Report - citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9

Report Overview

Submitted URL
citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
IP
192.81.217.12
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2022-09-30 12:35:06
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.242.32.27
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	67 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
citi2en-0nline.ga	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	644 kB	192.81.217.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-30	medium	citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/js/main.js	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/js/plugin.js	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/styless/font/citizen_roman.woff	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/styless/font/citizen_extrabold.woff	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/styless/font/citizen_book.woff	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/styless/font/citizen_bold.woff	Phishing
2022-09-30	medium	citi2en-0nline.ga/558805281/styless/font/citiolb_icons.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js	93 kB	2023-03-07	2024-01-30
Pretty URL citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js IP 192.81.217.12 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:57 Last Seen2024-01-30 14:36:10 Times Seen47 Hash 874082b265651d732b1e8a97ce2517a6 eee9a5b74fa1b59692e17a0420d989d3f82cbe2c 7933ff01db5be57ca6677daaad6bf5009d38d294ab5aa5d998de3ba47e89ca0e Loading...

	citi2en-0nline.ga/558805281/js/main.js	12 kB	2023-03-07	2023-03-11
Pretty URL citi2en-0nline.ga/558805281/js/main.js IP 192.81.217.12 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:23:53 Last Seen2023-03-11 09:52:16 Times Seen1 Hash 98174d594b6f4be9ffb6cb5753cef7fe 9e2c6ebd6455562f0d2af76345aad6a00b1189df 4d825cc1794390e4680415375dad3b5ca876d00703f5201fa65ec417ea01dabc Loading...

	citi2en-0nline.ga/558805281/js/plugin.js	209 kB	2023-03-07	2023-03-08
Pretty URL citi2en-0nline.ga/558805281/js/plugin.js IP 192.81.217.12 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:23:53 Last Seen2023-03-08 06:23:19 Times Seen1 Hash 7bc9ce3101e2297d2c1b9d49d62fa605 dd8a4312a965050a6b707b6f6abdb559867fa991 2352d5519859c90f1259960f8a9307a7b07a95a1d8bb8f606d21e87ccf4b9bb3 Loading...

HTTP Transactions (49)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 30 Sep 2022 11:50:46 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kRlUjvPQiZVPNLg1Rz5fBWY4BKXZ3ZtZtZUu5VqSPVqKEw1XYBjRSA==
Age: 2649

citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9

192.81.217.12

200 OK

24 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2033)
Size
24 kB (23464 bytes)
Hash
e5a28ee232c69b4b082df9eddfe34bb2
0d65cdb066f621606cc5910732b87987c5b1b188
dbe9258a01ab88fa2491d0a3dba9f487d7c7bd8f4264f1065feeadca1a56567a

HTTP Headers

GET /558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9 HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:54 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3798
Expires: Fri, 30 Sep 2022 13:38:13 GMT
Date: Fri, 30 Sep 2022 12:34:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dcc4499d374a2853afa2d5836acbe65a
4ba69db4852144bf192d1803b69b39a6b881feb8
e4cab1657f3e7a3c2d219a7802955629f414ac772ea4576c30aa7a71533a10c7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4CAB1657F3E7A3C2D219A7802955629F414AC772EA4576C30AA7A71533A10C7"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15451
Expires: Fri, 30 Sep 2022 16:52:26 GMT
Date: Fri, 30 Sep 2022 12:34:55 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +YQH+SrdfALDSjbOK1v0U5NrjmdbjzBlNAeAnX8yfRW5L7EfkoUOatk1n7SIwreixdAA0RE7rK4=
x-amz-request-id: RK546725DG9FE9XE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Sep 2022 11:51:15 GMT
age: 2620
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 30 Sep 2022 12:34:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

citi2en-0nline.ga/558805281/styless/normalize.css

192.81.217.12

200 OK

9.9 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/normalize.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
9.9 kB (9922 bytes)
Hash
f4c899699f3f6235f3bfa2db0cff86da
cbb6ec7fa4b58fb6c5a700720b239ce27e339646
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

HTTP Headers

GET /558805281/styless/normalize.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 9922
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js

192.81.217.12

200 OK

93 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/js/jquery-1.9.1.min.js
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (32089), with CRLF line terminators
Size
93 kB (92635 bytes)
Hash
874082b265651d732b1e8a97ce2517a6
eee9a5b74fa1b59692e17a0420d989d3f82cbe2c
7933ff01db5be57ca6677daaad6bf5009d38d294ab5aa5d998de3ba47e89ca0e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/js/jquery-1.9.1.min.js HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 92635
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

citi2en-0nline.ga/558805281/styless/jquery-ui-1.10.3.custom.min.css

192.81.217.12

200 OK

19 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/jquery-ui-1.10.3.custom.min.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (17412)
Size
19 kB (19030 bytes)
Hash
554d7d54b6474370d39d74ba81f8a60b
d857a1229ebca1508756c1a46481398cf01803b5
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

HTTP Headers

GET /558805281/styless/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 19030
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/styless/flows.css

192.81.217.12

200 OK

8.6 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/flows.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Unicode text, UTF-8 text
Size
8.6 kB (8649 bytes)
Hash
a2cee59b9ee7360a9e21ad7a07bfcd5b
ed9d041f9f935c6e94034cee100bc7b36cb8a1f4
9749a485710e170958788032045f2cefb8760a4ab61adc189caadd628f8bc585

HTTP Headers

GET /558805281/styless/flows.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 8649
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/js/main.js

192.81.217.12

200 OK

12 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/js/main.js
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
12 kB (12152 bytes)
Hash
98174d594b6f4be9ffb6cb5753cef7fe
9e2c6ebd6455562f0d2af76345aad6a00b1189df
4d825cc1794390e4680415375dad3b5ca876d00703f5201fa65ec417ea01dabc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/js/main.js HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 12152
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

citi2en-0nline.ga/558805281/styless/main.css

192.81.217.12

200 OK

62 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/main.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
62 kB (62418 bytes)
Hash
1743d64aed757a7643aa9d3dc5701f03
91bc39eee54ab0ca402a47c4adbd40781dbf3808
2f6890d706e585ea7f2fd51c88165eea82370d7fb7eff2184d0f2863512870c2

HTTP Headers

GET /558805281/styless/main.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 62418
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/js/plugin.js

192.81.217.12

200 OK

209 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/js/plugin.js
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with CRLF line terminators
Size
209 kB (208674 bytes)
Hash
7bc9ce3101e2297d2c1b9d49d62fa605
dd8a4312a965050a6b707b6f6abdb559867fa991
2352d5519859c90f1259960f8a9307a7b07a95a1d8bb8f606d21e87ccf4b9bb3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/js/plugin.js HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 208674
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

citi2en-0nline.ga/558805281/styless/ad-containers.css

192.81.217.12

200 OK

8.0 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/ad-containers.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with CRLF line terminators
Size
8.0 kB (7985 bytes)
Hash
65d28549495a385024b93b037e33835f
987adde42fd154ef5da27d9ed3845ccb168ba2f4
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02

HTTP Headers

GET /558805281/styless/ad-containers.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 7985
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/styless/citizensns.min.42588.css

192.81.217.12

200 OK

6.0 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/citizensns.min.42588.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Unicode text, UTF-8 text
Size
6.0 kB (5981 bytes)
Hash
4e258533601217d93e556e99b5e5899e
842e5a1e1eedb691a1d8ad1618d1bbde36ea745a
80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457

HTTP Headers

GET /558805281/styless/citizensns.min.42588.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 5981
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/styless/sec-3-2.css

192.81.217.12

200 OK

1.6 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/sec-3-2.css
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (609)
Size
1.6 kB (1601 bytes)
Hash
2fe4aec8dfb33f933ed5c6515e6a3f8b
995dbff4cbe05148f25301c896bb6a7f04d2ebc1
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8

HTTP Headers

GET /558805281/styless/sec-3-2.css HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1601
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

citi2en-0nline.ga/558805281/styless/feedback.png

192.81.217.12

200 OK

824 B

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/feedback.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
824 B (824 bytes)
Hash
561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949

HTTP Headers

GET /558805281/styless/feedback.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 824
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/equal-housing.gif

192.81.217.12

200 OK

1.1 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/equal-housing.gif
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
GIF image data, version 89a, 14 x 9\012- data
Size
1.1 kB (1134 bytes)
Hash
39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

HTTP Headers

GET /558805281/styless/equal-housing.gif HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/gif

citi2en-0nline.ga/558805281/styless/footer-follow-linkedin.png

192.81.217.12

200 OK

3.2 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/footer-follow-linkedin.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3239 bytes)
Hash
b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

HTTP Headers

GET /558805281/styless/footer-follow-linkedin.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/CTZ_Green-01.png

192.81.217.12

200 OK

4.2 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/CTZ_Green-01.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
4.2 kB (4206 bytes)
Hash
edeb1da3a70dc89f6afdf7e104d06f6c
5afd9b50c42c7820edfceebcc47b4443c9dbb0f9
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab

HTTP Headers

GET /558805281/styless/CTZ_Green-01.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 4206
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/footer-follow-facebook.png

192.81.217.12

200 OK

395 B

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/footer-follow-facebook.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Size
395 B (395 bytes)
Hash
25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

HTTP Headers

GET /558805281/styless/footer-follow-facebook.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/footer-follow-twitter.png

192.81.217.12

200 OK

3.3 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/footer-follow-twitter.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3295 bytes)
Hash
ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

HTTP Headers

GET /558805281/styless/footer-follow-twitter.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 30 Sep 2022 12:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 30 Sep 2022 12:48:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v1ugnlOzZLs1HojWz2uUSbO7os-1Z4nglQhyv5oO3cEgVIzgGXjTNg==
Age: 322

citi2en-0nline.ga/558805281/styless/fdicFooter.gif

192.81.217.12

200 OK

2.2 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/fdicFooter.gif
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
GIF image data, version 89a, 56 x 24\012- data
Size
2.2 kB (2245 bytes)
Hash
a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

HTTP Headers

GET /558805281/styless/fdicFooter.gif HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

citi2en-0nline.ga/558805281/styless/elh.gif

192.81.217.12

200 OK

1.4 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/elh.gif
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
GIF image data, version 89a, 31 x 24\012- data
Size
1.4 kB (1433 bytes)
Hash
f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

HTTP Headers

GET /558805281/styless/elh.gif HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

citi2en-0nline.ga/558805281/styless/efs/efs/grafx/icon-secure.png

192.81.217.12

200 OK

292 B

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/icon-secure.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
292 B (292 bytes)
Hash
18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

HTTP Headers

GET /558805281/styless/efs/efs/grafx/icon-secure.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/flows.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 292
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/efs/efs/grafx/flows-tooltip.png

192.81.217.12

200 OK

364 B

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/flows-tooltip.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
364 B (364 bytes)
Hash
35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

HTTP Headers

GET /558805281/styless/efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/flows.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 364
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-button-white.png

192.81.217.12

200 OK

1.0 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-button-white.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1017 bytes)
Hash
e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

HTTP Headers

GET /558805281/styless/efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/flows.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1017
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-down-blue.png

192.81.217.12

200 OK

1.1 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-down-blue.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1054 bytes)
Hash
dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

HTTP Headers

GET /558805281/styless/efs/efs/grafx/arrow-down-blue.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 1054
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/font/citizen_roman.woff

192.81.217.12

200 OK

32 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/font/citizen_roman.woff
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format, TrueType, length 31968, version 1.0\012- data
Size
32 kB (31968 bytes)
Hash
d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/styless/font/citizen_roman.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 31968
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

citi2en-0nline.ga/558805281/styless/font/citizen_extrabold.woff

192.81.217.12

200 OK

28 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/font/citizen_extrabold.woff
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format, TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/styless/font/citizen_extrabold.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 27852
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff

citi2en-0nline.ga/558805281/styless/font/citizen_book.woff

192.81.217.12

200 OK

32 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/font/citizen_book.woff
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format, TrueType, length 31864, version 1.0\012- data
Size
32 kB (31864 bytes)
Hash
0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/styless/font/citizen_book.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 31864
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff

citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-right-orange.png

192.81.217.12

200 OK

165 B

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/efs/efs/grafx/arrow-right-orange.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 7 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
165 B (165 bytes)
Hash
1792e4aa4d2d86dec430ef9a60362a35
90b9e9c14f636362e9558d14fefe15782f75d256
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

HTTP Headers

GET /558805281/styless/efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 165
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d1be374a29f94481ff2c021e35f4eaa0
e05e92d94b5e434e9935e560fd8dc33bdc393aea
37a5132d2183f5c3bfaac5c89df691fea72cac4423110df88bdeb231f430deee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5632
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 12:34:56 GMT
Last-Modified: Fri, 30 Sep 2022 11:01:04 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

citi2en-0nline.ga/558805281/styless/font/citizen_bold.woff

192.81.217.12

200 OK

29 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/font/citizen_bold.woff
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format, TrueType, length 29304, version 1.0\012- data
Size
29 kB (29304 bytes)
Hash
c0f795cba89d0c65078577b8b1b7c62a
6fd231b6616aad9abdfc37562541da3db904e6ac
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/styless/font/citizen_bold.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 29304
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff

citi2en-0nline.ga/558805281/styless/font/citiolb_icons.woff

192.81.217.12

200 OK

18 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/font/citiolb_icons.woff
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format, TrueType, length 18524, version 0.0\012- data
Size
18 kB (18524 bytes)
Hash
022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /558805281/styless/font/citiolb_icons.woff HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/styless/main.css
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:55 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 18524
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

citi2en-0nline.ga/558805281/styless/icon-hires.png

192.81.217.12

200 OK

14 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/icon-hires.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13907 bytes)
Hash
172ee65ce7e2afc164fb89579d8060b2
1bcc0c40ce0dd35f4150e286d4da86eb5150d2da
6031e1710c50b5ade8d4fe1f9d2a7885caa5f18493944871891d9bf847dcec0e

HTTP Headers

GET /558805281/styless/icon-hires.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:56 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 13907
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

citi2en-0nline.ga/558805281/styless/icon-normal.png

192.81.217.12

200 OK

11 kB

URL HTTP/1.1
citi2en-0nline.ga/558805281/styless/icon-normal.png
IP
192.81.217.12:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10871 bytes)
Hash
f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f

HTTP Headers

GET /558805281/styless/icon-normal.png HTTP/1.1
Host: citi2en-0nline.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi2en-0nline.ga/558805281/login.php?ScrPg=82.199.130.39&ACCT.x=ID-DL=WF324=013d407166ec4fa56eb1e1f8cbe183b9
Cookie: PHPSESSID=1bbb05e3793b038a452fe572e57522ae

HTTP/1.1 200 OK
Date: Fri, 30 Sep 2022 12:34:56 GMT
Server: Apache
Last-Modified: Fri, 30 Sep 2022 09:35:24 GMT
Accept-Ranges: bytes
Content-Length: 10871
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

push.services.mozilla.com/

44.242.32.27

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.32.27:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GBeWt670CfDxfkI6k6gPpA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qw8jljdxUrnzcuQpr1iD3lk5d2E=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Fri, 30 Sep 2022 15:06:55 GMT
Date: Fri, 30 Sep 2022 12:34:57 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10380 bytes)
Hash
139a144f8cb04ac8aae65f4bad1473e7
265840b2d2fc6eb764cc6409b05deee8d77a19c2
6e0f01b6bdd5a92e92c7b29a6172a2900c68900afd2abba948940621252e0fd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59da9c68-5ffa-4dc1-adf8-645278cd60ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10380
x-amzn-requestid: 35ee2a77-159c-4bb4-a825-98c638398586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdZYHsTIAMFQNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f6f-4f68073432bcea371c7b8f03;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IENB0e-e13ywHJKPgyLWn1bGPMMxFLUu3cIUcREjGhxDEMROEL1jBg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:45:15 GMT
age: 53382
etag: "265840b2d2fc6eb764cc6409b05deee8d77a19c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11314 bytes)
Hash
ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RapEpyb-G8xNSFZntDDnpOEvLX4h0WsIhgsk2jNrtEAyF_ijfTHVgg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 11:56:10 GMT
age: 2327
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b542c54-7443-4efd-b43a-b50beff0bc4c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10818 bytes)
Hash
fa63437d6ec946f7f95de280e604859c
ab137ea318dc0c4e585c4b3a1ea053489afa5c69
9f235e8addc73bc7dfa48b5c0e99eea32106a5a13dcab877607cd733b4456267

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b542c54-7443-4efd-b43a-b50beff0bc4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10818
x-amzn-requestid: b2627f26-5120-4de7-80bc-6ba93126921a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5REORoAMFXYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103b-04db09ff0b48c0cd45f90bae;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ez9HpXo_UXvZkGEd058cBUdO72LdIotlB-VQ2fzDzncv2TPPN44Guw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:46:05 GMT
etag: "ab137ea318dc0c4e585c4b3a1ea053489afa5c69"
content-type: image/jpeg
age: 53332
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6795 bytes)
Hash
9f94853ffae41ec3c0e002bc152da1c4
7057c6707c7299ac386c6b2164240eff241db294
818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6795
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCs6FbooAMFyHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FtNPTuAVR9eG-GSa5-hDmE0ORX7tXZ7EUJ8_qdgM148QBZYWxGMifA==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 07:52:56 GMT
age: 16921
etag: "7057c6707c7299ac386c6b2164240eff241db294"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16011 bytes)
Hash
1389b1d624b44706c7a6f6b7eb769241
78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d
c3c2526b98be06fc7e793e1150bacde2a7bd718e29a851a6e6992e8d84333790

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16011
x-amzn-requestid: d58dfdcd-383a-45ac-8ae2-2b97f016b6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbjFy1IAMF84A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f7c-1ca9707a5e5087fd769d9ab6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QKHN1asEv6w1mTLxsmn7Oj5AZTsPcg0H8zv5_qQ1BYptjL254kCZdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:20:36 GMT
age: 51261
etag: "78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5106 bytes)
Hash
13a12db696bc2bf6a6ea2f48f4c1428e
3481dce8ab711111fc8863d88bee1a887cfd43ac
6dae6c9e5de4146e1f528a36a1795225c9731385f13927fc001fb3f9842fe8f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d906d66-cd90-4963-827e-8d0564c0f787.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5106
x-amzn-requestid: a906507c-8820-489c-9978-7d0fd026c862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd5PE0MIAMF3DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6336103a-49eb3879088f17bc01d177c7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: op_2CSOAx9-hqXvj1nOyitq0UXqIyItmquWjMkmMdKWnwoTIA_SA6A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:45:26 GMT
age: 53371
etag: "3481dce8ab711111fc8863d88bee1a887cfd43ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (49)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size