r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3429
Expires: Fri, 27 Jan 2023 03:36:24 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20811
Expires: Fri, 27 Jan 2023 08:26:06 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 01:42:58 GMT
content-type: application/json
age: 3377
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5692
Expires: Fri, 27 Jan 2023 04:14:07 GMT
Date: Fri, 27 Jan 2023 02:39:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YRKIkkxHLGsymiyrJNJIfRxenbr3rJvz3QTYKjShr7qZbxk+A4AkyOqWdHTlUIHNwge+/BIb4jU=
x-amz-request-id: AH7YB748AXEVAFRZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 01:49:13 GMT
age: 3002
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 02:39:15 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 01:41:40 GMT
age: 3455
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
200 OK 38 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
IP
ASN #21501 Host Europe GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF line terminators
Hash cee920674f25cc8e1d99fa733d0e85ba
9fff38391cda872ee1ea53eb599fa8371b0563da
f8eb694fb421a63949eeafc84de0cb53b55941bb8df42f56ad071fb706c999c8
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/ HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:15 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 38445
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2412
Expires: Fri, 27 Jan 2023 03:19:28 GMT
Date: Fri, 27 Jan 2023 02:39:16 GMT
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff
200 OK 76 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff
IP
ASN #21501 Host Europe GmbH
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Light.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801713-12712-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 75538
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff
200 OK 79 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff
IP
ASN #21501 Host Europe GmbH
File type Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Hash b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Regular.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801708-133aa-5f332d617d2ed"
Accept-Ranges: bytes
Content-Length: 78762
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff
200 OK 72 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff
IP
ASN #21501 Host Europe GmbH
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash 9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Interstate-Bold.woff HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80171b-118c2-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 71874
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: font/woff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js
200 OK 93 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js
IP
ASN #21501 Host Europe GmbH
File type ASCII text, with very long lines (577), with CRLF line terminators
Hash cd9a01f7849b534916657b9f1d3efd2b
5dee9128c3f16c81ac4826a05e032520601af6ce
1613ce76209129abdd48df9dcbd4df8061905c2f1b439a84c91c29d37461910f
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/js/Bootstrap.js HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:13 GMT
ETag: "a801723-45e8f-5f332d653de16-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css
200 OK 159 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css
IP
ASN #21501 Host Europe GmbH
File type Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size 159 kB (158660 bytes)
Hash 7ebcd2fe88b0261210306fc048761108
0a5641bfc99ea4a7cf3b8aa64567d22060536b2d
3ac180be4bf58a3bd43434f682561c7fc56c3a3a739bd905909252f26fff1dbc
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/styles.css HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016fa-152f86-5f332d617c735-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/css
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TPBsT5YGzR+nHrfDbzrBEw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: K3s9tgM/o1IG6bS+UUPb21cB7h0=
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0780584f2.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=00037358233874798622196895350817816891; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:16 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: O5hV8BbCR2A=
Content-Length: 0
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png
200 OK 12 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/320_Citi-PLT@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016ff-2d2a-5f332d617cb1d"
Accept-Ranges: bytes
Content-Length: 11562
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241
200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1674787156241 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://mpu-solutions.com
Content-Type: application/x-www-form-urlencoded
Referer: http://mpu-solutions.com/
Connection: keep-alive
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0e1730cee.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: VAg8H2rwR28=
Content-Length: 124
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg
200 OK 2.7 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/citipridelogo.jpg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801715-a62-5f332d617dabd"
Accept-Ranges: bytes
Content-Length: 2658
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg
200 OK 1.8 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg
IP
ASN #21501 Host Europe GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/050-location@2x.svg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801719-6d8-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 1752
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif
200 OK 37 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif
IP
ASN #21501 Host Europe GmbH
File type GIF image data, version 89a, 60 x 60\012- data
Hash 9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/jamp-spinner-2x.gif HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801712-8ff7-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 36855
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/gif
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png
200 OK 28 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801717-6df5-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 28149
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg
200 OK 3.5 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg
IP
ASN #21501 Host Europe GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80170d-dc3-5f332d617d2ed"
Accept-Ranges: bytes
Content-Length: 3523
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg
200 OK 175 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg
IP
ASN #21501 Host Europe GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size 175 kB (174933 bytes)
Hash 4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/LSO_4959.jpg HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801703-2ab55-5f332d617cf05"
Accept-Ranges: bytes
Content-Length: 174933
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787156489
200 OK 89 B URL HTTP/1.1 metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787156489
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash f3ff9c8e7c7ccb49456086761da3e3ec
e5707a7c5eeb070602181e786a2747c48c874467
041d7b0bf36d5b4a9895d935efed52f5328d83c91a2c3a82c9abe46447ee30df
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1674787156489 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
access-control-allow-origin: http://mpu-solutions.com
access-control-allow-credentials: true
date: Fri, 27 Jan 2023 02:39:16 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31E99CAA31AB1751-40001AA936CD2B9A[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C45741818832128767153281298620473809350; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT;
s_ecid=MCMID%7C45741818832128767153281298620473809350; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 02:39:39 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png
200 OK 45 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Hash 7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a8016fd-afc4-5f332d617cb1d"
Accept-Ranges: bytes
Content-Length: 44996
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png
200 OK 1.3 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_twitter@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80171d-4fd-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 1277
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png
200 OK 445 B URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_facebook@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a801716-1bd-5f332d617dea5"
Accept-Ranges: bytes
Content-Length: 445
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png
500 Internal Server Error 251 B URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png
IP
ASN #21501 Host Europe GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9142176c5ccdb63bc03d514412d42b00
6c2eee1ba6dae02385c94121a3465329f7587d33
d44ef6cef0d915260653c10e6b0b08f295385f542e73e7cb779e2be26a15255f
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/Citi-Branding-Sprite.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 500 Internal Server Error
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=45741818832128767153281298620473809350&d_cid_ic=AVID%0131E99CAA31AB1751-40001AA936CD2B9A&ts=1674787156643
200 OK 302 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=45741818832128767153281298620473809350&d_cid_ic=AVID%0131E99CAA31AB1751-40001AA936CD2B9A&ts=1674787156643
IP
File type JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Hash 68ee5ffed2e88ecbf45f33af7f94058e
03febdad889c4f53302315015688f656509f8e52
dd4e4dc3a8a191d99a0b8b34d13d865065feff7e865fdf0d6f543e26af2aea8f
GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=45741818832128767153281298620473809350&d_cid_ic=AVID%0131E99CAA31AB1751-40001AA936CD2B9A&ts=1674787156643 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mpu-solutions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-06601d6e7.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=39522869465823605842605923425365532773; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:16 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: CytIwO3MSBM=
Content-Length: 302
Connection: keep-alive
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png
200 OK 1.2 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/css/social-media_youtube@3x.png HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:09 GMT
ETag: "a80170f-497-5f332d617d6d5"
Accept-Ranges: bytes
Content-Length: 1175
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 27 Jan 2023 01:25:29 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2UAdixwI5llP3ABW25lML_2toczLZFeElAXSrQE40B5w2Pao-h9YZg==
Age: 4427
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=5672846.506508699&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F
200 OK 533 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?r=5672846.506508699&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F
IP
File type ASCII text, with very long lines (1155)
Hash b57d467405a35a01b7bba27b80dcbc09
049d102988e1580d285c5b18de91a227238a83e6
f3ed78269685b26891cccf9f963cd37342cf82ec4c770e97ae7001e4608f5d60
GET /citi/na_prod/serverComponent.php?r=5672846.506508699&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 27 Jan 2023 02:39:16 GMT
Expires: Fri, 27 Jan 2023 02:39:15 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SVYsiHzubIAj4iZwiqcEXslPgLMS5MML8wKjY9eVCFYJrcJo9DJH4g==
nexus.ensighten.com/citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757
200 OK 12 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757
IP
File type ASCII text, with very long lines (624)
Hash 9a21efb810e005f76e430bb10b2ce0cc
e6b0785bc2b3bb8d9a797160f18c7370ebe82596
3b97a219fb963980a4c1ce378411151ebfb84bb4c0bb1cba37a8904bf19e5203
GET /citi/na_prod/code/0c8578d3084e73e1322327bf02dbbd66.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 24 Jan 2023 19:03:19 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 24 Jan 2023 19:00:09 GMT
ETag: W/"164d0faee75a2f7c85d81bc3a7146002"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: MEQHyFHZiQJGYPyMAwbUe8bzCLmiLli9
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8yzPfJu8gS9Bl2vCn2504Z6WxKsMEkQM4fpWa-cSBI8ql-Mq5-17qQ==
Age: 200158
nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
200 OK 1.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
IP
File type ASCII text, with very long lines (619)
Hash a05915f969bf171c0654f5d393072216
75cefb35166449bf83bb2d37aef23573e0a84b08
545459f7e277145aae24c10c6871e7de74c5b7d890fd6b8fee26b9d578ab1976
GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Dec 2022 07:24:16 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1PqOYyyVEM3P-bX2HKHTnugoWDV9BziryiAcA3-kWWCOlCSi8hLwFA==
Age: 3870900
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 10 Dec 2022 06:06:17 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NT-phpITErkAD65WyuVnOl-o1XRRq3x9v6jX2JOBDiYbUX4fw436KQ==
Age: 4134780
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 10 Jan 2023 01:21:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0GUyidVXBhoTBcSH9KZ-gDInT27IgMItC-kgRacXhWk2bAhvnNX4xA==
Age: 1473438
nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908
200 OK 36 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908
IP
File type ASCII text, with very long lines (574)
Hash fe212defeb4db8542ec0cbf3b1b718eb
4d8f3807fd8f338e2f8c70f0b5b16da74b188ebd
65995fbc67e8300388fcd61aeb2a2bc0375bf5ffc95e894876c19ef268897f5c
GET /citi/na_prod/code/8f7b4d3799caf9bf6af3b6b62cf4ac19.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 24 Jan 2023 19:03:19 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 24 Jan 2023 19:00:09 GMT
ETag: W/"7c6ed2a2e5419784aa286802d8321cac"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: vmiujIR6LRxZmQcVHZsuRM62q4klkTqH
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e6cPRzDynd5Rq-GDDYM_B8pjsAThcxfZEvt-xR-8hSoLMfo1uJvVJw==
Age: 200158
fast.citi.demdex.net/dest5.html?d_nsid=0
200 OK 2.8 kB URL HTTP/1.1 fast.citi.demdex.net/dest5.html?d_nsid=0
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cm.everesttech.net/cm/dd?d_uuid=39522869465823605842605923425365532773
301 Moved Permanently 134 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=39522869465823605842605923425365532773
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cm/dd?d_uuid=39522869465823605842605923425365532773 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=39522869465823605842605923425365532773
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=43e2a78fb5894d95a1fe66d3e0e0f254&mboxPC=&mboxPage=72e97a7d92124957ba0a39510e03028e&mboxRid=8d180cf0aa924ca19e9fd06ce7b641c9&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787156252&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=26F6F3698BE1CB28-00727F3BF4213484&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=45741818832128767153281298620473809350&mboxMCAVID=31E99CAA31AB1751-40001AA936CD2B9A&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
200 142 B URL HTTP/1.1 citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=43e2a78fb5894d95a1fe66d3e0e0f254&mboxPC=&mboxPage=72e97a7d92124957ba0a39510e03028e&mboxRid=8d180cf0aa924ca19e9fd06ce7b641c9&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787156252&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=26F6F3698BE1CB28-00727F3BF4213484&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=45741818832128767153281298620473809350&mboxMCAVID=31E99CAA31AB1751-40001AA936CD2B9A&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 98365bb68ab2bf0995f68daa808714b9
a392e4160adaa534ee76aeed6d355f2654e6adb2
f58336bf5fa10e167b942404d3beae51f4aee7a90d91a98db5eb98dd3acf0706
GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=43e2a78fb5894d95a1fe66d3e0e0f254&mboxPC=&mboxPage=72e97a7d92124957ba0a39510e03028e&mboxRid=8d180cf0aa924ca19e9fd06ce7b641c9&mboxVersion=1.7.0&mboxCount=1&mboxTime=1674787156252&mboxHost=mpu-solutions.com&mboxURL=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=26F6F3698BE1CB28-00727F3BF4213484&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=45741818832128767153281298620473809350&mboxMCAVID=31E99CAA31AB1751-40001AA936CD2B9A&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200
Date: Fri, 27 Jan 2023 02:39:16 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://mpu-solutions.com
Access-Control-Allow-Credentials: true
X-Request-ID: 8d180cf0aa924ca19e9fd06ce7b641c9
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=43e2a78fb5894d95a1fe66d3e0e0f254; Max-Age=1860; Expires=Fri, 27-Jan-2023 03:10:16 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=43e2a78fb5894d95a1fe66d3e0e0f254.37_0; Max-Age=63244800; Expires=Tue, 28-Jan-2025 02:39:16 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
c1.rfihub.net/js/tc.min.js
200 OK 6.2 kB URL HTTP/1.1 c1.rfihub.net/js/tc.min.js
IP
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Fri, 27 Jan 2023 02:27:43 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 27 Jan 2023 03:27:43 GMT
Last-Modified: Fri, 27 Jan 2023 02:27:33 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mYqEmgd3hpFtiDCBsSywh8A4MxeyAMH9M0fWUXzGJOQvWuUmQzZAyQ==
Age: 693
mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico
200 OK 8.7 kB URL HTTP/1.1 mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico
IP
ASN #21501 Host Europe GmbH
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
Analyzer Verdict Alert urlquery phishing Phishing - Citi
GET /release/f6ed89f7f3b553b31db936eec7e6136e/ses/img/favicon.ico HTTP/1.1
Host: mpu-solutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/release/f6ed89f7f3b553b31db936eec7e6136e/ses/
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19385%7CMCMID%7C45741818832128767153281298620473809350%7CMCAID%7C31E99CAA31AB1751-40001AA936CD2B9A%7CMCOPTOUT-1674794356s%7CNONE%7CvVersion%7C3.1.2; check=true; mbox=session#43e2a78fb5894d95a1fe66d3e0e0f254#1674789017; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:16 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2023 23:09:02 GMT
ETag: "a8016e4-222b-5f332d5ab073d"
Accept-Ranges: bytes
Content-Length: 8747
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/x-icon
20766699p.rfihub.com/ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059
302 Found 0 B URL HTTP/1.1 20766699p.rfihub.com/ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 27 Jan 2023 02:39:17 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059
Content-Length: 0
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 828fff395e93f7be2544b97ca2a81e09
2d9b76b7bb7e4505707e6fa30cdaaf80ae05fb88
90d1e5a199f990e517064222bb83c7bb7db1217300c25b14637df3c74f4029d1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131275
Date: Fri, 27 Jan 2023 02:39:17 GMT
Etag: "63d287a1-1d7"
Expires: Sat, 28 Jan 2023 15:07:12 GMT
Last-Modified: Thu, 26 Jan 2023 14:01:05 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: h8_-gPm4tWy1uIYfYqDKPQ4yoESqZMTgjDSVsS4oO_syJFCDnojQ3Q==
Age: 3967
cm.everesttech.net/cm/dd?d_uuid=39522869465823605842605923425365532773
302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=39522869465823605842605923425365532773
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=39522869465823605842605923425365532773 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y9M5VQAAAKGvtQMx; Domain=.everesttech.net; Expires=Sat, 27-Jan-2024 02:39:17 GMT; Path=/
everest_session_v2=Y9M5VQAAAKGvtgMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx
Server: AMO-cookiemap/1.1
ocsp.sectigo.com/
200 OK 471 B IP
Hash 77d978757d6657d8b60fda5fb85406b6
b30cb7f2022b6d7677fe1ff6e04a632516ef17af
4af31f6250099b795ff34dcef20d30afe42fa5c7073719692429457ed097f51b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 02:15:45 GMT
Expires: Wed, 01 Feb 2023 02:15:44 GMT
Etag: "b30cb7f2022b6d7677fe1ff6e04a632516ef17af"
Cache-Control: max-age=429986,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fe1df42e79b500-OSL
20766699p.rfihub.com/sr/ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059
200 OK 118 B URL HTTP/1.1 20766699p.rfihub.com/sr/ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059
IP
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
GET /sr/ca.html?ver=9&ra=1174&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&pf=&ra=6478728180208059 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:39:17 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMrU0tjAxNjU0MxXiM9S11M0zcMn19nIyiyoCALGj0lUlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMrU0tjAxNjU0MxXiM9S11M0zcMn19nIyiyoCALGj0lUlAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 21 Feb 2024 02:39:17 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)
ocsp.digicert.com/
200 OK 471 B IP
Hash dfa9dc702504acce47cb04d6a8baca2c
1f929541d4bd86c02ab87572391767192b098c7e
d11455044effe3f1093b7655fb5ac5ef7f36bd8c71f989217d8de54066ca1b79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2239
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Last-Modified: Fri, 27 Jan 2023 02:01:58 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0168100b3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=02870850665681568921945328711506052058; Max-Age=15552000; Expires=Wed, 26 Jul 2023 02:39:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Aui0Nc6wQHo=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx
200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9M5VQAAAKGvtQMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0650109c9.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 8Mp6oESYQuI=
Content-Length: 59
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 76f89b22072eabd8bc345d830ab3554b
c44bed01a9ce166052eb9fb1bbed136cdca7cf7a
5013e5e2d32c6a17580303642c2a531822b675233cb8633da2658a28a296b1f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6299
Cache-Control: max-age=124617
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Etag: "63d26483-1d7"
Expires: Sat, 28 Jan 2023 13:16:14 GMT
Last-Modified: Thu, 26 Jan 2023 11:31:15 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=AW-916451471
302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13251
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13251
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13251
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13251
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13251
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 02:39:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 16761
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zH3wYMLXCFCcoop-xy3r_wXiY2g684Ei-o6BVntyzqjNeX1UuvQsxA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:25:48 GMT
age: 80009
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
200 OK 8.4 kB URL HTTP/2 zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
IP
File type ASCII text, with very long lines (6801)
Hash 65334361eb45138ab17446cbf4e73114
d3143e19a9c9605e6476f680f1e3881fb5e8d064
e6a19476a0a3b038f75014a9585f66af8d7b7cf0b2b9ed0c5ecf0556b2a7e705
GET /SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc HTTP/1.1
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 78fe1df5ebe7b517-OSL
access-control-allow-origin: *
age: 516745
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-aoOvy5SYikJ8p0DGyA39bMfBM7w"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e96f3ea585b5fa8ed6446ed16e2b4b2
f90c205f370a2426dffe3c21b24bfa551b385556
6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e051c22b-c2ec-4e59-b29b-ba1464d8015b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRz28G13oAMFeeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d099c5-48b013ff34b9702a6d2fd560;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:53:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X4SfAYS0JvW4sUNqSuBERNBwaI_xgKugxZ76_fsih_LSnImMC7Pnzg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:20 GMT
age: 49497
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dfd3530064d405643a31fedd4fd7618
d8268771360e609892c5506f3114dc4f73c0aad0
b4790125e39e400c30d640cd0c64497256168892405511ec3d43b03dc0e5715a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: caff330a-0cc6-488d-be82-c09c2bb87408
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQYTEduIAMFZkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfa9b-1f26b225062c8465440cf460;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L-i1AEFIP6AoWwjds6n7ohyz-Ls1HoF9CXNJS7RRDFApBceBZXmoxA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:29:15 GMT
age: 51002
etag: "d8268771360e609892c5506f3114dc4f73c0aad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 540b084166fb1ad476a2b816848004ac
d10694af4ff8fbdf58896085611b4614a7353eda
b5ce9c01e4ac5a634ab858787c69fe4bf1f297df92b1258f0de6e1461329154b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73f08a17-fd76-4130-b0e4-891c4a522ac4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5567
x-amzn-requestid: 07346e30-a195-4e30-80ed-09bc2844c64d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fORCGGMGIAMFmWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf2eda-266bd30056d9d09c009ac086;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:05:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1S1gNaWbByU2Ufc46x0shFDogteGouCIQZ9xX2n2QAFa4AjsFozrRA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:04:49 GMT
age: 12868
etag: "d10694af4ff8fbdf58896085611b4614a7353eda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-916451471
200 OK 65 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-916451471
IP
File type ASCII text, with very long lines (2917)
Hash 5d36afd59461f020aeaf4550edda2dad
c72202f142b0197f863eee8c588d8dd3b1b7e5e5
8c39676d99ba787e9f8722ef9a3f74e53977be16e0ff9e8f1bf15482a0c434aa
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mpu-solutions.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 02:39:17 GMT
expires: Fri, 27 Jan 2023 02:39:17 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 00:18:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64556
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4
GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
302 Found 280 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpu-solutions.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 27 Jan 2023 02:39:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
200 OK 2.2 kB URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP
File type JSON data\012- , ASCII text, with very long lines (5521), with no line terminators
Hash 65e85c53c875401e17ecbba31344316e
8d11f970fe96089a23131069647c358cdbdaad05
381bb9d43a32d911995623536b3991c70615481d0a08c34b9463f71fecb6aeb5
GET /WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=19&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/json
cf-ray: 78fe1df7dca3b517-OSL
access-control-allow-origin: *
age: 13413
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Sun, 23 Jan 2033 22:55:44 GMT
last-modified: Thu, 26 Jan 2023 22:55:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc
200 OK 2.2 kB URL HTTP/2 iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc
IP
File type PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
GET /WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc HTTP/1.1
Host: iad1.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
access-control-allow-origin: *
x-request-id: d9e9863d-2e5a-4add-a01a-675b5f0765a5
x-transaction-id: fbaa79ef-970b-4a3b-a69d-b162659bd712
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
content-disposition: inline; filename=feedback.png
content-length: 2196
content-type: image/png
x-robots-tag: noindex
cache-control: public, max-age=46
expires: Fri, 27 Jan 2023 02:40:03 GMT
date: Fri, 27 Jan 2023 02:39:17 GMT
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787157714&cv=11&fst=1674787157714&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 928 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1674787157714&cv=11&fst=1674787157714&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2009), with no line terminators
Hash 935ce21a2381e35e81a7387334c29bbc
43e4110a9b9d22b75fbf42c56d20ed23d6819f2e
7230126e1f88c1ef3f016e2d558fed42f4777c2ef29957fddc3b825d107e47d6
GET /pagead/viewthroughconversion/975701947/?random=1674787157714&cv=11&fst=1674787157714&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 928
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787157691&cv=11&fst=1674787157691&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 926 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1674787157691&cv=11&fst=1674787157691&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2009), with no line terminators
Hash 12b25c3dc3737890a4fbf80dacaf937c
26ceeaa3b9d501c611da0739f0adf91eb04083e2
4b38bcbf3f12176accd597d08ecfdba9472c99c58a9e8a7499cc731a4feacfdb
GET /pagead/viewthroughconversion/960621875/?random=1674787157691&cv=11&fst=1674787157691&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 926
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787157739&cv=11&fst=1674787157739&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 928 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1674787157739&cv=11&fst=1674787157739&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2009), with no line terminators
Hash 175e9f44c9be3ce4b2f2057db3bdeafd
b94ad458d908ba356b33b6d4dee99574d9fe1238
dc5e7a6e3e8d4206928684e355560f3b33942761fa3f26968744cb1ffbfd6e94
GET /pagead/viewthroughconversion/830907969/?random=1674787157739&cv=11&fst=1674787157739&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 928
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787157644&cv=11&fst=1674787157644&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 928 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1674787157644&cv=11&fst=1674787157644&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2007), with no line terminators
Hash c9563ce7e566e2f9e4ae3b30b04ef380
fce1910887ffa2468b4c7cf3bb55d69dcaeb0f32
a3a0cb2b4d234861949c3a1fe2b26de56807526e55852c1565958e7d84b3c09a
GET /pagead/viewthroughconversion/644574043/?random=1674787157644&cv=11&fst=1674787157644&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 928
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
200 OK 1.7 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
File type ASCII text, with very long lines (1754), with no line terminators
Hash 06a25b63c92b39091d9e73a651ce0f00
2c9e2bd060b9f57942c9e9783d1b6a7016878384
12751b92328955a648fbd2754f7348bb4cd824fe5dc6cc856df098582b44d67e
GET /dxjsmodule/6.9808af8b656686a98b64.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/javascript
cf-ray: 78fe1df7cc9fb517-OSL
access-control-allow-origin: *
age: 169043
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9eb-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2539
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787157501&cv=11&fst=1674787157501&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 925 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1674787157501&cv=11&fst=1674787157501&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2009), with no line terminators
Hash af1816ce92abf15b1f2a1491191f21e6
3d423ec0f8d213e88ccda2c718ac378b5451ef0e
656bd7f894f491ececbf2e26f33c1acba3d3c9ab4ec40e6b08fd9dec118f01ce
GET /pagead/viewthroughconversion/916451471/?random=1674787157501&cv=11&fst=1674787157501&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 925
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787157758&cv=11&fst=1674787157758&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 926 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1674787157758&cv=11&fst=1674787157758&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2007), with no line terminators
Hash 4b9318f8ce680f79cf42c76f9ba49bdc
a1ca4d882af1502bc084347aa3844c8447b2abd6
a70f8c322b54ff3b5fe81ee7a526094451f9fa49a0c5131ef240e99d6a550626
GET /pagead/viewthroughconversion/819500023/?random=1674787157758&cv=11&fst=1674787157758&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 926
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787157749&cv=11&fst=1674787157749&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 927 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1674787157749&cv=11&fst=1674787157749&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2007), with no line terminators
Hash c2ee9a8346ac320235cac841440e273a
5e29e10cb71fbf83d8d9c4e2583463dadf9c72d1
aef32a8f9b630115ded70cca7c95ff94df92e67a091df86b69a74d0449c80923
GET /pagead/viewthroughconversion/959299794/?random=1674787157749&cv=11&fst=1674787157749&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 927
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787157773&cv=11&fst=1674787157773&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 927 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1674787157773&cv=11&fst=1674787157773&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2013), with no line terminators
Hash 8bf2459019a0c1a82ad53d9ef8588549
db3e7f86ac3662237e663056f87fe5215545260d
1a7619c67b09a0e2ddae9d954ed9cbf76b657b39c1c9cb61e388bd153c630c83
GET /pagead/viewthroughconversion/10955006959/?random=1674787157773&cv=11&fst=1674787157773&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1653555267.1674787158&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 927
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 02:54:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3ebf9d7211aba4c70b84fb470a61b414
28fe29a24e47d6abda88eeeb5e22eddda03c7fca
a8276e099d9d8452b65b70d161a459fae25afb37cea7eff9cc5563b7de972acc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
200 OK 895 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP
File type JSON data\012- , ASCII text, with very long lines (1932), with no line terminators
Hash ec72dac75525d149844e09e2168760aa
40b68c6f82285b6837e114d7784b18f5dd11e945
ed938582a77c1d63bab5accce2146bb3285c465002add43f2a2487473bff08ef
GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://mpu-solutions.com&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/json
cf-ray: 78fe1df7dca4b517-OSL
access-control-allow-origin: *
age: 13413
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Sun, 23 Jan 2033 22:55:44 GMT
last-modified: Thu, 26 Jan 2023 22:55:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/960621875/?random=1674787157691&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1057174578&rmt_tld=0&ipr=y
200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/960621875/?random=1674787157691&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1057174578&rmt_tld=0&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1674787157691&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1057174578&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/960621875/?random=1674787157691&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1057174578&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/960621875/?random=1674787157691&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1057174578&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1674787157691&cv=11&fst=1674784800000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fmpu-solutions.com%2Frelease%2Ff6ed89f7f3b553b31db936eec7e6136e%2Fses%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1057174578&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 02:39:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 97ccaa279f6ade845b71b57615d40388
5186089108dca0136feab418da66a9e027c7e427
515128c713e98c9a0546c35d9a1e0719057136509b5b2312e4af56a9acc80ec2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c8a0d6bc80301700d6fb1d520beb8b49
f33a1a1e491fcd6ca31360b28b092457a2d48f23
ef0535b52ccb717c1200d5974ea8841b92f655234d67ace0e71c1ec7f5fbb3f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:39:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787157790
200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787157790
IP
POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&r=1674787157790 HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:18 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 78fe1df92d28b517-OSL
access-control-allow-origin: http://mpu-solutions.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: 3b6ae48eac84f86c
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/javascript
cf-ray: 78fe1df7dca1b517-OSL
access-control-allow-origin: *
age: 168568
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"102f7-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66295
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
IP
POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 154
Origin: http://mpu-solutions.com
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/json
cf-ray: 78fe1df67c1cb517-OSL
access-control-allow-origin: http://mpu-solutions.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: a6ad79cdbd8e145f
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=mpu-solutions.com
200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=mpu-solutions.com
IP
GET /dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=mpu-solutions.com HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/javascript
cf-ray: 78fe1df63c01b517-OSL
access-control-allow-origin: *
age: 169046
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"fcba-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=64698
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpu-solutions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:39:17 GMT
content-type: application/javascript
cf-ray: 78fe1df77c7bb517-OSL
access-control-allow-origin: *
age: 169045
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19ba5-185c14f8808"
last-modified: Tue, 17 Jan 2023 19:58:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105381
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
160.153.133.168
54.230.245.39
104.17.209.240
23.38.201.123
18.203.152.154
13.37.25.97
93.184.220.29