022 18:00:07 GMT
Last-Modified: Fri, 25 Nov 2022 16:25:31 GMT
Server: ECS (amb/6B7F)
X-Cache: HIT
Content-Length: 471

lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:55 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:03:25 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 26 Nov 2023 17:23:55 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Ffavaey.com&site=89632304&env=prod&isCrossDomain=true

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Ffavaey.com&site=89632304&env=prod&isCrossDomain=true
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=http%3A%2F%2Ffavaey.com&site=89632304&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:56 GMT
content-type: text/html
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 26 Nov 2023 17:23:56 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

178.249.101.99

200 OK

0 B

URL HTTP/2
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:55 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:18|g:27413490-8ae8-4ac3-8b73-291811c36d08; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:25 GMT; Path=/
ADRUM_BTa=R:18|g:27413490-8ae8-4ac3-8b73-291811c36d08|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:25 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:25 GMT; Path=/; Secure
ADRUM_BT1=R:18|i:2241585; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:25 GMT; Path=/
ADRUM_BT1=R:18|i:2241585|e:7; Max-Age=30; Expires=Sat, 26-Nov-2022 17:24:25 GMT; Path=/
vary: Accept
expires: Sat, 26 Nov 2022 17:24:55 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

va.v.liveperson.net/api/js/89632304?&cb=lpCb96995x66664&t=sp&ts=1669483437318&pid=7349094189&tid=8842617083&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2241210493-f0dd-4742-a104-93f0dd074299%22%2C%22account%22%3A%2289632304%22%7D%5D

208.89.12.87

200 OK

0 B

URL HTTP/2
va.v.liveperson.net/api/js/89632304?&cb=lpCb96995x66664&t=sp&ts=1669483437318&pid=7349094189&tid=8842617083&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2241210493-f0dd-4742-a104-93f0dd074299%22%2C%22account%22%3A%2289632304%22%7D%5D
IP
208.89.12.87:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/js/89632304?&cb=lpCb96995x66664&t=sp&ts=1669483437318&pid=7349094189&tid=8842617083&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Ffavaey.com%2Fcitizen_bank%2Flogin.php%3Fonline_id%3Ded9560c7a1910618007433af5%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2241210493-f0dd-4742-a104-93f0dd074299%22%2C%22account%22%3A%2289632304%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:58 GMT
content-type: application/javascript
set-cookie: LPVisitorID=U1ZDhkOWUyOTg5YmJmYzA0; Expires=Sun, 26-Nov-2023 17:23:58 GMT; Path=/; HttpOnly
LPSessionID=vSs22vYjSSSVV4g7yWNlJQ; Path=/api/js/89632304; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Ffavaey.com&site=89632304&force=1&env=prod&isCrossDomain=true

178.249.97.98

200 OK

0 B

URL HTTP/2
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Ffavaey.com&site=89632304&force=1&env=prod&isCrossDomain=true
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=http%3A%2F%2Ffavaey.com&site=89632304&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://favaey.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 17:23:56 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 22:00:32 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sun, 26 Nov 2023 17:23:56 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (40)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP