r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13168
Expires: Thu, 29 Sep 2022 12:32:45 GMT
Date: Thu, 29 Sep 2022 08:53:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 08:05:09 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mI5Kx8bwivOdC-Dpl4u249i1G4o6aHF0Pe_37CfB1KK13nueU9G1WQ==
Age: 2888
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AF0UUySDusBYNDVQeByZA5Xu_Jo-sYSBs-o0-AMrrAYrk5vy35NTkg==
age: 12290
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 08:53:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 29 Sep 2022 08:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 29 Sep 2022 08:40:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Cn89PCD9VWUAdpy4tgRzE6Ln_9RWqfXp2sJfoiaHFXd1yEKjB006Kg==
Age: 1424
ocsp.digicert.com/
200 OK 471 B IP
Hash f09cb223e3dc028c58cf32c2274c3766
ca7f1663a1200941986e786353ed2f3ff50bd0b2
9b89a5534b1a84f0a86f150dc7f1f699bb972f7b8e151b29c02454dd939066ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1350
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:18 GMT
Last-Modified: Thu, 29 Sep 2022 08:30:48 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YyzNOv9dFMKPh0mhSYzcdg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zjeb0vuvnDgmz/c95hnpX6mK3TI=
citibankcustomerservices.com.sabedoria-online.com/verify/login.php
200 OK 73 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/login.php
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF, CR line terminators
Hash 3565d04cb83d61e57c012f3e29f61eb4
18679875ddc361b1c27e5d6aae97858d73dee6c4
a5eb74739dfe0b70593de05d3944be014bdfd788ec3765254c4a93b605a17bb3
Analyzer Verdict Alert fortinet Phishing
GET /verify/login.php HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff
200 OK 76 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/Interstate-Light.woff HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:18 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 75538
Keep-Alive: timeout=5, max=75
Content-Type: font/woff
citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js
200 OK 114 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (577), with CRLF line terminators
Size 114 kB (113980 bytes)
Hash 68966964a18642e6aaa5273bf94fe6a8
2fc396777f28a911237883b976e9fe07b1f9f177
14cd0967e19247a39f8c5e0d77a4c15d332346d6596afc7d20e7c45d6ac271e1
Analyzer Verdict Alert fortinet Phishing
GET /verify/js/Bootstrap.js HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:18 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript
citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff
200 OK 72 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash 9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/Interstate-Bold.woff HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:18 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 71874
Keep-Alive: timeout=5, max=75
Content-Type: font/woff
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v043-00bf07c32.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=43001503436306697042763158656159218148; Max-Age=15552000; Expires=Tue, 28 Mar 2023 08:53:18 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: rld0CcAUQco=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013
200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1664441596013 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://citibankcustomerservices.com.sabedoria-online.com
Content-Type: application/x-www-form-urlencoded
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v043-0cd98f563.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: gEBwwQrBSwI=
Content-Length: 124
Connection: keep-alive
citibankcustomerservices.com.sabedoria-online.com/verify/css/styles.css
200 OK 282 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/styles.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size 282 kB (282125 bytes)
Hash 0087944986f5d5dd6fdbcc3948140211
a3e6c93ea943470ee96fe361e3e4af91d534312d
78f7b2ca443bdcb6490779f9b4533a4eb70b969cd35ff01d7d24f8139e4a4101
GET /verify/css/styles.css HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:18 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1664441596226
200 OK 89 B URL HTTP/1.1 metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1664441596226
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 4619af1b9097f22b32dffbf8859a0986
fd5d28fc4336de83c27f7a6ec3275cc3ec3c6589
35837323076d9bb96c6bde20c14f8754bc5255b3af8de7288749c14b6d48c8eb
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1664441596226 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
access-control-allow-origin: http://citibankcustomerservices.com.sabedoria-online.com
access-control-allow-credentials: true
date: Thu, 29 Sep 2022 08:53:19 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|319AAE7FB7184E30-600016270DA1140A[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sat, 28 Sep 2024 08:53:53 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C85827212134712148983940120218491846279; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sat, 28 Sep 2024 08:53:53 GMT;
s_ecid=MCMID%7C85827212134712148983940120218491846279; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sat, 28 Sep 2024 08:53:53 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_facebook@3x.png
200 OK 445 B URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_facebook@3x.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
GET /verify/css/social-media_facebook@3x.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 445
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
citibankcustomerservices.com.sabedoria-online.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png
200 OK 45 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Hash 7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
GET /verify/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 44996
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
citibankcustomerservices.com.sabedoria-online.com/verify/css/jamp-spinner-2x.gif
200 OK 37 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/jamp-spinner-2x.gif
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 60 x 60\012- data
Hash 9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
GET /verify/css/jamp-spinner-2x.gif HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 36855
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/gif
citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg
200 OK 1.8 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/050-location@2x.svg HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 1752
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/svg+xml
citibankcustomerservices.com.sabedoria-online.com/verify/css/citipridelogo.jpg
200 OK 2.7 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/citipridelogo.jpg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
GET /verify/css/citipridelogo.jpg HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 2658
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=85827212134712148983940120218491846279&d_cid_ic=AVID%01319AAE7FB7184E30-600016270DA1140A&ts=1664441596400
200 OK 301 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=85827212134712148983940120218491846279&d_cid_ic=AVID%01319AAE7FB7184E30-600016270DA1140A&ts=1664441596400
IP
File type JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Hash dec4e017e8cfb19e69921a7005c06a67
5cba480e973f117aa3301bf28d0345b8fe433cb0
a2cba1c24cd0096a7a05a5a6fff89c6d2b9c08b5c6b22977c20cf29b47026609
GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=85827212134712148983940120218491846279&d_cid_ic=AVID%01319AAE7FB7184E30-600016270DA1140A&ts=1664441596400 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v043-08585183a.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=91311639758217842094543433074596136740; Max-Age=15552000; Expires=Tue, 28 Mar 2023 08:53:19 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: u3dO5GE1R7g=
Content-Length: 301
Connection: keep-alive
citibankcustomerservices.com.sabedoria-online.com/verify/css/LSO_4959.jpg
200 OK 175 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/LSO_4959.jpg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size 175 kB (174933 bytes)
Hash 4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
GET /verify/css/LSO_4959.jpg HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 174933
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg
citibankcustomerservices.com.sabedoria-online.com/verify/css/1440_Citi-PLT@3x.png
200 OK 28 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/1440_Citi-PLT@3x.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /verify/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 28149
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_twitter@3x.png
200 OK 1.3 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_twitter@3x.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
GET /verify/css/social-media_twitter@3x.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 1277
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
citibankcustomerservices.com.sabedoria-online.com/verify/img/Citi-Branding-Sprite.png
404 Not Found 836 B URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/img/Citi-Branding-Sprite.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash e73571aebce42792b40325ac9117da29
d3fe79abd3a925079c1133a0d3c46fd8941514f7
2726faa315039af16d833fbca9694060c9cece0cbe9dd3069bdbba15d073aef2
GET /verify/img/Citi-Branding-Sprite.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 404 Not Found
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Thu, 18 Jul 2019 22:27:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 836
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg
200 OK 3.5 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 3523
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/svg+xml
citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_youtube@3x.png
200 OK 1.2 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_youtube@3x.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
GET /verify/css/social-media_youtube@3x.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
fast.citi.demdex.net/dest5.html?d_nsid=0
200 OK 2.8 kB URL HTTP/1.1 fast.citi.demdex.net/dest5.html?d_nsid=0
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Thu, 29 Sep 2022 08:53:19 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
citibankcustomerservices.com.sabedoria-online.com/verify/css/320_Citi-PLT@3x.png
200 OK 12 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/320_Citi-PLT@3x.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /verify/css/320_Citi-PLT@3x.png HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 11562
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=db8387201b454affb0fda70e08febd0b&mboxPC=&mboxPage=b14cb3db348644b296e9f3f45e4ace9e&mboxRid=616eb30908804ede8538df74b2dac90a&mboxVersion=1.7.0&mboxCount=1&mboxTime=1664441596023&mboxHost=citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=09D72892FFA66B49-3B5299B175799594&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=85827212134712148983940120218491846279&mboxMCAVID=319AAE7FB7184E30-600016270DA1140A&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
200 OK 142 B URL HTTP/1.1 citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=db8387201b454affb0fda70e08febd0b&mboxPC=&mboxPage=b14cb3db348644b296e9f3f45e4ace9e&mboxRid=616eb30908804ede8538df74b2dac90a&mboxVersion=1.7.0&mboxCount=1&mboxTime=1664441596023&mboxHost=citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=09D72892FFA66B49-3B5299B175799594&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=85827212134712148983940120218491846279&mboxMCAVID=319AAE7FB7184E30-600016270DA1140A&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 25735368679dc19805fde39b0493ae33
0c9b101b76f9767de3b21275ee13f7b8df2dcc41
20531d519a5768138d0e29b6f3506d5648021160dc93fd087f83af9b8823dafe
GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=db8387201b454affb0fda70e08febd0b&mboxPC=&mboxPage=b14cb3db348644b296e9f3f45e4ace9e&mboxRid=616eb30908804ede8538df74b2dac90a&mboxVersion=1.7.0&mboxCount=1&mboxTime=1664441596023&mboxHost=citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=09D72892FFA66B49-3B5299B175799594&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=85827212134712148983940120218491846279&mboxMCAVID=319AAE7FB7184E30-600016270DA1140A&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
date: Thu, 29 Sep 2022 08:53:19 GMT
content-type: application/json;charset=UTF-8
content-length: 142
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin: http://citibankcustomerservices.com.sabedoria-online.com
access-control-allow-credentials: true
x-request-id: 616eb30908804ede8538df74b2dac90a
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
set-cookie: citicorpcreditservic!mboxSession=db8387201b454affb0fda70e08febd0b; Max-Age=1860; Expires=Thu, 29-Sep-2022 09:24:19 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=db8387201b454affb0fda70e08febd0b.37_0; Max-Age=63244800; Expires=Mon, 30-Sep-2024 08:53:19 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
pragma: no-cache
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
server: jag
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Thu, 29 Sep 2022 01:05:18 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OXKZ7OwaX6OdxuOBkImSh473K0SxBEWAYRnIv_1_mpRhRjbBhg4tSg==
Age: 28081
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=24.669142209137096&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php
200 OK 555 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?r=24.669142209137096&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php
IP
File type ASCII text, with very long lines (1253)
Hash 48052e094da06710b6dde8ff623a8c26
e4a353830fde046de5160a2f715b69ef0a31f6a4
048e09c8c9cf8197a0796d8ae4d9429b76eb68287f77a6eba00899395f5d18ff
GET /citi/na_prod/serverComponent.php?r=24.669142209137096&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 29 Sep 2022 08:53:19 GMT
Expires: Thu, 29 Sep 2022 08:53:18 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TTBg658Mmy7dm3r9oijnajF4YSyf_DC2X9qTzlGPXf16tpm0ho-f1Q==
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
200 OK 989 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP
File type ASCII text, with very long lines (524)
Hash a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 989
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:14 GMT
ETag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IeNEl0l-iSuzPjFIzoXzGXu285QwB1EFDwFtGL0SaZ9ZsMzXJPAYYg==
Age: 5974994
cm.everesttech.net/cm/dd?d_uuid=91311639758217842094543433074596136740
301 Moved Permanently 134 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=91311639758217842094543433074596136740
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cm/dd?d_uuid=91311639758217842094543433074596136740 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Thu, 29 Sep 2022 08:53:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=91311639758217842094543433074596136740
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 25 Aug 2022 04:11:09 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NahQhgCzxxOD5H43lXH2RCcw4bvaoNlKVlKrsBZz3oswjL6q36yhMA==
Age: 3040931
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
200 OK 774 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP
File type ASCII text, with very long lines (1964)
Hash b8c4c68b92589dfa9af82d5fcf14102c
65cf65214b74537dea210792d68ff560c62b9947
61be8d20b3ff1fdd0b0e05fbdadbf706c3e4f02d8a72c36be6425a36976e3b5f
GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 01 Sep 2022 04:38:23 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:09 GMT
ETag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xNSEW3TLddHYlE1LTwdPP5EHGB1wJqef8VGs7WYwkVShCO2azh9PNw==
Age: 2434497
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 21 Aug 2022 00:41:34 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U4gQ7kVEQSVL7ERWR53Du1uthdwDcfda-JvnrCCdvu0Cim1b7VdPOA==
Age: 3399106
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
200 OK 36 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP
File type ASCII text, with very long lines (573)
Hash 0f125ff7e313ccd1741b15ad98235592
8fae24fd77c714aaa885346acdd90b7f1d6c80e7
9cfc68021626e24f09e4185187ce006f1badfa6d663ca2eaa97cfdea32d6746c
GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Sep 2022 17:24:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 13 Sep 2022 17:23:26 GMT
ETag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pnSFuvntmfnMc2DH8xWaucEoGyLcOWA1PuQcyTDGsy5NZoXyaxDmIA==
Age: 1351701
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
200 OK 41 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP
File type ASCII text, with very long lines (586)
Hash e0f6df9b9e5690e9973d7829117f217b
f42d1d2f56087e02c17224921f370cbb2c0fdc58
5e7877d51a3fa9a5cbd955b2ce40b17b3028c0a95638caabe5aebc6ca8f5e67a
GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 04 Sep 2022 07:08:27 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yyuGC8f0txgD-kQFihbhwYEZzpCet6z9VHezbCsDCXDblbuFYZZ70A==
Age: 2166293
citibankcustomerservices.com.sabedoria-online.com/verify/img/favicon.ico
200 OK 8.7 kB URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/img/favicon.ico
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
GET /verify/img/favicon.ico HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19265%7CMCMID%7C85827212134712148983940120218491846279%7CMCAID%7C319AAE7FB7184E30-600016270DA1140A%7CMCOPTOUT-1664448796s%7CNONE%7CMCAAMLH-1665046396%7C6%7CMCAAMB-1665046396%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C3.1.2; check=true; mbox=session#db8387201b454affb0fda70e08febd0b#1664443457; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 8747
Cache-Control: max-age=604800
Expires: Thu, 06 Oct 2022 08:53:19 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/x-icon
c1.rfihub.net/js/tc.min.js
200 OK 6.2 kB URL HTTP/1.1 c1.rfihub.net/js/tc.min.js
IP
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Thu, 29 Sep 2022 08:05:37 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Thu, 29 Sep 2022 09:05:37 GMT
Last-Modified: Thu, 29 Sep 2022 08:05:27 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GB74RwNeVcLZME_97BhoAHn_kzjAW0_6_liP3Ty8i7jwdQg-glsXJw==
Age: 2862
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11321
Expires: Thu, 29 Sep 2022 12:02:00 GMT
Date: Thu, 29 Sep 2022 08:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11321
Expires: Thu, 29 Sep 2022 12:02:00 GMT
Date: Thu, 29 Sep 2022 08:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11321
Expires: Thu, 29 Sep 2022 12:02:00 GMT
Date: Thu, 29 Sep 2022 08:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11321
Expires: Thu, 29 Sep 2022 12:02:00 GMT
Date: Thu, 29 Sep 2022 08:53:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11321
Expires: Thu, 29 Sep 2022 12:02:00 GMT
Date: Thu, 29 Sep 2022 08:53:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg
200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30471179bd7cdeecea2fa4ea98701aef
2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb
967e070aec3942c64cc6c4cfdc13d430825c9e5c26dbec5bb3d66237d5978dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4235
x-amzn-requestid: 60825c64-7743-4b16-b80d-d1195ccb0f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK2nFsDoAMFRwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be90-1898e5d9111db7c843c1ebb4;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C-XC9qsktkENdI6lWZp5RQjeEvrrFMUfBq1mA5dxEjRq5tkfL5Jsxw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:55 GMT
age: 38904
etag: "2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c80d7ce8a9d3fba54855e05731db759c
d76293673a7aa2861b069ced614cdcdb84fed6d3
eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mmSMfKcxGrh9meSHTynf1wRZLrzc4wejFbKSO6qaJ3hn8h4-QwAAcQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:50:26 GMT
age: 39773
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ac86079d2901fb11bfaff81d91bb2d2
4fc0699c763f67a2602b4b3f46b8b4013d2049c6
8c25b9129fc01f6ffad911994e91436ab0026ed0b54568757a20ab7f92584467
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46b76b4-e585-46c3-bf03-5bfe9273000c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3332
x-amzn-requestid: fb6cb616-5b4d-4aaf-a891-50b4de8b6f95
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJ_6AGNYIAMFSHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333e03f-377fe02d1cc7ad2b3a15ca1a;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 05:48:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nJJZxZlapt4k5988yU-V94pBBH2SmfSZ0Zb_oJXA07mppg0lF04wLg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 17:18:10 GMT
age: 56109
etag: "4fc0699c763f67a2602b4b3f46b8b4013d2049c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7961f184-9476-43de-bf35-8ccb50ee1760
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYsHA6oAMFvRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-05f567f7606462ac44f89987;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XaB4TwXv4xy0Sy3dncNYZWEPEnHY5BkEHR7fZDK59APYkzH9DPdT7A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 16359
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyDhatfeYzzSQpRY7JpOIu3VhjlI8IOWcKCLCBWYaxJ1CYgCxqdQjA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:42 GMT
age: 39817
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:58 GMT
age: 38901
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
20766699p.rfihub.com/ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976
302 Found 0 B URL HTTP/1.1 20766699p.rfihub.com/ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 29 Sep 2022 08:53:19 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976
Content-Length: 0
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d124b2042ad39b267e5f4323bf38460d
7791f64871792e7d5738324151591a7375591de9
20f56f07486fd4bac01160e254a0d9ef32458ead835035c8635b6c5fae87418d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 08:53:19 GMT
Last-Modified: Thu, 29 Sep 2022 07:49:23 GMT
Server: ECS (bsa/EB23)
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DbtXpMyCSjw8icxQCqDAIZxJjKIvyz_DbipsTileHeje0fAegITHjw==
Age: 3836
cm.everesttech.net/cm/dd?d_uuid=91311639758217842094543433074596136740
302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=91311639758217842094543433074596136740
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=91311639758217842094543433074596136740 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Thu, 29 Sep 2022 08:53:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~YzVc-wAAAFPVbQNx; Domain=.everesttech.net; Expires=Fri, 29-Sep-2023 08:53:19 GMT; Path=/
everest_session_v2=YzVc-wAAAFPVbwNx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YzVc-wAAAFPVbQNx
Server: AMO-cookiemap/1.1
ocsp.sectigo.com/
200 OK 471 B IP
Hash a87f07c71852c59bd38b896626f53405
f860c7cf4a361250caa496ff32876773018d1447
7622b7ac77e16d47d6590cc8282ea0a49813ac8dbe806afdfbdfd3eff995c363
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 28 Sep 2022 02:15:47 GMT
Expires: Wed, 05 Oct 2022 02:15:46 GMT
Etag: "f860c7cf4a361250caa496ff32876773018d1447"
Cache-Control: max-age=493946,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75237cdeef1bb4f9-OSL
20766699p.rfihub.com/sr/ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976
200 OK 118 B URL HTTP/1.1 20766699p.rfihub.com/sr/ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976
IP
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
GET /sr/ca.html?ver=9&ra=1620&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=009671349664815976 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:19 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMjExMjcwtjC0sBDiM9Q1DfAN9Mz1MMkIscgBAD_0EXslAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMjExMjcwtjC0sBDiM9Q1DfAN9Mz1MMkIscgBAD_0EXslAAAA; Path=/; Domain=.rfihub.com; Expires=Tue, 24 Oct 2023 08:53:19 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)
ocsp.digicert.com/
200 OK 471 B IP
Hash 64b1fe46dd8483cf781cc3b42ae58dbb
acee8fa532506f452e1056714afca0f5e0749287
eeaefdfeecb1f6836bb616f824d095dc5f6b4864c56b99d13dbefa51bbdb66af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4029
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:19 GMT
Last-Modified: Thu, 29 Sep 2022 07:46:11 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/ibs:dpid=411&dpuuid=YzVc-wAAAFPVbQNx
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=YzVc-wAAAFPVbQNx
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=YzVc-wAAAFPVbQNx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v043-060f3d96f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YzVc-wAAAFPVbQNx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=87872186057238954754413793919182464002; Max-Age=15552000; Expires=Tue, 28 Mar 2023 08:53:19 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: tcQpXl/tTQk=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YzVc-wAAAFPVbQNx
200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YzVc-wAAAFPVbQNx
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YzVc-wAAAFPVbQNx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v043-0b13e47e5.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: eWQQzoKwRPA=
Content-Length: 59
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=AW-916451471
302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
200 OK 531 B URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP
File type ASCII text, with very long lines (592)
Hash 163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a
GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: UvwjpdvoDetbUycHXozdpictgC5HVjmBrh6hoZJ9QmOpcfIIQaVYlW2xg/ufVQl5Nks4295B/YI=
x-amz-request-id: W89XSZG0S8V37QKR
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Thu, 29 Sep 2022 08:53:20 GMT
via: 1.1 varnish
age: 194735
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 7
x-timer: S1664441600.062870,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
301 Moved Permanently 0 B URL HTTP/1.1 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 08:53:20 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1650-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1664441600.089020,VS0,VE0
Strict-Transport-Security: max-age=31557600
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
200 OK 86 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
File type Unicode text, UTF-8 text, with very long lines (53511)
Hash b30a7c4298aa25029a8749c6e39227b5
2dce3d234767a1ad5e61d873cae34ae5b6fe254a
7afee8874ccfd7b48f756bc872261ec5ab41aaa9af91d91b3af2ba7e6ffd1c33
GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Thu, 29 Sep 2022 08:53:20 GMT
via: 1.1 varnish
age: 1332685
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 5381
x-timer: S1664441600.101624,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2
cdn.pbbl.co/r/1560.js
403 Forbidden 986 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0c4169dde432aa20c12cfe4b35cbb755
f35d44d2137493e146bc41257790ebb349bac471
0a6f81c675306b4adcb321f5f64dc93957f60df065ba4497a6a24e3c611a6670
GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v_e3zR3oRnQkkSb5FmSpkiJmAaIKwdKjEMMzjw0Q08D1_aY3neKEgw==
Vary: Origin
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 75eebff373cf84ae810a9e326f9e3d03
a5b22b0eee98dda385cb4e90d119205bc5f3a25f
f2089c63c7c2b3024972aba8cbc12dfcffc79dfc1ef9f7be801c79e7737b0d71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4
GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
302 Found 280 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0
ocsps.ssl.com/
200 OK 1.9 kB IP
Hash c6d9ff9c10fdde7211ca8af98a25b052
85c5d1c101b6d29d428825ab9790714d81123eac
a5ba98341cf343057d8afd1971a8ea78a7e15b6b2b5cb38f90fe3644b9f16459
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 Sep 2022 08:53:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Wed, 05 Oct 2022 15:26:35 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "85c5d1c101b6d29d428825ab9790714d81123eac"
Last-Modified: Wed, 28 Sep 2022 15:26:36 GMT
X-Proxy-Cache: HIT
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGliYW5rY3VzdG9tZXJzZXJ2aWNlcy5jb20uc2FiZWRvcmlhLW9ubGluZS5jb20vdmVyaWZ5L2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY0NDQxNTk3NDMyIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM4ODczM2RlNzNhNy0wOTI4ZDZjMjg4ZGM2ZDgtMzA2ZDQ2NGEtMTQwMDAwLTE4Mzg4NzMzZGU4NDA5IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYjBiMi0wNGUxLTk2OGItYTRlYy03MjdkLTkzN2ItNjVhZS1jMzdkIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjQ0NDE1OTc0MzAiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogODQzLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY0NDQxNTk3NDMyLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGliYW5rY3VzdG9tZXJzZXJ2aWNlcy5jb20uc2FiZWRvcmlhLW9ubGluZS5jb20vdmVyaWZ5L2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY0NDQxNTk3NDMyIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM4ODczM2RlNzNhNy0wOTI4ZDZjMjg4ZGM2ZDgtMzA2ZDQ2NGEtMTQwMDAwLTE4Mzg4NzMzZGU4NDA5IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYjBiMi0wNGUxLTk2OGItYTRlYy03MjdkLTkzN2ItNjVhZS1jMzdkIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjQ0NDE1OTc0MzAiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogODQzLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY0NDQxNTk3NDMyLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGliYW5rY3VzdG9tZXJzZXJ2aWNlcy5jb20uc2FiZWRvcmlhLW9ubGluZS5jb20vdmVyaWZ5L2xvZ2luLnBocCIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjY0NDQxNTk3NDMyIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM4ODczM2RlNzNhNy0wOTI4ZDZjMjg4ZGM2ZDgtMzA2ZDQ2NGEtMTQwMDAwLTE4Mzg4NzMzZGU4NDA5IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiYjBiMi0wNGUxLTk2OGItYTRlYy03MjdkLTkzN2ItNjVhZS1jMzdkIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjQ0NDE1OTc0MzAiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogODQzLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjY0NDQxNTk3NDMyLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 08:53:20 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-pzs1
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0acb404c6e5e614b2b45960b66540566
9dd62de9f34b30f89ff0fbe054affd8114562b65
78195875441b18f2c34830e59c85bfba8aa9e4afb3953ea232352b49d67d76bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0acb404c6e5e614b2b45960b66540566
9dd62de9f34b30f89ff0fbe054affd8114562b65
78195875441b18f2c34830e59c85bfba8aa9e4afb3953ea232352b49d67d76bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0acb404c6e5e614b2b45960b66540566
9dd62de9f34b30f89ff0fbe054affd8114562b65
78195875441b18f2c34830e59c85bfba8aa9e4afb3953ea232352b49d67d76bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0acb404c6e5e614b2b45960b66540566
9dd62de9f34b30f89ff0fbe054affd8114562b65
78195875441b18f2c34830e59c85bfba8aa9e4afb3953ea232352b49d67d76bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0acb404c6e5e614b2b45960b66540566
9dd62de9f34b30f89ff0fbe054affd8114562b65
78195875441b18f2c34830e59c85bfba8aa9e4afb3953ea232352b49d67d76bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP
File type ASCII text, with very long lines (1654)
Hash 30bea2cc3577d44ab2e9895de24d6557
326f0c1c5a2d2b495360862208fc8f9d1a7406f7
6bd819ff0f60b998ebd8ba15e62bb340eb95ea3f8037ef70c2edc7b1829a8998
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Sep 2022 08:53:20 GMT
expires: Thu, 29 Sep 2022 08:53:20 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 17557423932572341828
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15694
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7f6c1bbbde940ad17ceda150b7b1664d
7273da22f182d9540784068537cc678ec27800d3
4d8a6cd94e298a71543331248750230237a56a67cef251c7a204291612dbb569
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ecbbfb2f255dc4b33f85b26000dfe7ff
d764f67263f72988d44442c80adc72f25bebd02b
d523bf0d71f08c9bde753eecf562f997169b07401ad15c061a8b87447675d285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ecbbfb2f255dc4b33f85b26000dfe7ff
d764f67263f72988d44442c80adc72f25bebd02b
d523bf0d71f08c9bde753eecf562f997169b07401ad15c061a8b87447675d285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ecbbfb2f255dc4b33f85b26000dfe7ff
d764f67263f72988d44442c80adc72f25bebd02b
d523bf0d71f08c9bde753eecf562f997169b07401ad15c061a8b87447675d285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ecbbfb2f255dc4b33f85b26000dfe7ff
d764f67263f72988d44442c80adc72f25bebd02b
d523bf0d71f08c9bde753eecf562f997169b07401ad15c061a8b87447675d285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ecbbfb2f255dc4b33f85b26000dfe7ff
d764f67263f72988d44442c80adc72f25bebd02b
d523bf0d71f08c9bde753eecf562f997169b07401ad15c061a8b87447675d285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1664441597922&cv=9&fst=1664441597922&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1664441597922&cv=9&fst=1664441597922&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash c4e986e108b764a364654b1d386adda6
0f7446c209843856d4a526e3964d3468a8776922
cac26c9408e93c6a6b88b5b3194920a77e33f1ae005f42f766601b4238b0ace8
GET /pagead/viewthroughconversion/644574043/?random=1664441597922&cv=9&fst=1664441597922&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1083
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1664441597920&cv=9&fst=1664441597920&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1664441597920&cv=9&fst=1664441597920&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash 65fc4e3c52ceab1191fec6fc5301409a
08c10f2681cdb9682317ba66867391db90665a6f
46a19b2d21a9ec1b9081c955590066f5a207ffd8c2f5d640df7b6f09e826387e
GET /pagead/viewthroughconversion/975701947/?random=1664441597920&cv=9&fst=1664441597920&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1664441597893&cv=9&fst=1664441597893&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1664441597893&cv=9&fst=1664441597893&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash fb3707fb1be06fe7407629a1e335149b
22dff294a53e42abd8d9029c4695196b31908406
50eda3d30ae2333cb5f49f1ef171985c1927efc27683af02ad8b950799b8dc4c
GET /pagead/viewthroughconversion/916451471/?random=1664441597893&cv=9&fst=1664441597893&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1664441597914&cv=9&fst=1664441597914&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1664441597914&cv=9&fst=1664441597914&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash f908697a14d1c4b244e199172a130990
65cfd9fc9923386eadc91a34c4e3bd1704e50d7c
5d50e0479ba828c9c658baae29955659558041dc7c0afb547aef3df81baf8203
GET /pagead/viewthroughconversion/695231162/?random=1664441597914&cv=9&fst=1664441597914&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1664441597906&cv=9&fst=1664441597906&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1664441597906&cv=9&fst=1664441597906&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash 1f1406a650b294d036ff54857736aa6d
3bdfe8c2ae4808c9fc1daf0a31e2ad31e292a241
aca5f2bf15c30c74c645bd45a612fe2059f4cff6076a993052b0f78617a6f809
GET /pagead/viewthroughconversion/830907969/?random=1664441597906&cv=9&fst=1664441597906&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1664441597909&cv=9&fst=1664441597909&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1664441597909&cv=9&fst=1664441597909&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2408), with no line terminators
Hash 6930618f73f490c8c7cfddd7ec2f1b8b
5f98dcb9e51fa78aa0bd1661f5fcde1650c76ce1
3bdab948019c49a2d23f6aa533b52608ae518182b1397c15fd291b79a0796641
GET /pagead/viewthroughconversion/10955006959/?random=1664441597909&cv=9&fst=1664441597909&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1087
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1664441597901&cv=9&fst=1664441597901&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1664441597901&cv=9&fst=1664441597901&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash bf82b58445ec413d31e2e703273c065b
4c756a771cb941f2fd355ecb786af74b8a7a427b
e2156abadf82c44ae6db127fae4583251855c4000bc544ec4328c6fce86be39f
GET /pagead/viewthroughconversion/960621875/?random=1664441597901&cv=9&fst=1664441597901&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1084
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1664441597925&cv=9&fst=1664441597925&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9s0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1664441597925&cv=9&fst=1664441597925&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9s0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash 063d4007f58a23f88b07e3acdbee1dc6
81da5097f8c959062f721ee569a8845d79ed01d0
66d59725b9276baf143a3bb920b063bf26da3f3bc7584bbca285e25b7ab82684
GET /pagead/viewthroughconversion/959299794/?random=1664441597925&cv=9&fst=1664441597925&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9s0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1084
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1664441597911&cv=9&fst=1664441597911&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1664441597911&cv=9&fst=1664441597911&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (2404), with no line terminators
Hash 2d843a7c95d37886b16102e5c586c85a
07fe61d93e667e0fffeebab360163cb249f2bc69
74d202cf9eb98eb75de87653c7a29b7e1a9305484db0b05500456089912ba77a
GET /pagead/viewthroughconversion/819500023/?random=1664441597911&cv=9&fst=1664441597911&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1748435306.1664441598&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 09:08:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ecbbfb2f255dc4b33f85b26000dfe7ff
d764f67263f72988d44442c80adc72f25bebd02b
d523bf0d71f08c9bde753eecf562f997169b07401ad15c061a8b87447675d285
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/959299794/?random=1664441597925&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9s0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2105076001&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/959299794/?random=1664441597925&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9s0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2105076001&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1664441597925&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9s0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2105076001&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/819500023/?random=1664441597911&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1469447294&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/819500023/?random=1664441597911&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1469447294&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1664441597911&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1469447294&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/960621875/?random=1664441597901&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1629961414&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/960621875/?random=1664441597901&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1629961414&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1664441597901&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1629961414&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/830907969/?random=1664441597906&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1079475092&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/830907969/?random=1664441597906&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1079475092&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/830907969/?random=1664441597906&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1079475092&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10955006959/?random=1664441597909&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2167566783&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10955006959/?random=1664441597909&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2167566783&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10955006959/?random=1664441597909&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2167566783&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/916451471/?random=1664441597893&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2881033437&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/916451471/?random=1664441597893&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2881033437&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1664441597893&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2881033437&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/695231162/?random=1664441597914&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3682067300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/695231162/?random=1664441597914&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3682067300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/695231162/?random=1664441597914&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3682067300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/644574043/?random=1664441597922&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2824007144&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/644574043/?random=1664441597922&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2824007144&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/644574043/?random=1664441597922&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2824007144&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/975701947/?random=1664441597920&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1788490797&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/975701947/?random=1664441597920&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1788490797&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1664441597920&cv=9&fst=1664438400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9q0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1788490797&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 08:53:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 08:53:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff
200 OK 0 B URL HTTP/1.1 citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/Interstate-Regular.woff HTTP/1.1
Host: citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 08:53:18 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 78762
Keep-Alive: timeout=5, max=75
Content-Type: font/woff
162.241.203.161
52.30.136.248
151.101.85.230
23.36.77.32
93.184.220.29
15.236.176.210
0.0.0.0