{"report_id":"d8c5a3d5-56c6-4881-b158-fc726f67b58c","version":6,"status":"done","tags":[],"date":"2025-09-04T03:35:06Z","url":{"schema":"http","addr":"tracking.bluewatersredfish.com/aff_c?offer_id=410\u0026aff_id=11\u0026aff_sub=Z1G5CVF\u0026aff_sub2=chris@slurpmail.net\u0026aff_sub3=186\u0026email=chris@slurpmail.net\u0026aff_sub4=2025-09-03%2017:00:54\u0026aff_sub5=longhorntruss.com","fqdn":"tracking.bluewatersredfish.com","domain":"bluewatersredfish.com","tld":"com"},"ip":{"addr":"52.209.186.26","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"final":{"url":{"schema":"https","addr":"citizen-financial.com/#/secure?nt=6031","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"title":"Citizen Financial"},"submit":{"url":{"schema":"http","addr":"tracking.bluewatersredfish.com/aff_c?offer_id=410\u0026aff_id=11\u0026aff_sub=Z1G5CVF\u0026aff_sub2=chris@slurpmail.net\u0026aff_sub3=186\u0026email=chris@slurpmail.net\u0026aff_sub4=2025-09-03%2017:00:54\u0026aff_sub5=longhorntruss.com","fqdn":"tracking.bluewatersredfish.com","domain":"bluewatersredfish.com","tld":"com"},"ip":{"addr":"52.209.186.26","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-09T03:35:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-04T03:34:41Z","timestamp":1756956881,"ip_dst":{"addr":"192.169.69.26","port":6262,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.9","port":42582,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-09-04T03:34:41.701236+0000\",\"flow_id\":1307270066594272,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":42582,\"dest_ip\":\"192.169.69.26\",\"dest_port\":6262,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"general7777.duckdns.org\",\"http_port\":6262,\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":595,\"bytes_toclient\":116,\"start\":\"2025-09-04T03:30:57.123360+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"dfgtrk5.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-03T15:12:59.606072Z","alert_count":0,"request_count":3,"received_data":711258,"sent_data":1360,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"citizen-financial.com","ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2022-12-07","domain_rank":640231,"first_seen":"2019-11-27T09:39:48Z","last_seen":"2025-09-03T18:17:13.858332Z","alert_count":3,"request_count":3,"received_data":52340,"sent_data":1932,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.trustedform.com","ip":{"addr":"54.240.174.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2009-02-13","domain_rank":163006,"first_seen":"2020-08-26T23:38:48Z","last_seen":"2025-09-01T04:36:15.793232Z","alert_count":0,"request_count":2,"received_data":132038,"sent_data":992,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"res.cloudinary.com","ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2011-05-24","domain_rank":21175,"first_seen":"2012-10-03T08:31:44Z","last_seen":"2025-08-29T01:03:19.039614Z","alert_count":0,"request_count":11,"received_data":607910,"sent_data":6325,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tracking.bluewatersredfish.com","ip":{"addr":"54.72.240.173","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2019-08-02","domain_rank":0,"first_seen":"2021-08-10T22:16:44Z","last_seen":"2025-08-23T05:57:18.194499Z","alert_count":0,"request_count":1,"received_data":52808,"sent_data":669,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"assets.citizen-financial.com","ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2022-12-07","domain_rank":0,"first_seen":"2025-06-20T18:10:15.520075Z","last_seen":"2025-09-03T18:17:13.858335Z","alert_count":9,"request_count":9,"received_data":1531275,"sent_data":4862,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}]},{"fqdn":"dfgtrk5.com","ip":{"addr":"34.102.181.184","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2018-11-19","domain_rank":4054305,"first_seen":"2019-06-27T16:53:09Z","last_seen":"2025-09-03T11:55:03.526479Z","alert_count":1,"request_count":1,"received_data":51430,"sent_data":576,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-03T15:14:36.780259Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-03T15:11:16.573868Z","alert_count":0,"request_count":3,"received_data":122889,"sent_data":1668,"comment":"","tags":null,"fingerprints":null},{"fqdn":"api.trustedform.com","ip":{"addr":"3.229.209.186","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2009-02-13","domain_rank":151305,"first_seen":"2012-10-29T05:30:13Z","last_seen":"2025-08-31T07:50:49.384622Z","alert_count":0,"request_count":4,"received_data":21551,"sent_data":2170,"comment":"","tags":null,"fingerprints":[{"name":"Amazon ELB","description":"AWS ELB is a network load balancer service provided by Amazon Web Services for distributing traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-04T03:34:41Z","timestamp":1756956881,"ip_dst":{"addr":"192.169.69.26","port":6262,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.9","port":42582,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-09-04T03:34:41.701236+0000\",\"flow_id\":1307270066594272,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":42582,\"dest_ip\":\"192.169.69.26\",\"dest_port\":6262,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"general7777.duckdns.org\",\"http_port\":6262,\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":595,\"bytes_toclient\":116,\"start\":\"2025-09-04T03:30:57.123360+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c64da34b0e57616cca9cbdf6d8887a6d","sha1":"34ee7503602ef62c922c42e510828c488b2aba87","sha256":"aa5dd6ddcb1892f8f51a3bca4b865d72d98b4342d058d0728cdc54065b9c0715","sha512":"796403e461df4b4d0062e0252b1a855ea97ce5588b97aa64c812482109dee77842a4eab2b7ae8cdc557d202e28687994a1cd88362220189543190c2c3a93365b","ssdeep":"","tlshash":"c370008a00c0220820202280220b2f22200203280080002000a8828820a208b300208c","size":22,"data":"","first_seen":"2023-03-07T01:33:14Z","last_seen":"2026-06-03T16:50:48.906778Z","times_seen":9126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/main.cae4fcfc512ff56c.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0a85c4bec327417f5d95e724b396a87","sha1":"316d9bfd47b95f0f5ec0747c1f1230f165b7641d","sha256":"b7951cbf1dae2ebf94597d9fa4b93d426b24b708fc40b6cdd0c92a62f2b48f54","sha512":"b3aadb864310a6bc65645a68bb7b9e022adc6ec9e971b39409b549a81fd861e171f5ecb5600bd8376e438aff25c93011b7a12c099f3dd290b683e0d2e94a3439","ssdeep":"24576:glDBmiUjwo7eN/esuKQTOJFw3OxlpwVV0AQUDPpqmcKSf0xpoiQ359L5eRHo1Ar4:piU0o7O/esuKQTOJ63OxlpwVV0AQUDPM","tlshash":"5e154b967295712643e700e6627b4543f23d6844790984bcf6acccdd3ba8d4863bbbbc","size":882892,"data":"","first_seen":"2025-08-25T14:34:12.004575Z","last_seen":"2025-10-21T12:12:19.726661Z","times_seen":182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a82cc53d1c9b98ab1c4d8c5eaa677c8e","sha1":"8f665f0a37c8490156b8d342d7686a33befd1079","sha256":"a6260674dd69caea8ec9afd24022b7a3a8925e33fbf48f8b780eaaeeb4f9ab43","sha512":"7b81955ae323b1121bd6292b25b31dfd7b4e69605c7cd625ba433dafa4e74e444dcb2a23ae7a2091997898ba99d48984287bc29dd3d5a7496c8a9b1a2de5fc03","ssdeep":"","tlshash":"29c02bcc26060c73c1e727500f2ff240b1012300d6e00c33090573445b20c579748c00","size":145,"data":"","first_seen":"2023-03-07T01:33:14Z","last_seen":"2026-06-03T16:50:48.908Z","times_seen":9054,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-03T16:55:29.1795Z","times_seen":913814,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.trustedform.com/trustedform.js?provide_referrer=false\u0026field=xxTrustedFormCertUrl\u0026l=17569568850950.17111514873105993\u0026invert_field_sensitivity=false\u0026sandbox=false","fqdn":"api.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"3.229.209.186","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9128f7a8d05622543fbbcf49c48f0422","sha1":"a8a1e2ac95a5046ccddedb7c171154383530f408","sha256":"89ae4f6fe12598452bd74242cc537b2f2fcdaf36348e117ee281e32eea2da098","sha512":"6582a2284bb4eb6c2caee3a7c21198f82d8297a2ff86055789c21665d68ac0fc24aba24fd1f9489e2e742afd1edce85d74357fc62fe4880d01a45d9ed0364948","ssdeep":"384:uJ5BLkGVfK5k/QoJ69cdlYo4kVW1Wk0PfTKoT2VUSois7vy7fSaVpSp6bU:uJ5BgUfK5YX69cdlYo4kVW1Wk0PfTKov","tlshash":"86921a4ab698b43d0b6721f2a13f920bf3712535380b50504269c9f43e79d8f961bf9d","size":19883,"data":"","first_seen":"2025-08-20T14:07:42.565775Z","last_seen":"2025-09-04T13:16:30.239991Z","times_seen":164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"02906eef6614a66e721e4e74cfb8debe","sha1":"2ff7db2d9316324619659ffeda641ff1c46bc6e4","sha256":"824db9af5685fcce9ecea002d01a840c78ffec07f012c81e1028bc17c94c2cee","sha512":"d2de15fda35560bf5e7203a4bece3baa879a56b2d262b015efa594085d58060a9f4bb39c46889a0d3ba4bcf3d1a4ca98f07b170941d86d2acabfe733145b3605","ssdeep":"","tlshash":"4cf0d4516d840b3cd34f01b6a5bfd226b12d11547e45cd15d259c461792cee0041574c","size":473,"data":"","first_seen":"2023-03-13T02:36:36Z","last_seen":"2026-06-03T16:50:48.907395Z","times_seen":9126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/polyfills.426d8f8069b0e02d.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d4e8da647e1bb7bb7c4b5b26a0690a2c","sha1":"fea1df4ad6abda1288ed44112a914c98b45e8d51","sha256":"68ebd42a00fbf307335b7b258a9e6c27a0eac10f826934fb1fde770cfb6f19a2","sha512":"6f3509c382ff54547be185952e56e6083f1bab1228d386a47d1dfd2c142dea9683eabaae3fd183960692c2c1e79990d9dba8fc5f43891b1215e56ab1b4ab2e7f","ssdeep":"768:qZtyWbSxewTodTTlHJVqMcgf9cRaMi3ZTS/vdNgE2DSJiaYNE//aEhOQty5R4Gfl:nVZqZn6R6etATNLDoWR59","tlshash":"8833f7da7392b0a247b3a0e6917f8407f22529a4785cc8f4e61f89d53c7a049d167f2e","size":54469,"data":"","first_seen":"2025-06-03T15:20:31.980426Z","last_seen":"2026-06-03T16:50:48.898835Z","times_seen":9077,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-Z1EMQ8T80Q\u0026cx=c\u0026gtm=4e5921","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b905da22ea5d062416f617a01ce946d7","sha1":"b31d0fdfb5b39d3879f3bf769bb9398b6e803368","sha256":"201cdd7c0a832aeca8087e0a6b87f0a3f46d6c9a66263211f0cb7fa03babdf78","sha512":"30a705c1c27afc72129b1ba7523d13e7e639cca8b20298473bb2a93ebd842d4ad854b38de593a629ab40b02ae8f5438d5684a78346118bb196b7cdaafc1dfe05","ssdeep":"6144:a9wc55NxsAJr2GCHsG1RBdIgzUk2UIhqvN98aAmW:ywcDNxsAJr2GCHsoBDS/","tlshash":"108419ce73c6742693a6f478503f018ba57b29a2b44cc899f189cce42e7469a4177f7c","size":399897,"data":"","first_seen":"2025-09-04T03:35:11.599482Z","last_seen":"2025-09-04T03:35:11.599482Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.trustedform.com/trustedform-1.10.24.js","fqdn":"cdn.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"54.240.174.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4686e7377e25d88da636fb4c8693ab7d","sha1":"3f4d5d4f58a67446822d13ad2bd88e8636c04e30","sha256":"2a9310dc9ee632df97ac5598ab6a377ee3c6404addabdeac770e9f4f7ebf522f","sha512":"e68c304e9cc4808a38f6e488e6e57329a261bfdb9e62dcef34a837a00c16e369ec515ad12c2a573ba2885d44800c9a47568ed0c66e1277a09fbfa6079804552c","ssdeep":"1536:/f6R54t6L3StlSx/zVXhI3GQEkhGYKbduu1B4jsyZQ:/f634zSxzVxIBhKbkvsyO","tlshash":"38b308cc76c6b47b0ba370b1417f514bb23a5915688ea460d215f8e43c7894fa63bfac","size":111116,"data":"","first_seen":"2025-08-20T14:07:42.587722Z","last_seen":"2025-09-04T13:16:30.242646Z","times_seen":164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-128685315-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f4d8356b23a88b15cf036c36c579dbaf","sha1":"083058d4f0681a1d68c5a1654a9beb883b774099","sha256":"de8b278d05a73d5e3ea964d7b3d7bf3127fb3d00227b6a5f0d142c0d9b3ce049","sha512":"581de7effbb14ce37fdd9bd796e202c2d3ce7cb12aa544c37e242cb99b1a8b59d7279c14f9887e2b8948420310c5a4519f21d3956f2961a6273bd47d46bbdf89","ssdeep":"6144:u9wc5n0AJr2GCHgG1RBdIkWP2UIhqfjq2ay:Owcl0AJr2GCHgoBy+A","tlshash":"956407cd73da742683a3a474503f018ba27b6992f84cc899f186dcd42e7469a4277f7c","size":308709,"data":"","first_seen":"2025-09-04T03:35:11.595117Z","last_seen":"2025-09-04T03:35:11.595117Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/8049.3fb5f2305b6b08b4.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"be87193522184fe6d017429d8547c911","sha1":"c69529cf824e07b6dd1b063f1b996ab9d66adc43","sha256":"67c249a0583cc849ffd5d73df624016f04e55de7326a556f4cc31a5884e0202e","sha512":"de4965af17caf7b50ad766531bca08b8f35305c71502c0ced3d936157c6fa1d53f9e405eb444d2cda6ee8fbbf8b984720490a29ad788421ed7748ce7d45df1aa","ssdeep":"768:SylW/3nilePT4P/gyuLs4vfwWq6iMWstxgAODCneijd4lDdODVvDhbDBJDuLBw7U:9obZaPwlZFFFD/id8PKDTua","tlshash":"de635b5794d513b893e3106ca77baa01666c6d08b90a40ecf66ccd9933ecda85377b3c","size":67376,"data":"","first_seen":"2025-07-31T11:29:24.728978Z","last_seen":"2025-10-29T14:23:55.138685Z","times_seen":1250,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/5094.71a3af9e702f8b71.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82a6fad14fcc8cc8d1d350224b5654e5","sha1":"9d92bc4d0f6603178af18079ab583034fceb3f85","sha256":"14b1782b9632daa6bf3c424e0cc8b1db63cafef988df67c7a24e3923b34a4ed9","sha512":"dd643e49b7daf9f032345ab55fbc8e9f9173dea4e711d47295e57a6aaab32dd4789ee21807a197bb3814799c56be217e298e7ccf7ab6e4256373e6d319974044","ssdeep":"3072:z8H++xR7hYSe1K9OXj90X3qlC+gy2+g74pv1342h80c9rRYc:QHVx5u1K8XjWXahc9rRYc","tlshash":"cc04face3161352a43b550b1c93a090fb62e4d84a00d867dfb7c99cfb66d95812bef78","size":181549,"data":"","first_seen":"2025-06-03T15:20:31.981654Z","last_seen":"2025-10-29T14:23:55.147938Z","times_seen":1279,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"citizen-financial.com/sandbox%20eval%20code","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-06-03T16:55:29.158802Z","times_seen":915493,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/runtime.37f8c86fe8fd38c6.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c320058a5fe3bcc412ee117bd9b878d9","sha1":"315338ada126896e24cca92244578700ede34f63","sha256":"93b099c26ce402474e3e062d9b657500906c42e69ac469f40a6e05c86ad15781","sha512":"fc21165fdc88bca59acee9bb3a188297ff6bb4e9d2575078dc18f674696cfc3b766b3baa4e7f4c331bd6bdbd7c93ee800fbbc8ff9df2227bf1d843a08333d82c","ssdeep":"","tlshash":"f551c5f42225fdfa2be458c01c3dd4d5a5183023411ba8f2e75bdd65b62cdd08655bb1","size":3155,"data":"","first_seen":"2025-07-29T13:22:41.461858Z","last_seen":"2025-10-29T14:24:01.676587Z","times_seen":1775,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared/defaultImages/ssl","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared/defaultImages/ssl HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 6402\r\ncontent-disposition: inline; filename=\"ssl.webp\"\r\netag: \"cd6f0641ba0a21ade2f8eff4ccca7224\"\r\nlast-modified: Mon, 25 Aug 2025 14:31:26 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: ff0c2754f643871fde6f14526609de2e\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=17;start=2025-09-04T03:34:45.671Z;desc=miss,rtt;dur=2,content-info;desc=\"width=800,height=358,bytes=6402,format=\\\"webp\\\",owidth=800,oheight=358,obytes=17609,oformat=\\\"png\\\",crt=1756132285,ocrt=1755878765,ef=(1,11,13,17)\",cloudinary;dur=40;start=2025-08-25T14:55:29.951Z\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6402,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cd6f0641ba0a21ade2f8eff4ccca7224","sha1":"24c574d11879cd467317515085b9b70fe22bcccc","sha256":"abf14bb4dca5ed50dbb3a0e8254fd80e67bdd1574337750ee3fc285df572541d","sha512":"aa9d0f1efd97f3003acfdfc011cb3b2d8b64d409b74a4e12fbf36d5881da8c70fd4e13454d5ba7e12656899a817af07dd8af57002c9789046709355c9cbf9493","ssdeep":"96:Ec7+YUaumddgSz2DXHURiv66/OGcljnVYEdmkr/xgLUuhCy6nz/AgoefQ/MF+p2V:D7+Y+SiHURimGchb5Kwun0AgoefduM","tlshash":"0dd18d290188bd7ac738bf94601a55dc1225cbe52aa1508b9a9fe134cffaf0c56b7a44","first_seen":"2023-05-29T15:16:41Z","last_seen":"2026-06-03T08:52:48.233674Z","times_seen":5202,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/w_2000,h_1340,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/background","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/w_2000,h_1340,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/background HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 544142\r\netag: \"1f4218fdfc0c6363af88d901b83f15b3\"\r\nlast-modified: Mon, 25 Aug 2025 14:33:25 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 9cf0512bfe057c06aeaba34063a69325\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=18;start=2025-09-04T03:34:45.800Z;desc=hit-near,rtt;dur=1,content-info;desc=\"width=2000,height=1340,bytes=544142,format=\\\"jpg\\\",owidth=3000,oheight=2010,obytes=4686322,oformat=\\\"jpg\\\",crt=1756132404,ocrt=1755878559,ef=(1,11,13,17,97)\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":544142,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1340, components 3","md5":"1f4218fdfc0c6363af88d901b83f15b3","sha1":"77e3110e166752593c9430fef0d3481a9119703b","sha256":"c6cf560a6ee1883ec9bab0b0fa12a50b5ae25d956851988512b0b81645bbad78","sha512":"66379cce1449d9783a0f35df7137b834cfbbe88ff90d73ed65b23e48e654f8803936d1603978c3940f9a945bd24b1a2e302713619017e8212cc6336ebbdc940d","ssdeep":"12288:Zecc4b6SszJz7mqeFpnab0siQ6NUt5VyhrBOtfFD:Zzc41Ep7mbab/6NUt5QhCD","tlshash":"7ac42387abbe581ca5a58b3875fb0ff9165a2b8119f58c3404a00e73d113c83a7b57f2","first_seen":"2025-06-20T18:10:19.545555Z","last_seen":"2026-05-12T17:47:02.081953Z","times_seen":523,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tracking.bluewatersredfish.com/aff_c?offer_id=410\u0026aff_id=11\u0026aff_sub=Z1G5CVF\u0026aff_sub2=chris@slurpmail.net\u0026aff_sub3=186\u0026email=chris@slurpmail.net\u0026aff_sub4=2025-09-03%2017:00:54\u0026aff_sub5=longhorntruss.com","fqdn":"tracking.bluewatersredfish.com","domain":"bluewatersredfish.com","tld":"com"},"ip":{"addr":"54.72.240.173","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-04T03:34:43.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tracking.bluewatersredfish.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 11 Apr 2025 00:00:00 GMT","end":"Sun, 10 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3D:DD:97:69:E6:ED:B6:53:62:A0:E6:D1:8C:26:FE:FA:6F:2B:B8:9A","sha256":"D2:DA:6B:1A:CC:90:EE:1B:C6:EA:44:FD:22:83:11:70:CD:0F:B4:54:F7:3F:51:B6:4D:AC:29:99:F6:DC:84:A6"}}},"request":{"raw":"GET /aff_c?offer_id=410\u0026aff_id=11\u0026aff_sub=Z1G5CVF\u0026aff_sub2=chris@slurpmail.net\u0026aff_sub3=186\u0026email=chris@slurpmail.net\u0026aff_sub4=2025-09-03%2017:00:54\u0026aff_sub5=longhorntruss.com HTTP/1.1\r\nHost: tracking.bluewatersredfish.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 04 Sep 2025 03:34:43 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 328\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, must-revalidate\r\nExpires: Sat, 26 Jul 1997 05:00:00 GMT\r\nLocation: https://dfgtrk5.com/RrnNR?affid=1017\u0026firstName=\u0026lastName=\u0026email=\u0026zip=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\r\nP3p: CP=\"NOI CUR OUR NOR INT\"\r\nPragma: no-cache\r\nSet-Cookie: enc_aff_session_410=ENC036c66e53e26b0ec7a6042a691bc4f3718a54d70cf1754e5d1f8f4a29f4d986cde3d9bdf2ba2b582a21bd77046f4f0b9afbc4219f12a2bede763adf94c241ef4591de0a9467461fbfad78dc1d2eb2ba9d071784d56143dcb28a534498dfae318f55043c16809cac2c313a354eec0a87ffc03e5405d49e21ce627e935400d073de48331870eb5c3b6c6da3891ff6b1da64a7fb53d2a807de483e0e0a1b9b7382ad6c528ae3f3fe9a2f1dcc6dbf0dc7787c4ce761473e661a0a78c7ff957011850431ccac08f; expires=Sat, 04 Oct 2025 03:34:43 GMT; path=/; SameSite=None; Secure\nho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMzQuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMzQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzQuMCIsImFjY2VwdF9sYW5ndWFnZSI6ImVuLVVTLGVuO3E9MC41IiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; expires=Sat, 29 Jul 2028 14:14:43 GMT; path=/; SameSite=None; Secure\r\nTracking_id: 102dcd5551b329c6d21caf1d420965\r\nAccess-Control-Allow-Origin: *\r\nX-Request-Id: bc23a012b2b6dedded78922a835aa92f\r\nAccess-Control-Allow-Headers: Tune-SDK-Version\r\nAccept-Ch: Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Model\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51118,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":455,"timings":{"blocked":206,"dns":4,"connect":35,"send":0,"wait":38,"receive":1,"ssl":168},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"F5:9E:5D:EB:46:9B:ED:9F:D2:D7:E8:D1:06:43:DF:9D:0C:13:7E:75","sha256":"AA:C4:C0:AF:38:AE:91:75:3F:86:CE:32:70:A9:8F:C4:2F:7F:D2:28:D1:34:AD:0A:C8:E2:6C:6E:4D:46:72:23"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 29 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 501696\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-03T16:55:47.230678Z","times_seen":865403,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":84,"dns":1,"connect":15,"send":0,"wait":16,"receive":19,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-128685315-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:21:11 GMT","end":"Mon, 03 Nov 2025 19:21:10 GMT"},"fingerprint":{"sha1":"07:D4:DA:62:23:19:DE:C6:08:D3:6A:78:15:9D:A5:07:00:39:48:12","sha256":"B1:A9:08:B9:66:58:87:B4:23:94:8F:68:98:E7:F0:EE:8F:DA:A7:88:CC:7A:04:0E:80:74:B0:58:9E:A9:3E:D5"}}},"request":{"raw":"GET /gtag/js?id=UA-128685315-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\nexpires: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1106:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1106:0\r\nreport-to: {\"group\":\"ascgcycc:1106:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1106:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 107898\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":308709,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"f4d8356b23a88b15cf036c36c579dbaf","sha1":"083058d4f0681a1d68c5a1654a9beb883b774099","sha256":"de8b278d05a73d5e3ea964d7b3d7bf3127fb3d00227b6a5f0d142c0d9b3ce049","sha512":"581de7effbb14ce37fdd9bd796e202c2d3ce7cb12aa544c37e242cb99b1a8b59d7279c14f9887e2b8948420310c5a4519f21d3956f2961a6273bd47d46bbdf89","ssdeep":"6144:u9wc5n0AJr2GCHgG1RBdIkWP2UIhqfjq2ay:Owcl0AJr2GCHgoBy+A","tlshash":"956407cd73da742683a3a474503f018ba27b6992f84cc899f186dcd42e7469a4277f7c","first_seen":"2025-09-04T03:35:11.595117Z","last_seen":"2025-09-04T03:35:11.595117Z","times_seen":1,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":93,"dns":1,"connect":8,"send":0,"wait":38,"receive":35,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.trustedform.com/trustedform.js?provide_referrer=false\u0026field=xxTrustedFormCertUrl\u0026l=17569568850950.17111514873105993\u0026invert_field_sensitivity=false\u0026sandbox=false","fqdn":"api.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"3.229.209.186","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustedform.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 08 Jun 2025 00:00:00 GMT","end":"Sun, 05 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"03:AB:43:B1:B0:8A:50:79:5D:75:F8:50:2E:87:D1:61:C3:A5:FC:9E","sha256":"09:8E:30:0B:F3:24:44:6F:55:46:4A:1B:16:24:36:37:D9:D0:35:CF:AA:A7:BE:E0:F9:A9:69:8B:64:53:7F:D3"}}},"request":{"raw":"GET /trustedform.js?provide_referrer=false\u0026field=xxTrustedFormCertUrl\u0026l=17569568850950.17111514873105993\u0026invert_field_sensitivity=false\u0026sandbox=false HTTP/1.1\r\nHost: api.trustedform.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: awselb/2.0\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncontent-type: text/html\r\ncontent-length: 134\r\nlocation: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=false\u0026field=xxTrustedFormCertUrl\u0026l=17569568850950.17111514873105993\u0026invert_field_sensitivity=false\u0026sandbox=false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Amazon ELB","description":"AWS ELB is a network load balancer service provided by Amazon Web Services for distributing traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":19883,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":648,"timings":{"blocked":272,"dns":18,"connect":103,"send":0,"wait":103,"receive":0,"ssl":149},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/w_200,h_200,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/easyLoan","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/w_200,h_200,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/easyLoan HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 4972\r\ncontent-disposition: inline; filename=\"easyLoan.webp\"\r\netag: \"b4b62bd5c5625f790a6b8a96538f8ad4\"\r\nlast-modified: Mon, 25 Aug 2025 14:32:55 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 1176db6c791ea365e8b7fb5ae45276f8\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=18;start=2025-09-04T03:34:45.794Z;desc=miss,rtt;dur=1,content-info;desc=\"width=200,height=200,bytes=4972,format=\\\"webp\\\",owidth=150,oheight=150,obytes=9543,oformat=\\\"png\\\",crt=1756132374,ocrt=1755878558,ef=(1,11,13,17,97)\",cloudinary;dur=67;start=2025-08-29T17:36:16.504Z\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4972,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b4b62bd5c5625f790a6b8a96538f8ad4","sha1":"1b75d2f34e16c2d2b22d09a9a6c44b1ecfebbf06","sha256":"945159b17bc01d24ea351a67bd28cee51fb0fbcf1db2c49a351167104f32b407","sha512":"498c9648b9f0f2900c6ac95fe83fdf6e6c5a4135bdf787f894b5407e4fdac593b75af24da4066c63408775862d8fbeae6072944ee8fd6b358d1d62ccf4377bbd","ssdeep":"96:Y623Pqt2ttkTbSfeAYzqqnVCRJkyGEYiGTlBcKYCKW8tvFb:Y6UytuQbSfefqq8RJpZvGBcKIjvl","tlshash":"73a17e77e716c4db9cde73711f8416500385cc6262b6af52b12025f8cd2b51adb374a2","first_seen":"2025-06-20T18:10:19.568304Z","last_seen":"2026-05-12T17:47:02.100733Z","times_seen":524,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload//t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared/defaultImages/logo-ola","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload//t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared/defaultImages/logo-ola HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 10608\r\netag: \"79c49bbf1ebb397f9bdfac62c84ff457\"\r\nlast-modified: Mon, 25 Aug 2025 14:31:26 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: public, no-transform, max-age=2592000\r\nx-request-id: da96c22f59499d26cf38ad967c0c1a8b\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=4;start=2025-09-04T03:34:45.800Z;desc=hit,rtt;dur=1,content-info;desc=\"width=175,height=67,bytes=10608,format=\\\"png\\\",owidth=175,oheight=67,obytes=10608,crt=1756132285,ocrt=1755878744,ef=(17)\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 175 x 67, 8-bit/color RGBA, non-interlaced","md5":"79c49bbf1ebb397f9bdfac62c84ff457","sha1":"12b00bf60796e164f4d5b8cded5f44f400e51aec","sha256":"e774d5f44935441113829bba2ee81777c401e2d5fac92607a2b5b9965518e723","sha512":"fd16fb7442176959d5fcdc8c326a5a71955b103ef9008bbd5907171eaebd3a0447b6e531427a6d3f4504ec365606092f26e1a0df54596ed64f53efc97d4eaf20","ssdeep":"192:/ILQwmZv+f01oa2ZjuDXlkvUJYg43hBM2Qrm5mYfb4NExeM/:/ILQvBfCxjuzp/aBQr4kNEx3","tlshash":"7e22c1f694fcd8819ec64820b567a36413be54dc5d01048c8c22c6fcf20e99af7b534a","first_seen":"2023-05-07T20:58:41Z","last_seen":"2026-06-03T16:50:48.895835Z","times_seen":9106,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"F5:9E:5D:EB:46:9B:ED:9F:D2:D7:E8:D1:06:43:DF:9D:0C:13:7E:75","sha256":"AA:C4:C0:AF:38:AE:91:75:3F:86:CE:32:70:A9:8F:C4:2F:7F:D2:28:D1:34:AD:0A:C8:E2:6C:6E:4D:46:72:23"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 29 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 501696\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-03T16:55:47.230678Z","times_seen":865403,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-SCVH02FKWL\u0026cx=c\u0026gtm=4e5921","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:21:11 GMT","end":"Mon, 03 Nov 2025 19:21:10 GMT"},"fingerprint":{"sha1":"07:D4:DA:62:23:19:DE:C6:08:D3:6A:78:15:9D:A5:07:00:39:48:12","sha256":"B1:A9:08:B9:66:58:87:B4:23:94:8F:68:98:E7:F0:EE:8F:DA:A7:88:CC:7A:04:0E:80:74:B0:58:9E:A9:3E:D5"}}},"request":{"raw":"GET /gtag/js?id=G-SCVH02FKWL\u0026cx=c\u0026gtm=4e5921 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1106:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1106:0\r\nreport-to: {\"group\":\"ascgcycc:1106:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1106:0\"}],}\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: Google Tag Manager\r\ncontent-length: 1608\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-Z1EMQ8T80Q\u0026cx=c\u0026gtm=4e5921","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:21:11 GMT","end":"Mon, 03 Nov 2025 19:21:10 GMT"},"fingerprint":{"sha1":"07:D4:DA:62:23:19:DE:C6:08:D3:6A:78:15:9D:A5:07:00:39:48:12","sha256":"B1:A9:08:B9:66:58:87:B4:23:94:8F:68:98:E7:F0:EE:8F:DA:A7:88:CC:7A:04:0E:80:74:B0:58:9E:A9:3E:D5"}}},"request":{"raw":"GET /gtag/js?id=G-Z1EMQ8T80Q\u0026cx=c\u0026gtm=4e5921 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\nexpires: Thu, 04 Sep 2025 03:34:46 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1106:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1106:0\r\nreport-to: {\"group\":\"ascgcycc:1106:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1106:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 135116\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":399897,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"b905da22ea5d062416f617a01ce946d7","sha1":"b31d0fdfb5b39d3879f3bf769bb9398b6e803368","sha256":"201cdd7c0a832aeca8087e0a6b87f0a3f46d6c9a66263211f0cb7fa03babdf78","sha512":"30a705c1c27afc72129b1ba7523d13e7e639cca8b20298473bb2a93ebd842d4ad854b38de593a629ab40b02ae8f5438d5684a78346118bb196b7cdaafc1dfe05","ssdeep":"6144:a9wc55NxsAJr2GCHsG1RBdIgzUk2UIhqvN98aAmW:ywcDNxsAJr2GCHsoBDS/","tlshash":"108419ce73c6742693a6f478503f018ba57b29a2b44cc899f189cce42e7469a4177f7c","first_seen":"2025-09-04T03:35:11.599482Z","last_seen":"2025-09-04T03:35:11.599482Z","times_seen":1,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-04T03:34:43.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip= HTTP/1.1\r\nHost: citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nset-cookie: Authorization=AAEW5HWAUD497-tqaF62ikobNJMxpiCo6e10xWN5TwqCNQRT5OWoJm8t19_NRCfpBXw=; Max-Age=1800; Expires=Thu, 04 Sep 2025 04:04:44 GMT; Path=/; Secure\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=UTF-8\r\ncontent-language: en-US\r\ntransfer-encoding: chunked\r\ndate: Thu, 04 Sep 2025 03:34:44 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":51118,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (51118), with no line terminators","md5":"e2c990b60d2f51e2074ab28ab29287c1","sha1":"6d6ad0fcf815af14ff631eff2838515f48a6ad50","sha256":"1df463bd4be152c080634218bca88c1b516567452de5cf46a894ca65000ae2bf","sha512":"ebe711c42e57ffeb9d15bc3ee9e5ea55ed18cc57a1ac646511092b657005b9a3b283d9437329ee83c675267690ce3705c98194b408a145ca815b946eb58503bc","ssdeep":"768:/GxDVsODWJ68cFElxpUREsmv3pQVNZiNQ996qj:/GHlB8YElxmnmv3pQVcqj","tlshash":"a2330b86caf1cdac0c61517b7889c0629bdc2e0f48f458f1f7fa4b6ed16264e90a674d","first_seen":"2025-09-04T03:35:11.6021Z","last_seen":"2025-09-04T03:35:11.6021Z","times_seen":1,"resource_available":false,"data":null}},"time_used":769,"timings":{"blocked":285,"dns":12,"connect":132,"send":0,"wait":197,"receive":1,"ssl":138},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared.css","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:44.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared.css HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH8-J3yFNEBv380yb1pZPrXiYMjq1XkzEtif_ycjRTzH92w5nVmAcjBmf4-W0PKOg5_3hKGCZPkA\r\nx-goog-generation: 1755878743204090\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 27696\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=QzvB7A==, md5=DEWS/Awx+XP5eF1YDQEaHg==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 27696\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Type, Access-Control-Allow-Origin\r\nserver: UploadServer\r\ndate: Tue, 02 Sep 2025 09:40:10 GMT\r\nexpires: Wed, 02 Sep 2026 09:40:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:05:43 GMT\r\netag: \"0c4592fc0c31f973f9785d580d011a1e\"\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nage: 150874\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":158512,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65371)","md5":"bfc6d8ababd64a75aa0fd6b865f26184","sha1":"e041617c28e90bc28db773aab55e99ce3d2fdccc","sha256":"b48073c05e4319c4de6b7ed2748e1d6858a0ffac7c2e13be959a3528e642de8c","sha512":"3d837069028001b516d7b642e701d0c11b7b250abc837af0b4d43799e1df7771e0c3750a050c3685a53df04405d5b9f64a50e44e466f37474d4e7112e6684ad1","ssdeep":"768:DzpGxwXsIHriQ3ZFFsZI69HZyiqPeFbk1NFebrbBND9+AMvhkzUyGiO4sQ1Nap4+:KwXjlYI69HZyiqOk34NMfy0DT7GCd5x","tlshash":"dcf3b560f62030aa3373c16975d0fecb271aa043d5664eb7f16f65e84b885ca1673f1a","first_seen":"2025-07-10T01:03:35.854543Z","last_seen":"2025-10-29T14:24:01.669433Z","times_seen":1785,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":80,"dns":12,"connect":26,"send":0,"wait":28,"receive":26,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/citizen-financial.com.css","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:44.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/citizen-financial.com.css HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH8_FQ7Tw701iiw-krHi45QVGuC5cHZDSFmpN0DezgHPrJMX7bI2gXosUy6cgjP0Y9IbW\r\nx-goog-generation: 1755878737094041\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 29438\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=UXqPGg==, md5=Vjy44m8GTQmx3JrweYdPBw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 29438\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Type, Access-Control-Allow-Origin\r\nserver: UploadServer\r\ndate: Wed, 03 Sep 2025 03:03:01 GMT\r\nexpires: Thu, 03 Sep 2026 03:03:01 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:05:37 GMT\r\netag: \"563cb8e26f064d09b1dc9af079874f07\"\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nage: 88303\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":172713,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65290)","md5":"8fec49f4ca990aa098e147b40e3d224a","sha1":"13bbc7625e4caa20c6ce7c0840d625c95e804f9e","sha256":"a7b6a8a2cfb1c371f07b621b39fae2c61c82f0b61e288cb3e09450d6ca6d13a0","sha512":"88d9c67b29c75d127c0b0aa31ea7830879133b016121346ca7787073942afebab58d137991530fbf6a38bfdb49109cf27923c18d2c24c1494e583724fa569270","ssdeep":"1536:VwXjl+I69HZyiqOk34NMfy0DT7GCd5MWOx:u0ahzGBWOx","tlshash":"05f3b751f52030ae3273c16971d0fedb272aa043d5664fb6f12b76e84b885ca1273f5a","first_seen":"2025-08-25T14:34:11.999346Z","last_seen":"2025-10-16T16:16:36.542038Z","times_seen":5,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":83,"dns":11,"connect":28,"send":0,"wait":57,"receive":8,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.trustedform.com/certs/e7b96c7373a3e95cfc6a4655400b652974a4975a/snapshot","fqdn":"api.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"3.229.209.186","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:46.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustedform.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 08 Jun 2025 00:00:00 GMT","end":"Sun, 05 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"03:AB:43:B1:B0:8A:50:79:5D:75:F8:50:2E:87:D1:61:C3:A5:FC:9E","sha256":"09:8E:30:0B:F3:24:44:6F:55:46:4A:1B:16:24:36:37:D9:D0:35:CF:AA:A7:BE:E0:F9:A9:69:8B:64:53:7F:D3"}}},"request":{"raw":"POST /certs/e7b96c7373a3e95cfc6a4655400b652974a4975a/snapshot HTTP/1.1\r\nHost: api.trustedform.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 19879\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nserver: Cowboy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/easyLoan","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/easyLoan HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 2152\r\ncontent-disposition: inline; filename=\"easyLoan.webp\"\r\netag: \"a3a3df2e9235b60c7e0db73230dc2171\"\r\nlast-modified: Mon, 25 Aug 2025 14:33:14 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: dd9ab9704bba5979b0176a3a09de1430\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=17;start=2025-09-04T03:34:45.800Z;desc=miss,rtt;dur=1,content-info;desc=\"width=150,height=150,bytes=2152,format=\\\"webp\\\",owidth=150,oheight=150,obytes=9543,oformat=\\\"png\\\",crt=1756132393,ocrt=1755878558,ef=(1,11,13,17)\",cloudinary;dur=72;start=2025-08-26T20:01:50.484Z\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2152,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a3a3df2e9235b60c7e0db73230dc2171","sha1":"49b3ea580cc439fe4022c0599917b9ba35d39711","sha256":"aa5503399323fa7657e417423c550e528f74ecb3d808c329af204f1506d563b9","sha512":"67cc1d47af76a8a5a4dc8eb30cdd26244cc2d828e0299fa4901c78139278a5ffaf22cb0925956e8fa4b8be5df8563d671e70b31fc7b03a20c10079f5cea7cefc","ssdeep":"","tlshash":"2341e91f822b393e5ee11599f658a04dd94ccd38c9214daab7c17981a95112571f11cd","first_seen":"2025-06-20T18:10:19.546721Z","last_seen":"2026-05-12T17:47:02.096244Z","times_seen":524,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dfgtrk5.com/RrnNR?affid=1017\u0026firstName=\u0026lastName=\u0026email=\u0026zip=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410","fqdn":"dfgtrk5.com","domain":"dfgtrk5.com","tld":"com"},"ip":{"addr":"34.102.181.184","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-04T03:34:43.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dfgtrk5.com","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Tue, 29 Jul 2025 22:01:25 GMT","end":"Mon, 27 Oct 2025 22:55:19 GMT"},"fingerprint":{"sha1":"F5:F4:5B:99:52:DF:D4:03:06:CD:CA:08:F0:77:DF:1F:04:69:7F:6F","sha256":"94:4C:C5:85:80:59:1B:3F:CB:DF:53:A3:3A:F0:E8:6C:07:F0:11:E2:A1:33:51:3C:0F:AC:6D:7C:4A:22:A3:E5"}}},"request":{"raw":"GET /RrnNR?affid=1017\u0026firstName=\u0026lastName=\u0026email=\u0026zip=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410 HTTP/1.1\r\nHost: dfgtrk5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=\r\ncontent-length: 0\r\ndate: Thu, 04 Sep 2025 03:34:43 GMT\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":51118,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":790,"timings":{"blocked":318,"dns":10,"connect":25,"send":0,"wait":154,"receive":0,"ssl":279},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"dfgtrk5.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/8049.3fb5f2305b6b08b4.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/8049.3fb5f2305b6b08b4.js HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-guploader-uploadid: ABgVH8_5XXUWAq-hLgqj10iINEFhviAKbowDTDIJb9o69_keT_U3GK9mx6nrOSLFNW_jy8d7\r\nx-goog-generation: 1755878771476623\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 16683\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=+kQlRA==, md5=Ly8czMdLAd9epi3BOjjLCw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 16683\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ndate: Fri, 29 Aug 2025 23:55:10 GMT\r\nexpires: Sat, 29 Aug 2026 23:55:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:06:11 GMT\r\netag: \"2f2f1cccc74b01df5ea62dc13a38cb0b\"\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nage: 445175\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":67376,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"be87193522184fe6d017429d8547c911","sha1":"c69529cf824e07b6dd1b063f1b996ab9d66adc43","sha256":"67c249a0583cc849ffd5d73df624016f04e55de7326a556f4cc31a5884e0202e","sha512":"de4965af17caf7b50ad766531bca08b8f35305c71502c0ced3d936157c6fa1d53f9e405eb444d2cda6ee8fbbf8b984720490a29ad788421ed7748ce7d45df1aa","ssdeep":"768:SylW/3nilePT4P/gyuLs4vfwWq6iMWstxgAODCneijd4lDdODVvDhbDBJDuLBw7U:9obZaPwlZFFFD/id8PKDTua","tlshash":"de635b5794d513b893e3106ca77baa01666c6d08b90a40ecf66ccd9933ecda85377b3c","first_seen":"2025-07-31T11:29:24.728978Z","last_seen":"2025-10-29T14:23:55.138685Z","times_seen":1250,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/w_200,h_200,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/fastapproval","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/w_200,h_200,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/fastapproval HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 5614\r\ncontent-disposition: inline; filename=\"fastapproval.webp\"\r\netag: \"681773ea248465fd533e942bfa79aa80\"\r\nlast-modified: Mon, 25 Aug 2025 14:32:56 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 806bbf6120b3b58281395306c6ee58f3\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=17;start=2025-09-04T03:34:45.800Z;desc=hit-near,rtt;dur=1,content-info;desc=\"width=200,height=200,bytes=5614,format=\\\"webp\\\",owidth=150,oheight=150,obytes=12748,oformat=\\\"png\\\",crt=1756132375,ocrt=1755878557,ef=(1,11,13,17,97)\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5614,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"681773ea248465fd533e942bfa79aa80","sha1":"ac6452119e926b1683db73fd72eb82b2c557111a","sha256":"9a2cd187a5a33328ebab67208d0ac73a7e5cfae294e5f8905de450885f4efd0b","sha512":"b3c4d887719126eeca7eee29812e62ce58b71ee6f1fd261d39ba756f99437f9c38dd628edca3695993bf8e98b5e15ed5cdb43b6a200574266ce52f982de32f33","ssdeep":"96:g623Pqt2ttkTbSfeAYzqqnYkjjENzP+73wC2p5e+gchsqZ9Y1UGJNrlWS2:g6UytuQbSfefqqX/rgYV4L9Y1UGJE","tlshash":"3ac18ea7232347d588fc723174999c40965a4d5260f69b1263613162dc57c2bfe8782a","first_seen":"2025-06-20T18:10:19.564249Z","last_seen":"2026-05-12T17:47:02.103093Z","times_seen":524,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/env.json","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/env.json HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH89LBiZd2oPa0EBoOlZ7k9r1UP_I1mFWjgkxizweIEjbX-gUML9SVZ4FJV_NUMKSPv1V\r\nx-goog-generation: 1755878560594318\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 430\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=yWkDew==, md5=AZ0pRDNlRWMSCEa5EBW1Ag==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 430\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ndate: Wed, 03 Sep 2025 03:03:02 GMT\r\nexpires: Thu, 03 Sep 2026 03:03:02 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:02:40 GMT\r\netag: \"019d294433654563120846b91015b502\"\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nage: 88303\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":1120,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4c19741ff79149074a8ac265535bffac","sha1":"ebd47f39fa99a39a7edb35fdcd4bf2e21e83723a","sha256":"629ca242bc81da804d723455eac07397ff0fd748f04ef76db806c07749bfff88","sha512":"9940da2d7dfe95c0743dcd2453622800ab45ed27c657e79e76c32e327abdde0d3fc1e1ec3a00ab4b0528e17d4ca6c7d9491d42e013807786dc684ab9dfd32c59","ssdeep":"","tlshash":"22218b28c1381d3706e134ec95ef0e5666a5596b4bd43d627a1d038d4f6d03ea87b38d","first_seen":"2025-06-20T18:10:19.548357Z","last_seen":"2025-12-08T09:19:13.763875Z","times_seen":499,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/fastapproval","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/fastapproval HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 3032\r\ncontent-disposition: inline; filename=\"fastapproval.webp\"\r\netag: \"bbda75c599ff5e76be0bfd8597e90e1e\"\r\nlast-modified: Mon, 25 Aug 2025 14:33:14 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 44f09ea9fc442b4e5967b0195962cae8\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=17;start=2025-09-04T03:34:45.801Z;desc=hit-near,rtt;dur=1,content-info;desc=\"width=150,height=150,bytes=3032,format=\\\"webp\\\",owidth=150,oheight=150,obytes=12748,oformat=\\\"png\\\",crt=1756132393,ocrt=1755878557,ef=(1,11,13,17)\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3032,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bbda75c599ff5e76be0bfd8597e90e1e","sha1":"123b841303094233cb95add16cac867589afa95e","sha256":"6e5d4228c650ae697a8bd0f07caf3b988db8e57d776bc87377bada4d2aba97a3","sha512":"eaa0a128d05f0f6ace4037fba6e8704053066a261b6355159a5b83ed5ab01a8889306afadc9663098bd64e098c4ac07e48ff1672b2f94c7382fc34bf4e9a5da7","ssdeep":"","tlshash":"8b514c17fb4c28886c3ac432446724bd785a59b126efab31a6385149eac95350a1bcc7","first_seen":"2025-06-20T18:10:19.553365Z","last_seen":"2026-05-12T17:47:02.097078Z","times_seen":524,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.trustedform.com/certs","fqdn":"api.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"3.229.209.186","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:46.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustedform.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 08 Jun 2025 00:00:00 GMT","end":"Sun, 05 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"03:AB:43:B1:B0:8A:50:79:5D:75:F8:50:2E:87:D1:61:C3:A5:FC:9E","sha256":"09:8E:30:0B:F3:24:44:6F:55:46:4A:1B:16:24:36:37:D9:D0:35:CF:AA:A7:BE:E0:F9:A9:69:8B:64:53:7F:D3"}}},"request":{"raw":"POST /certs HTTP/1.1\r\nHost: api.trustedform.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 641\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 201 Created\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 497\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nserver: Cowboy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"201","status_text":"Created","fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}],"data":{"size":497,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"734e45b2fe28703968d6742c2372e641","sha1":"1a1ce8a97df8b2be9a4c72521ff5a72145b11626","sha256":"e3c8bf463b176c22911fff23ba4bfe11661edfaca7a942a91846d805b8110b67","sha512":"1041891816a964eb1fc9330b9d68d3a71b0cbb3da952f6398adca2f402e1af7e84c1b45f7f8e3aaef702ed1dcd3199b901450fedf58fdf83bfaf449827ae109d","ssdeep":"","tlshash":"0df00eca4b6854ade6dd22fb1c04eb264103eb73b5828a4c204110fb66878f2733828e","first_seen":"2025-09-04T03:35:11.609497Z","last_seen":"2025-09-04T03:35:11.609497Z","times_seen":1,"resource_available":false,"data":null}},"time_used":536,"timings":{"blocked":215,"dns":1,"connect":104,"send":0,"wait":105,"receive":1,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared/defaultImages/seal-ola","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/shared/defaultImages/seal-ola HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 6216\r\ncontent-disposition: inline; filename=\"seal-ola.webp\"\r\netag: \"2b7deec9097a2ce2e324b836e7c06d90\"\r\nlast-modified: Mon, 25 Aug 2025 14:31:26 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 5ef6f6a411d1666aabd3f6fc9e6f76c2\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=4;start=2025-09-04T03:34:45.672Z;desc=hit,rtt;dur=2,content-info;desc=\"width=125,height=125,bytes=6216,format=\\\"webp\\\",owidth=125,oheight=125,obytes=33464,oformat=\\\"png\\\",crt=1756132285,ocrt=1755878757,ef=(1,11,13,17)\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6216,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2b7deec9097a2ce2e324b836e7c06d90","sha1":"4ed7c7ad6b60d1561e6eb998161eb45b47201539","sha256":"d2d1aff262fa609da293127959bdb5bb415cbaa722165b612ab53a13e44d8812","sha512":"b31ccf8f80309f93392148003cd8de0e3dd527db58843663bbbdd04f1fc117f35593a31b38f3ab52fdb31526d9692e043aab769f76d4f9117c09b2f8168f9c6a","ssdeep":"96:ud0agf7GdIDlKcFEB6SSbRNwt/G383al42upfsy6fHx5AUi2/FT25d7JaIsYUi6Q:KgfxFFW5SbRNU/MuHsy6fYUI5DaIsncr","tlshash":"5dd1aeba803294560e3ee97d97ca6d1f0330c1ebc5e211a70f94ceaaa230e25d791395","first_seen":"2023-05-07T20:58:41Z","last_seen":"2026-06-03T16:50:48.889899Z","times_seen":9109,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":34,"dns":7,"connect":1,"send":0,"wait":5,"receive":1,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/w_200,h_200,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/cash","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/w_200,h_200,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/cash HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 5490\r\ncontent-disposition: inline; filename=\"cash.webp\"\r\netag: \"c02120df007a9dc7bba00ff9e52b9c3e\"\r\nlast-modified: Mon, 25 Aug 2025 14:33:14 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 140a574fd80f8df0d7766e51ccf8d2f4\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=17;start=2025-09-04T03:34:45.800Z;desc=hit-near,rtt;dur=1,content-info;desc=\"width=200,height=200,bytes=5490,format=\\\"webp\\\",owidth=150,oheight=150,obytes=11698,oformat=\\\"png\\\",crt=1756132393,ocrt=1755878557,ef=(1,11,13,17,97)\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5490,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c02120df007a9dc7bba00ff9e52b9c3e","sha1":"8cbd4cc85e39066f63d7c5cad280c1232542720e","sha256":"2069bf1873c9da664c2396ab99f4d19a691a840f404f5af45ffe96faca89ee43","sha512":"265d9693831792909c47304bd4275acfbc136de98c373531534c15d5bebec7d25603c68abf7c152f6352aaef13f88fe2af965ad347875a19b37f83496eae254a","ssdeep":"96:M623Pqt2ttkTbSfeAYzqqnn5D9dfEXQI+yzu29Req/U9xZvY:M6UytuQbSfefqqnRExJ9wq/6xZvY","tlshash":"edb1afb7a21bcfe3a85f2d2271550e3c030d8a31a09f5937017165a0cc11e1bee02a19","first_seen":"2025-06-20T18:10:19.580483Z","last_seen":"2026-05-12T17:47:02.105096Z","times_seen":524,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"F5:9E:5D:EB:46:9B:ED:9F:D2:D7:E8:D1:06:43:DF:9D:0C:13:7E:75","sha256":"AA:C4:C0:AF:38:AE:91:75:3F:86:CE:32:70:A9:8F:C4:2F:7F:D2:28:D1:34:AD:0A:C8:E2:6C:6E:4D:46:72:23"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 29 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 501696\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-03T16:55:47.230678Z","times_seen":865403,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/env.json","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/env.json HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH89LBiZd2oPa0EBoOlZ7k9r1UP_I1mFWjgkxizweIEjbX-gUML9SVZ4FJV_NUMKSPv1V\r\nx-goog-generation: 1755878560594318\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 430\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=yWkDew==, md5=AZ0pRDNlRWMSCEa5EBW1Ag==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 430\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ndate: Wed, 03 Sep 2025 03:03:02 GMT\r\nexpires: Thu, 03 Sep 2026 03:03:02 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:02:40 GMT\r\netag: \"019d294433654563120846b91015b502\"\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\nage: 88303\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":1120,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4c19741ff79149074a8ac265535bffac","sha1":"ebd47f39fa99a39a7edb35fdcd4bf2e21e83723a","sha256":"629ca242bc81da804d723455eac07397ff0fd748f04ef76db806c07749bfff88","sha512":"9940da2d7dfe95c0743dcd2453622800ab45ed27c657e79e76c32e327abdde0d3fc1e1ec3a00ab4b0528e17d4ca6c7d9491d42e013807786dc684ab9dfd32c59","ssdeep":"","tlshash":"22218b28c1381d3706e134ec95ef0e5666a5596b4bd43d627a1d038d4f6d03ea87b38d","first_seen":"2025-06-20T18:10:19.548357Z","last_seen":"2025-12-08T09:19:13.763875Z","times_seen":499,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"citizen-financial.com/api/v1/userApplication/pageView?pageId=eb75f0ba-a91d-4618-a15d-ab965e60d86e","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"POST /api/v1/userApplication/pageView?pageId=eb75f0ba-a91d-4618-a15d-ab965e60d86e HTTP/1.1\r\nHost: citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 2\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nCookie: Authorization=AAEW5HWAUD497-tqaF62ikobNJMxpiCo6e10xWN5TwqCNQRT5OWoJm8t19_NRCfpBXw=\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-length: 0\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/w_606,h_132,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/logo","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/w_606,h_132,q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments/citizen-financial.com/images/logo HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 5638\r\ncontent-disposition: inline; filename=\"logo.webp\"\r\netag: \"71debb35e638911aa04ad405ddf48181\"\r\nlast-modified: Mon, 25 Aug 2025 14:32:29 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 2e2ce283dfb220045f0c406e0d247588\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=18;start=2025-09-04T03:34:45.671Z;desc=miss,rtt;dur=2,content-info;desc=\"width=606,height=132,bytes=5638,format=\\\"webp\\\",owidth=800,oheight=164,obytes=15490,oformat=\\\"png\\\",crt=1756132348,ocrt=1755878560,ef=(1,11,13,17,97)\",cloudinary;dur=60;start=2025-08-25T14:55:29.947Z\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5638,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"71debb35e638911aa04ad405ddf48181","sha1":"3c193474157e7fc2c6fe675bc948ab60b3cf7640","sha256":"e099fb8b8f7a1062f121cc7988d997d3857744fbbab9d9d36d815010cfbab683","sha512":"c90b257026d24692ed2aa3bd11e74b7f4a450bbb7a37f1f3d16ba33d77b5fb1d56b7c2a082ccb8f29c5200ca48692a5bdc19c9cc9244d2ceb1eacad14c9bd873","ssdeep":"96:zHhxy9IA8u+ejhxOkyDpIN1IMJPX9HcQyyIqu8QLxYy85FcX5NjNZMlBV3WJT9GL:FkVFstdIYMtXyQGqo1Yy8ybMwGdTt","tlshash":"68c1a035735410754d654fd68aa84ee264cee951f1e822230aa8fe0c7c1384fdc1a2e5","first_seen":"2025-06-20T18:10:19.578459Z","last_seen":"2026-05-12T17:47:02.108153Z","times_seen":524,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":35,"dns":11,"connect":1,"send":0,"wait":20,"receive":1,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res.cloudinary.com/dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/cash","fqdn":"res.cloudinary.com","domain":"cloudinary.com","tld":"com"},"ip":{"addr":"2.18.172.44","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cloudinary.com","organization":"Cloudinary Ltd"},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 18 Dec 2024 12:38:55 GMT","end":"Wed, 14 Jan 2026 15:36:44 GMT"},"fingerprint":{"sha1":"3C:38:41:3E:81:35:9E:7E:6D:34:B2:E4:FB:E2:0B:55:E7:BC:5D:73","sha256":"9E:96:F3:6A:FA:51:39:20:97:7E:1A:D2:2F:6C:88:79:5F:BB:D8:55:56:68:5D:D7:33:F9:B9:7C:9B:EF:3D:59"}}},"request":{"raw":"GET /dbtcg826q/image/upload/q_auto,f_auto/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/environments//citizen-financial.com/images/cash HTTP/1.1\r\nHost: res.cloudinary.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.citizen-financial.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 2766\r\ncontent-disposition: inline; filename=\"cash.webp\"\r\netag: \"eabb62ee80319ab96a45be435c9f174d\"\r\nlast-modified: Mon, 25 Aug 2025 14:33:14 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, no-transform, max-age=2592000\r\nx-request-id: 759e00ce5c98621e00145ae89561b02d\r\naccess-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ntiming-allow-origin: *\r\nserver: Cloudinary\r\nstrict-transport-security: max-age=604800\r\nvary: Accept,User-Agent,Save-Data\r\nx-content-type-options: nosniff\r\nserver-timing: cld-akam;dur=18;start=2025-09-04T03:34:45.802Z;desc=miss,rtt;dur=1,content-info;desc=\"width=150,height=150,bytes=2766,format=\\\"webp\\\",owidth=150,oheight=150,obytes=11698,oformat=\\\"png\\\",crt=1756132393,ocrt=1755878557,ef=(1,11,13,17)\",cloudinary;dur=24;start=2025-08-26T20:01:50.507Z\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2766,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"eabb62ee80319ab96a45be435c9f174d","sha1":"cd5e44ae72a376d2a8ba399aea58a7d1bec61fc8","sha256":"60640a2326d0e314fe7a8b1b858b1d718db9d887219f4fde7dadbc17951bb971","sha512":"db89562b9567c3f45eb6a4d5f7d5ff9563aeadc269536caa70fbc326ade15fcd21351dc1d2531f969302ba51fb48ba40e39f792cc9cba0087523496616a0ff27","ssdeep":"","tlshash":"ff515b4544d9408c706f9b524f98bb04a6712e3d19edf67509fb7e3045d6b19b3240b8","first_seen":"2025-06-20T18:10:19.572002Z","last_seen":"2026-05-12T17:47:02.101568Z","times_seen":524,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.trustedform.com/bootstrap.js?provide_referrer=false\u0026field=xxTrustedFormCertUrl\u0026l=17569568850950.17111514873105993\u0026invert_field_sensitivity=false\u0026sandbox=false","fqdn":"cdn.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"54.240.174.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.trustedform.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 13 Jan 2025 00:00:00 GMT","end":"Tue, 10 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DE:54:2A:17:15:5E:25:8E:83:28:1E:11:46:BC:0D:35:08:6E:B5:44","sha256":"D9:BF:A7:21:D0:CC:C5:30:96:23:75:3E:EB:A8:D3:29:C6:80:7E:94:A4:29:D1:19:E1:44:9C:74:19:07:4C:45"}}},"request":{"raw":"GET /bootstrap.js?provide_referrer=false\u0026field=xxTrustedFormCertUrl\u0026l=17569568850950.17111514873105993\u0026invert_field_sensitivity=false\u0026sandbox=false HTTP/1.1\r\nHost: cdn.trustedform.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://citizen-financial.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\nlast-modified: Wed, 20 Aug 2025 13:12:53 GMT\r\nx-amz-version-id: BoDHFC50A5ie5Qja9jTfF7r0JaKaPP_Z\r\nserver: AmazonS3\r\ncontent-encoding: gzip\r\netag: W/\"9128f7a8d05622543fbbcf49c48f0422\"\r\nvary: accept-encoding\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: w_R-9_mUpo4bfmNQQuuq_aHhys-P6r65DX99glEbdrBoPPPGft-6KA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":19883,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19882)","md5":"9128f7a8d05622543fbbcf49c48f0422","sha1":"a8a1e2ac95a5046ccddedb7c171154383530f408","sha256":"89ae4f6fe12598452bd74242cc537b2f2fcdaf36348e117ee281e32eea2da098","sha512":"6582a2284bb4eb6c2caee3a7c21198f82d8297a2ff86055789c21665d68ac0fc24aba24fd1f9489e2e742afd1edce85d74357fc62fe4880d01a45d9ed0364948","ssdeep":"384:uJ5BLkGVfK5k/QoJ69cdlYo4kVW1Wk0PfTKoT2VUSois7vy7fSaVpSp6bU:uJ5BgUfK5YX69cdlYo4kVW1Wk0PfTKov","tlshash":"86921a4ab698b43d0b6721f2a13f920bf3712535380b50504269c9f43e79d8f961bf9d","first_seen":"2025-08-20T14:07:42.565775Z","last_seen":"2025-09-04T13:16:30.239991Z","times_seen":164,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":30,"dns":14,"connect":1,"send":0,"wait":200,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"citizen-financial.com/favicon.ico","fqdn":"citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"34.121.35.39","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=\r\nCookie: Authorization=AAEW5HWAUD497-tqaF62ikobNJMxpiCo6e10xWN5TwqCNQRT5OWoJm8t19_NRCfpBXw=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 \r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ntransfer-encoding: chunked\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":null,"data":{"size":121,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2d2d249116b721d0e17a0b04665047ee","sha1":"71658ac43394709ecba62ad9b050fcc70a1a156d","sha256":"4206f9b5f37f7a04655fd44db2ee6fde85ad0dfb19c47b722cefb8e9906d5a9d","sha512":"e3bc367a881a475c0585c23bc4ab3a8613bf1e406c66ee92456d1f07b65085342a4d4e0600788d30b3c0c5fec6972106e611f5cd3409d394c18039b170b719b5","ssdeep":"","tlshash":"a8b02b000855800028c2c029109402506f438f420b50600311db0718aa3c05f88bc40d","first_seen":"2025-09-04T03:35:11.614939Z","last_seen":"2025-09-04T03:35:11.614939Z","times_seen":1,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.trustedform.com/certs/e7b96c7373a3e95cfc6a4655400b652974a4975a/fingerprints","fqdn":"api.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"3.229.209.186","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:46.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trustedform.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 08 Jun 2025 00:00:00 GMT","end":"Sun, 05 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"03:AB:43:B1:B0:8A:50:79:5D:75:F8:50:2E:87:D1:61:C3:A5:FC:9E","sha256":"09:8E:30:0B:F3:24:44:6F:55:46:4A:1B:16:24:36:37:D9:D0:35:CF:AA:A7:BE:E0:F9:A9:69:8B:64:53:7F:D3"}}},"request":{"raw":"POST /certs/e7b96c7373a3e95cfc6a4655400b652974a4975a/fingerprints HTTP/1.1\r\nHost: api.trustedform.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 176\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 04 Sep 2025 03:34:46 GMT\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nserver: Cowboy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]},{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":194,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/polyfills.426d8f8069b0e02d.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:44.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/polyfills.426d8f8069b0e02d.js HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH8_nzdkWzG2SfVs5W7o4qNgEKnKRm-2uyD2UP6LDoLI1f3Y-4E-LHZk0ayypuK1oJLL_\r\nx-goog-generation: 1755878775413414\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 19327\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=j8C2lw==, md5=6t8fLjEiftcAfmMsyk1x8w==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 19327\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Type, Access-Control-Allow-Origin\r\nserver: UploadServer\r\ndate: Tue, 02 Sep 2025 08:13:16 GMT\r\nexpires: Wed, 02 Sep 2026 08:13:16 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:06:15 GMT\r\netag: \"eadf1f2e31227ed7007e632cca4d71f3\"\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nage: 156088\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":54469,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (54469), with no line terminators","md5":"d4e8da647e1bb7bb7c4b5b26a0690a2c","sha1":"fea1df4ad6abda1288ed44112a914c98b45e8d51","sha256":"68ebd42a00fbf307335b7b258a9e6c27a0eac10f826934fb1fde770cfb6f19a2","sha512":"6f3509c382ff54547be185952e56e6083f1bab1228d386a47d1dfd2c142dea9683eabaae3fd183960692c2c1e79990d9dba8fc5f43891b1215e56ab1b4ab2e7f","ssdeep":"768:qZtyWbSxewTodTTlHJVqMcgf9cRaMi3ZTS/vdNgE2DSJiaYNE//aEhOQty5R4Gfl:nVZqZn6R6etATNLDoWR59","tlshash":"8833f7da7392b0a247b3a0e6917f8407f22529a4785cc8f4e61f89d53c7a049d167f2e","first_seen":"2025-06-03T15:20:31.980426Z","last_seen":"2026-06-03T16:50:48.898835Z","times_seen":9077,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":43,"dns":10,"connect":12,"send":0,"wait":13,"receive":10,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/main.cae4fcfc512ff56c.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:44.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/main.cae4fcfc512ff56c.js HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH8_eKho81BQTuVE-GT0g8peg-rnW-tS1aFMzmXL7jhznk7dpDbAZuMvoJso5TpQ4vnPJsdgnFkY\r\nx-goog-generation: 1755878132043531\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 251396\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=p4UMAg==, md5=tWMEAxV3Nz2H24CBt/FtVA==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 251396\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Type, Access-Control-Allow-Origin\r\nserver: UploadServer\r\ndate: Tue, 02 Sep 2025 23:16:02 GMT\r\nexpires: Wed, 02 Sep 2026 23:16:02 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 15:55:32 GMT\r\netag: \"b56304031577373d87db8081b7f16d54\"\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nage: 101922\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":882892,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d0a85c4bec327417f5d95e724b396a87","sha1":"316d9bfd47b95f0f5ec0747c1f1230f165b7641d","sha256":"b7951cbf1dae2ebf94597d9fa4b93d426b24b708fc40b6cdd0c92a62f2b48f54","sha512":"b3aadb864310a6bc65645a68bb7b9e022adc6ec9e971b39409b549a81fd861e171f5ecb5600bd8376e438aff25c93011b7a12c099f3dd290b683e0d2e94a3439","ssdeep":"24576:glDBmiUjwo7eN/esuKQTOJFw3OxlpwVV0AQUDPpqmcKSf0xpoiQ359L5eRHo1Ar4:piU0o7O/esuKQTOJ63OxlpwVV0AQUDPM","tlshash":"5e154b967295712643e700e6627b4543f23d6844790984bcf6acccdd3ba8d4863bbbbc","first_seen":"2025-08-25T14:34:12.004575Z","last_seen":"2025-10-21T12:12:19.726661Z","times_seen":182,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":78,"dns":8,"connect":28,"send":0,"wait":13,"receive":44,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/runtime.37f8c86fe8fd38c6.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:44.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/runtime.37f8c86fe8fd38c6.js HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABgVH8-vmTWooI_LqEa0GY8L_TOf1OHlOqSPlcFoIS9T5Kqec8rXHM6MlZIxxv-6RXMAhEqz\r\nx-goog-generation: 1755878777587002\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 1749\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=hJldyA==, md5=dvHiE4/pTTNDpe81ojPNVw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 1749\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Type, Access-Control-Allow-Origin\r\nserver: UploadServer\r\ndate: Wed, 03 Sep 2025 07:14:41 GMT\r\nexpires: Thu, 03 Sep 2026 07:14:41 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:06:17 GMT\r\netag: \"76f1e2138fe94d3343a5ef35a233cd57\"\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nage: 73203\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":3155,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (3155), with no line terminators","md5":"c320058a5fe3bcc412ee117bd9b878d9","sha1":"315338ada126896e24cca92244578700ede34f63","sha256":"93b099c26ce402474e3e062d9b657500906c42e69ac469f40a6e05c86ad15781","sha512":"fc21165fdc88bca59acee9bb3a188297ff6bb4e9d2575078dc18f674696cfc3b766b3baa4e7f4c331bd6bdbd7c93ee800fbbc8ff9df2227bf1d843a08333d82c","ssdeep":"","tlshash":"f551c5f42225fdfa2be458c01c3dd4d5a5183023411ba8f2e75bdd65b62cdd08655bb1","first_seen":"2025-07-29T13:22:41.461858Z","last_seen":"2025-10-29T14:24:01.676587Z","times_seen":1775,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":40,"dns":10,"connect":12,"send":0,"wait":25,"receive":1,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:44.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"05:AF:87:21:D4:6B:A6:86:ED:A7:D2:07:92:06:E4:D4:79:84:27:E8","sha256":"F6:EC:75:67:99:66:34:CC:0C:0F:9D:D7:8B:6A:04:94:98:0C:7B:B5:47:E2:47:37:A6:F8:E2:08:99:72:AB:BE"}}},"request":{"raw":"GET /css?family=Roboto:300,400,500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.citizen-financial.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 04 Sep 2025 03:34:45 GMT\r\ndate: Thu, 04 Sep 2025 03:34:45 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"d4374b76e5c1e44a53f11ad2b1678cf8","sha1":"ea110104a14d51b5b14f6c0922c1449c9a760202","sha256":"0dc85f64b97b15752cdc144c6b5ef07912d46d14810acbdc044a77e06fcc22f2","sha512":"48661bf84097740c261ff4216cbffbd0fe74f30a4b6b9889dcf2cc5662781738c7a589acc4bc9ab6fee61c11d6ffd011336ef2ca431fbcf896b961a8094076b2","ssdeep":"384:pjf5jgjPjrjyUj/qY4+j4jYjpjfMj1jWj6jyhj/qY4XjNjtjijfDjOjdjBjyaj/+:p90DXOU/R08toBy+Oh/EBpmv65lOa/7m","tlshash":"da7212a1041740009b835ce223cebf35fe1f92517142d0b5abfd9b6badcbc66526939d","first_seen":"2025-06-03T13:36:57.746163Z","last_seen":"2025-09-08T11:41:08.641332Z","times_seen":364,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":125,"dns":1,"connect":15,"send":0,"wait":33,"receive":0,"ssl":106},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.citizen-financial.com/t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/5094.71a3af9e702f8b71.js","fqdn":"assets.citizen-financial.com","domain":"citizen-financial.com","tld":"com"},"ip":{"addr":"35.227.232.79","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:45.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"citizen-financial.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:47:30 GMT","end":"Fri, 24 Oct 2025 10:47:29 GMT"},"fingerprint":{"sha1":"F0:2E:72:21:3D:4C:89:17:43:46:FC:0F:14:19:D2:E1:98:44:B7:DC","sha256":"77:DC:72:C4:FF:E6:75:C0:B2:49:18:AD:D2:09:BF:BC:26:80:6C:E1:E7:CA:6A:9F:22:8B:F4:36:92:25:A8:1E"}}},"request":{"raw":"GET /t7/968a9dff-59b3-4bef-8dd4-af5d8fb53b64/dist/dynamic/5094.71a3af9e702f8b71.js HTTP/1.1\r\nHost: assets.citizen-financial.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://citizen-financial.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-guploader-uploadid: ABgVH89OOwWxgftwHUG6XhfKNHn2lPDliiaK-2rX1WIYdbb2fha0UawaYOfeIHULx232hxwMLjiulFs\r\nx-goog-generation: 1755878775976967\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: gzip\r\nx-goog-stored-content-length: 42959\r\ncontent-encoding: gzip\r\nx-goog-hash: crc32c=7sXN1Q==, md5=rncCl2mHTozgbVcgYQrLlg==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccept-ranges: bytes\r\ncontent-length: 42959\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Access-Control-Allow-Origin, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: UploadServer\r\ndate: Tue, 02 Sep 2025 12:58:00 GMT\r\nexpires: Wed, 02 Sep 2026 12:58:00 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Fri, 22 Aug 2025 16:06:16 GMT\r\netag: \"ae77029769874e8ce06d5720610acb96\"\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nage: 139005\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":181549,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"82a6fad14fcc8cc8d1d350224b5654e5","sha1":"9d92bc4d0f6603178af18079ab583034fceb3f85","sha256":"14b1782b9632daa6bf3c424e0cc8b1db63cafef988df67c7a24e3923b34a4ed9","sha512":"dd643e49b7daf9f032345ab55fbc8e9f9173dea4e711d47295e57a6aaab32dd4789ee21807a197bb3814799c56be217e298e7ccf7ab6e4256373e6d319974044","ssdeep":"3072:z8H++xR7hYSe1K9OXj90X3qlC+gy2+g74pv1342h80c9rRYc:QHVx5u1K8XjWXahc9rRYc","tlshash":"cc04face3161352a43b550b1c93a090fb62e4d84a00d867dfb7c99cfb66d95812bef78","first_seen":"2025-06-03T15:20:31.981654Z","last_seen":"2025-10-29T14:23:55.147938Z","times_seen":1279,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-04","alert":"Sinkholed","trigger":"assets.citizen-financial.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.trustedform.com/trustedform-1.10.24.js","fqdn":"cdn.trustedform.com","domain":"trustedform.com","tld":"com"},"ip":{"addr":"54.240.174.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://citizen-financial.com/?affid=1017\u0026cid=1281\u0026email=\u0026firstName=\u0026lastName=\u0026s1=11\u0026s2=102dcd5551b329c6d21caf1d420965\u0026s3=410\u0026zip=","date":"2025-09-04T03:34:46.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.trustedform.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 13 Jan 2025 00:00:00 GMT","end":"Tue, 10 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DE:54:2A:17:15:5E:25:8E:83:28:1E:11:46:BC:0D:35:08:6E:B5:44","sha256":"D9:BF:A7:21:D0:CC:C5:30:96:23:75:3E:EB:A8:D3:29:C6:80:7E:94:A4:29:D1:19:E1:44:9C:74:19:07:4C:45"}}},"request":{"raw":"GET /trustedform-1.10.24.js HTTP/1.1\r\nHost: cdn.trustedform.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://citizen-financial.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 20 Aug 2025 13:12:53 GMT\r\nx-amz-version-id: cC439VFTn5UkoSPK_FHfyxB2oTTdelQE\r\nserver: AmazonS3\r\ncontent-encoding: gzip\r\ndate: Thu, 04 Sep 2025 03:34:41 GMT\r\netag: W/\"4686e7377e25d88da636fb4c8693ab7d\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 6Gh9Sr8u1ArGA89PpjX6IjDoAHnbItU6eRu1JmimX7bwH_3bqywmlw==\r\nage: 6\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":111116,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4686e7377e25d88da636fb4c8693ab7d","sha1":"3f4d5d4f58a67446822d13ad2bd88e8636c04e30","sha256":"2a9310dc9ee632df97ac5598ab6a377ee3c6404addabdeac770e9f4f7ebf522f","sha512":"e68c304e9cc4808a38f6e488e6e57329a261bfdb9e62dcef34a837a00c16e369ec515ad12c2a573ba2885d44800c9a47568ed0c66e1277a09fbfa6079804552c","ssdeep":"1536:/f6R54t6L3StlSx/zVXhI3GQEkhGYKbduu1B4jsyZQ:/f634zSxzVxIBhKbkvsyO","tlshash":"38b308cc76c6b47b0ba370b1417f514bb23a5915688ea460d215f8e43c7894fa63bfac","first_seen":"2025-08-20T14:07:42.587722Z","last_seen":"2025-09-04T13:16:30.242646Z","times_seen":164,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}