firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 30 Sep 2022 11:50:46 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kRlUjvPQiZVPNLg1Rz5fBWY4BKXZ3ZtZtZUu5VqSPVqKEw1XYBjRSA==
Age: 2649
citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
192.81.217.12200 OK 24 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2033)
Hash e5a28ee232c69b4b082df9eddfe34bb2
0d65cdb066f621606cc5910732b87987c5b1b188
dbe9258a01ab88fa2491d0a3dba9f487d7c7bd8f4264f1065feeadca1a56567a
GET /558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9 HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3798
Expires: Fri, 30 Sep 2022 13:38:13 GMT
Date: Fri, 30 Sep 2022 12:34:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dcc4499d374a2853afa2d5836acbe65a
4ba69db4852144bf192d1803b69b39a6b881feb8
e4cab1657f3e7a3c2d219a7802955629f414ac772ea4576c30aa7a71533a10c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4CAB1657F3E7A3C2D219A7802955629F414AC772EA4576C30AA7A71533A10C7"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15451
Expires: Fri, 30 Sep 2022 16:52:26 GMT
Date: Fri, 30 Sep 2022 12:34:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +YQH+SrdfALDSjbOK1v0U5NrjmdbjzBlNAeAnX8yfRW5L7EfkoUOatk1n7SIwreixdAA0RE7rK4=
x-amz-request-id: RK546725DG9FE9XE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Sep 2022 11:51:15 GMT
age: 2620
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Sep 2022 12:34:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
citi2en-0nline.ga/558805281/styless/normalize.css
192.81.217.12200 OK 9.9 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/normalize.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
Hash f4c899699f3f6235f3bfa2db0cff86da
cbb6ec7fa4b58fb6c5a700720b239ce27e339646
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
GET /558805281/styless/normalize.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 9922
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js
192.81.217.12200 OK 93 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (32089), with CRLF line terminators
Hash 874082b265651d732b1e8a97ce2517a6
eee9a5b74fa1b59692e17a0420d989d3f82cbe2c
7933ff01db5be57ca6677daaad6bf5009d38d294ab5aa5d998de3ba47e89ca0e
Analyzer Verdict Alert fortinet Phishing
GET /558805281/js/jquery-1.9.1.min.js HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 92635
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
citi2en-0nline.ga/558805281/styless/jquery-ui-1.10.3.custom.min.css
192.81.217.12200 OK 19 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/jquery-ui-1.10.3.custom.min.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (17412)
Hash 554d7d54b6474370d39d74ba81f8a60b
d857a1229ebca1508756c1a46481398cf01803b5
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
GET /558805281/styless/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 19030
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/styless/flows.css
192.81.217.12200 OK 8.6 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/flows.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
Hash a2cee59b9ee7360a9e21ad7a07bfcd5b
ed9d041f9f935c6e94034cee100bc7b36cb8a1f4
9749a485710e170958788032045f2cefb8760a4ab61adc189caadd628f8bc585
GET /558805281/styless/flows.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 8649
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/js/main.js
192.81.217.12200 OK 12 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/js/main.js
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
Hash 98174d594b6f4be9ffb6cb5753cef7fe
9e2c6ebd6455562f0d2af76345aad6a00b1189df
4d825cc1794390e4680415375dad3b5ca876d00703f5201fa65ec417ea01dabc
Analyzer Verdict Alert fortinet Phishing
GET /558805281/js/main.js HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 12152
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
citi2en-0nline.ga/558805281/styless/main.css
192.81.217.12200 OK 62 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/main.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
Hash 1743d64aed757a7643aa9d3dc5701f03
91bc39eee54ab0ca402a47c4adbd40781dbf3808
2f6890d706e585ea7f2fd51c88165eea82370d7fb7eff2184d0f2863512870c2
GET /558805281/styless/main.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 62418
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/js/plugin.js
192.81.217.12200 OK 209 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/js/plugin.js
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Size 209 kB (208674 bytes)
Hash 7bc9ce3101e2297d2c1b9d49d62fa605
dd8a4312a965050a6b707b6f6abdb559867fa991
2352d5519859c90f1259960f8a9307a7b07a95a1d8bb8f606d21e87ccf4b9bb3
Analyzer Verdict Alert fortinet Phishing
GET /558805281/js/plugin.js HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 208674
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
citi2en-0nline.ga/558805281/styless/ad-containers.css
192.81.217.12200 OK 8.0 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/ad-containers.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 65d28549495a385024b93b037e33835f
987adde42fd154ef5da27d9ed3845ccb168ba2f4
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
GET /558805281/styless/ad-containers.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 7985
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/styless/citizensns.min.42588.css
192.81.217.12200 OK 6.0 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/citizensns.min.42588.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
Hash 4e258533601217d93e556e99b5e5899e
842e5a1e1eedb691a1d8ad1618d1bbde36ea745a
80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457
GET /558805281/styless/citizensns.min.42588.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 5981
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/styless/sec-3-2.css
192.81.217.12200 OK 1.6 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/sec-3-2.css
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (609)
Hash 2fe4aec8dfb33f933ed5c6515e6a3f8b
995dbff4cbe05148f25301c896bb6a7f04d2ebc1
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
GET /558805281/styless/sec-3-2.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1601
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
citi2en-0nline.ga/558805281/styless/feedback.png
192.81.217.12200 OK 824 B URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/feedback.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
GET /558805281/styless/feedback.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 824
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/equal-housing.gif
192.81.217.12200 OK 1.1 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/equal-housing.gif
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 14 x 9\012- data
Hash 39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
GET /558805281/styless/equal-housing.gif HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif
citi2en-0nline.ga/558805281/styless/footer-follow-linkedin.png
192.81.217.12200 OK 3.2 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/footer-follow-linkedin.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
GET /558805281/styless/footer-follow-linkedin.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/CTZ_Green-01.png
192.81.217.12200 OK 4.2 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/CTZ_Green-01.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash edeb1da3a70dc89f6afdf7e104d06f6c
5afd9b50c42c7820edfceebcc47b4443c9dbb0f9
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
GET /558805281/styless/CTZ_Green-01.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 4206
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/footer-follow-facebook.png
192.81.217.12200 OK 395 B URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/footer-follow-facebook.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash 25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
GET /558805281/styless/footer-follow-facebook.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/footer-follow-twitter.png
192.81.217.12200 OK 3.3 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/footer-follow-twitter.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
GET /558805281/styless/footer-follow-twitter.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 30 Sep 2022 12:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 30 Sep 2022 12:48:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v1ugnlOzZLs1HojWz2uUSbO7os-1Z4nglQhyv5oO3cEgVIzgGXjTNg==
Age: 322
citi2en-0nline.ga/558805281/styless/fdicFooter.gif
192.81.217.12200 OK 2.2 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/fdicFooter.gif
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 56 x 24\012- data
Hash a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
GET /558805281/styless/fdicFooter.gif HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif
citi2en-0nline.ga/558805281/styless/elh.gif
192.81.217.12200 OK 1.4 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/elh.gif
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 31 x 24\012- data
Hash f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
GET /558805281/styless/elh.gif HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/icon-secure.png
192.81.217.12200 OK 292 B URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/efs/efs/grafx/icon-secure.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
GET /558805281/styless/efs/efs/grafx/icon-secure.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/flows.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 292
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/flows-tooltip.png
192.81.217.12200 OK 364 B URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/efs/efs/grafx/flows-tooltip.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
GET /558805281/styless/efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/flows.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 364
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-button-white.png
192.81.217.12200 OK 1.0 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-button-white.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e
GET /558805281/styless/efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/flows.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1017
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-down-blue.png
192.81.217.12200 OK 1.1 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-down-blue.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
GET /558805281/styless/efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1054
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/font/citizen_roman.woff
192.81.217.12200 OK 32 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/font/citizen_roman.woff
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Hash d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
Analyzer Verdict Alert fortinet Phishing
GET /558805281/styless/font/citizen_roman.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 31968
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff
citi2en-0nline.ga/558805281/styless/font/citizen_extrabold.woff
192.81.217.12200 OK 28 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/font/citizen_extrabold.woff
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Hash 76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
Analyzer Verdict Alert fortinet Phishing
GET /558805281/styless/font/citizen_extrabold.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 27852
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff
citi2en-0nline.ga/558805281/styless/font/citizen_book.woff
192.81.217.12200 OK 32 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/font/citizen_book.woff
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Hash 0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
Analyzer Verdict Alert fortinet Phishing
GET /558805281/styless/font/citizen_book.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 31864
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-right-orange.png
192.81.217.12200 OK 165 B URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-right-orange.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
GET /558805281/styless/efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 165
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d1be374a29f94481ff2c021e35f4eaa0
e05e92d94b5e434e9935e560fd8dc33bdc393aea
37a5132d2183f5c3bfaac5c89df691fea72cac4423110df88bdeb231f430deee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5632
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 12:34:56 GMT
Last-Modified: Fri, 30 Sep 2022 11:01:04 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
citi2en-0nline.ga/558805281/styless/font/citizen_bold.woff
192.81.217.12200 OK 29 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/font/citizen_bold.woff
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, TrueType, length 29304, version 1.0\012- data
Hash c0f795cba89d0c65078577b8b1b7c62a
6fd231b6616aad9abdfc37562541da3db904e6ac
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
Analyzer Verdict Alert fortinet Phishing
GET /558805281/styless/font/citizen_bold.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 29304
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff
citi2en-0nline.ga/558805281/styless/font/citiolb_icons.woff
192.81.217.12200 OK 18 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/font/citiolb_icons.woff
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Hash 022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
Analyzer Verdict Alert fortinet Phishing
GET /558805281/styless/font/citiolb_icons.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 18524
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff
citi2en-0nline.ga/558805281/styless/icon-hires.png
192.81.217.12200 OK 14 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/icon-hires.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e
GET /558805281/styless/icon-hires.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:56 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 13907
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
citi2en-0nline.ga/558805281/styless/icon-normal.png
192.81.217.12200 OK 11 kB URL HTTP/1.1 citi2en-0nline.ga/558805281/styless/icon-normal.png
IP 192.81.217.12:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f
GET /558805281/styless/icon-normal.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae
HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:56 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 10871
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
push.services.mozilla.com/
44.242.32.27101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.32.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GBeWt670CfDxfkI6k6gPpA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qw8jljdxUrnzcuQpr1iD3lk5d2E=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 139a144f8cb04ac8aae65f4bad1473e7
265840b2d2fc6eb764cc6409b05deee8d77a19c2
6e0f01b6bdd5a92e92c7b29a6172a2900c68900afd2abba948940621252e0fd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10380
x-amzn-requestid: 35ee2a77-159c-4bb4-a825-98c638398586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdZYHsTIAMFQNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f6f-4f68073432bcea371c7b8f03;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IENB0e-e13ywHJKPgyLWn1bGPMMxFLUu3cIUcREjGhxDEMROEL1jBg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:45:15 GMT
age: 53382
etag: "265840b2d2fc6eb764cc6409b05deee8d77a19c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RapEpyb-G8xNSFZntDDnpOEvLX4h0WsIhgsk2jNrtEAyF_ijfTHVgg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 11:56:10 GMT
age: 2327
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b542c54-7443-4efd-b43a-b50beff0bc4c.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b542c54-7443-4efd-b43a-b50beff0bc4c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa63437d6ec946f7f95de280e604859c
ab137ea318dc0c4e585c4b3a1ea053489afa5c69
9f235e8addc73bc7dfa48b5c0e99eea32106a5a13dcab877607cd733b4456267
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b542c54-7443-4efd-b43a-b50beff0bc4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10818
x-amzn-requestid: b2627f26-5120-4de7-80bc-6ba93126921a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5REORoAMFXYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103b-04db09ff0b48c0cd45f90bae;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ez9HpXo_UXvZkGEd058cBUdO72LdIotlB-VQ2fzDzncv2TPPN44Guw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:46:05 GMT
etag: "ab137ea318dc0c4e585c4b3a1ea053489afa5c69"
content-type: image/jpeg
age: 53332
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9f94853ffae41ec3c0e002bc152da1c4
7057c6707c7299ac386c6b2164240eff241db294
818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6795
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCs6FbooAMFyHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FtNPTuAVR9eG-GSa5-hDmE0ORX7tXZ7EUJ8_qdgM148QBZYWxGMifA==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 07:52:56 GMT
age: 16921
etag: "7057c6707c7299ac386c6b2164240eff241db294"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1389b1d624b44706c7a6f6b7eb769241
78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d
c3c2526b98be06fc7e793e1150bacde2a7bd718e29a851a6e6992e8d84333790
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16011
x-amzn-requestid: d58dfdcd-383a-45ac-8ae2-2b97f016b6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbjFy1IAMF84A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f7c-1ca9707a5e5087fd769d9ab6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QKHN1asEv6w1mTLxsmn7Oj5AZTsPcg0H8zv5_qQ1BYptjL254kCZdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:20:36 GMT
age: 51261
etag: "78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13a12db696bc2bf6a6ea2f48f4c1428e
3481dce8ab711111fc8863d88bee1a887cfd43ac
6dae6c9e5de4146e1f528a36a1795225c9731385f13927fc001fb3f9842fe8f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5106
x-amzn-requestid: a906507c-8820-489c-9978-7d0fd026c862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5PE0MIAMF3DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103a-49eb3879088f17bc01d177c7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: op_2CSOAx9-hqXvj1nOyitq0UXqIyItmquWjMkmMdKWnwoTIA_SA6A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:45:26 GMT
age: 53371
etag: "3481dce8ab711111fc8863d88bee1a887cfd43ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2