Report - citi.requestssl.com/verify/login.php

Report Overview

Submitted URL
citi.requestssl.com/verify/login.php
IP
18.222.145.119
ASN
#16509 AMAZON-02
Submitted
2022-12-09 13:39:31
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Citi

Detections

urlquery
15
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.2 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.213.75
citi.requestssl.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.3 kB	835 kB	18.222.145.119
c1.rfihub.net	6410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	283 B	6.8 kB	54.230.111.62
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	143.204.42.165
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	8.4 kB	142.250.74.131
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.1 kB	13 kB	216.58.207.226
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	4.5 kB	142.250.74.35
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	3.9 kB	54.72.35.25
metrics.citi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	456 B	984 B	15.188.95.229
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	778 B	862 B	54.77.60.152
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	104.18.32.68
iad1.qualtrics.com	15985	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	436 B	3.0 kB	2.18.173.116
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	53 kB	34.120.237.76
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	73 kB	142.250.74.40
siteintercept.qualtrics.com	1163	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	40 kB	104.17.208.240
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	86 kB	54.230.111.74
citicorpcreditservic.tt.omtrdc.net	31643	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.1 kB	34.252.149.97
fast.citi.demdex.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	409 B	3.2 kB	23.33.119.10
20766699p.rfihub.com	40171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	1.1 kB	193.0.160.128
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	426 B	4.9 kB	104.17.208.240
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	3.8 kB	216.58.207.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (56)

	URL	Size	First Seen	Last Seen
	googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1670593165427&cv=11&fst=1670593165427&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	2.0 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1670593165427&cv=11&fst=1670593165427&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 16ec4287f49d2caeb809173b5df7ae36 8c868999af91ce0cbcf30e6817ebda7698fc6595 1e58b705ec680f8b0654b3bd1cbf30fb31833ad6b734a57a123997e6b52ebdff Loading...

	nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099	7.5 kB	2023-03-07	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 412eb38d6a797c24fd5d7e30e1b9799d d2e692a369931cc5bda6418efcef831cbf115ac2 d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02 Loading...

	www.googletagmanager.com/gtag/js?id=AW-916451471	183 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-916451471 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 0fd41f395a1dc27dabcdf5f19cf15208 0937bafb5bcbc3e35a8c488ed48d50b8325f26b4 a188ceb7f6ed01f046550c41ce5aa97a13bc83a9c90cd20c7f040ad3d094257b Loading...

	www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 4e423a03e2b053c7fb0c8aecf9c4e2eb a307638b45937ccff75ab5654efcf76c66afd5b8 6305391134fc39bd2769bfc8c4f0ef89b10b0f7585db357713a52c6938a55fe4 Loading...

	www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash ea9700832513e5800f3658bf3271a0a5 28103a8526525ba635925fd90017de1456fb77ee a6f1cd73cb6bd56fc548ade1460eace9d19bac55ea722b4235e9e56cd0bcbc96 Loading...

	siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	104 kB	2023-03-08	2023-06-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-06-10 10:45:44 Times Seen3 Hash 15b98ecdbcfe4fe64aad53ba268f1545 8fb53b04badce588a9ee890e07929e37d7406291 20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1670593165359&cv=11&fst=1670593165359&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1670593165359&cv=11&fst=1670593165359&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 01727ab7808f5b30d651847689451a1a eb4fcc1c0cb2b6aabfd537e8c7a8e7c83557a371 fb13939313921e430e75eca8b3b153411fadf9745829431b5200db086d0f827c Loading...

	siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	1.8 kB	2023-03-08	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-03-11 23:44:36 Times Seen1 Hash 47d288910bddf2bf2c544552b10e7ef9 6c8a83bc840d2c2cda2d4bbcb64b50c383fc4059 656b507a55c361579615069ae025d160099bac360642eaba44bd2331f7fad4c3 Loading...

	nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963	2.6 kB	2023-03-08	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 7df0440e45009010a99db868682aafb3 f6f8a42c1a87e2d77881df210582e60d201ba724 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169 Loading...

	nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153	1.3 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:05 Times Seen57 Hash 4d37444c012a76a0557182615bf5cdd3 1ba1932dcc6dff6035c37a14de9852606de28329 bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650 Loading...

	20766699p.rfihub.com/sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771	54 B	2023-03-07	2023-03-29
Pretty URL 20766699p.rfihub.com/sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771 IP 193.0.160.128 ASN #54312 ROCKETFUEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-29 22:08:24 Times Seen3 Hash b83d4eb61e10d05bb3a3ff3c84d78520 c36664ca67a5ff74cc7769baa4284e1967c305a4 4ad528ebef2558de7f30f5917a123f7fd844c6a4462b4609fffeb7a8d922eb35 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1670593165332&cv=11&fst=1670593165332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1670593165332&cv=11&fst=1670593165332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash bb494257f7fe948d324ee08d898bcfac ecf05cd32b280f31983e73846db42f2e115aa913 254a234e8075f5e13f4d0ab82e02a2140c26fc95dcd000659d7e38e821d9ec7b Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1670593165345&cv=11&fst=1670593165345&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1670593165345&cv=11&fst=1670593165345&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 4d2f5c747d517d80026fc6b3160a5938 c6e9c0099217f686fd2c28c5864cba3b94048ee5 8be72ce0e14ba5f0a2a0e0197ece3b6200b44daae79f32d96366dee2cc89eee7 Loading...

	fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php	6.7 kB	2023-03-07	2024-03-23
Pretty URL fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1670593165394&cv=11&fst=1670593165394&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1670593165394&cv=11&fst=1670593165394&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 1584652178780fbe6f43d2b04a19263e 71dc06afc069a1b5dbee712ad3aedef0dcebe238 7591b8615daf031826c6a19536295c510cf4b4e0017972df4151660b745b72b9 Loading...

	siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citi.requestssl.com	63 kB	2023-03-08	2023-05-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citi.requestssl.com IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-05-10 22:14:08 Times Seen2 Hash 27441729c7b7c4aad5744a87cf9a9b07 e01e945cd61c0dd22169d9425a5323e792f4da00 8bbd322d5b22764f29e7ff91003f0a7a25af17af76cbee3ff46e95a3d4d80b4f Loading...

	www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c	183 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 9662b1e38c7a4f6b8ef0f968fd0cf1e5 beaf1825d69c770760e39f57952ab9fcab862dd6 5ccabe98f5ebe7dd654fec3cbde344c0c51f236a746593d87a56d82586b874fd Loading...

	www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 149d416d55bc77916a5475d4970fc58d 61b9c18c84be1a0c4b08eb643b200aaef1fb9bbb c3656c5390c2b6f7a3756ed936d6565747d0f489604f6b74ec489ac2d337089c Loading...

	nexus.ensighten.com/citi/na_prod/serverComponent.php?r=0.9755028359622883&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php	1.2 kB	2023-03-08	2023-03-08
Pretty URL nexus.ensighten.com/citi/na_prod/serverComponent.php?r=0.9755028359622883&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash e2dd87c25656b9f2bf4f4b2f1893db28 ae896e654798bc754cee77725d5567815d3721a3 aca5e95081d0d0971404180ab909ccf6f8d33ee3372fe25cbd8ffb9b69681ae6 Loading...

	www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:54 Last Seen2023-03-08 23:55:54 Times Seen1 Hash 1eede0af6f02347d4a07905ff3383604 29266628fa931837ce6391ed21b2cf79ae4cb83a 81d790dde297fed9767206e144772c854d0881ccb20a55e612c7098bfe94e9da Loading...

	siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	29 kB	2023-03-08	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-03-11 23:44:36 Times Seen1 Hash a4802228fa2ddf3964ab98d0b0b73cbe 05be982516b28adc48c56b3f2bb017a2f7f3f47e 90ca1ec69de35eb28fcd7f3dfe0215a56127cacf6b15b24780bb8b2478578d33 Loading...

	siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback	66 kB	2023-03-07	2023-06-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:02 Last Seen2023-06-10 10:45:44 Times Seen4 Hash 49a4d26fda8598291979bf28ede2b3e2 28b70837b5e9d6ad38bc83b5fe3ff16da6530005 2b5aceeabb3acd528746d88da082a178e77658bbeea164b0f382469c6e23b8de Loading...

	citi.requestssl.com/verify/js/Bootstrap.js	286 kB	2023-03-07	2024-04-11
Pretty URL citi.requestssl.com/verify/js/Bootstrap.js IP 18.222.145.119 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-11 02:39:48 Times Seen114 Hash 551a7fe0d5b6fdebb3d356a632e41f8e b2b4871d0eaf5125336e174160889a1c7dc309f5 c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935 Loading...

	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc	7.3 kB	2023-03-08	2023-03-11
Pretty URL zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-11 14:46:08 Times Seen1 Hash ffdfbb7a2a478a1b0875f82c4ea24c6f 549946084153fb5905882c481332644562b60870 87ae05e1edf79bb6ab9b4d16a6ba4b608a3e24791121c75d6aa11e4bcd98fc45 Loading...

	www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c	138 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-08 23:55:55 Times Seen1 Hash 6bcff2a0bae43504ce5b93a0b45ab47b b24c739ed08c28ecaa39cb48cd5b62ec3a51fa2a 2eb24dbbbea6ed7bb7c6369be01a269cf65150405d836b08f8010f8d51598bc4 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1670593165172&cv=11&fst=1670593165172&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1670593165172&cv=11&fst=1670593165172&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-08 23:55:55 Times Seen1 Hash 5969bcac420313e6aa5f430ed3ede93e 9d56f7c5f730e10f370db6d6d150efe284c1fcd4 c64e3f3452b4f202fa88d7c78cba89daf68a62ad8e8c949e0d5535c66614d784 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1670593165313&cv=11&fst=1670593165313&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1670593165313&cv=11&fst=1670593165313&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-08 23:55:55 Times Seen1 Hash 81ab86cf1275a5b36db528a0b6689f7a fd407593d0fd9dfc9eb47eb8b3a0f8ccffa03d90 452f4358f9d601867111f7ef8aa0230aef012da6084dfa38c9ceb7c5b5a69c7a Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1670593165373&cv=11&fst=1670593165373&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1670593165373&cv=11&fst=1670593165373&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-08 23:55:55 Times Seen1 Hash 9e503e3bd80e8c61092a5822020ea30e ed8ef966e66afc6b4c8d79fdeef042f1322a05c3 ea7ac77d82f2edf59025abf777c81f7aed6dfa157079e8ce182a02bd225e23f1 Loading...

	nexus.ensighten.com/citi/na_prod/code/3130622cda902787229d46ad9fe87f0b.js?conditionId0=486757	198 kB	2023-03-08	2023-03-11
Pretty URL nexus.ensighten.com/citi/na_prod/code/3130622cda902787229d46ad9fe87f0b.js?conditionId0=486757 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-11 14:46:08 Times Seen1 Hash 341dee3296d22f905d1bd88e7f279590 594c4db83e243d48abafc354d2549e35e22930dc 209ff3393a4681df056406a9c6f7bdff7f020b3b648d1861a5f08f7104a1a4c6 Loading...

	nexus.ensighten.com/citi/na_prod/code/53f747481c9f2c8bdf26582de927ef52.js?conditionId0=421908	164 kB	2023-03-08	2023-03-09
Pretty URL nexus.ensighten.com/citi/na_prod/code/53f747481c9f2c8bdf26582de927ef52.js?conditionId0=421908 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-09 00:25:16 Times Seen1 Hash 907f6a92c22fd26a8cf42254772283f0 77f790236a2f67c1422b557470f394a925be16d2 82913bd667e3bbf5677d94b46f474def7b20dc2ce6dcc86b7c67fd97f921cb14 Loading...

	c1.rfihub.net/js/tc.min.js	20 kB	2023-03-07	2023-09-15
Pretty URL c1.rfihub.net/js/tc.min.js IP 54.230.111.62 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2023-09-15 03:24:05 Times Seen185 Hash 83c2974d08241a92c3b2dcb8f441271f 424d72cd7dfe7371c647addd7145ab3444a6b121 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 00:31:41 Times Seen37106375 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c	183 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-08 23:55:55 Times Seen1 Hash e7eaddd5f466eb215071e3e3d3da38e6 24d1dcf57f2c1a43287490dc56969594d53a62fd 7e36abd2c3cbda56723c55cb782f812e663cec08d4a2f428fd08196593104c6b Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1670593165408&cv=11&fst=1670593165408&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4	1.9 kB	2023-03-08	2023-03-08
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1670593165408&cv=11&fst=1670593165408&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-08 23:55:55 Times Seen1 Hash 0ecf10086f08a641478e4e0af5d19f3a 702d1d215738a82bd36d3e5f05979d764e41cc35 0d12009b8a2ee3a87ecd9c7606da063b9ff87b5b72315742e792eb9c7287af9c Loading...

		Size	First Seen	Last Seen
	#1 Eval - 603762c672dcbe758aaf868ee9b8a47c	9 B	2023-03-08	2023-03-12
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-12 12:28:06 Times Seen1 Hash 603762c672dcbe758aaf868ee9b8a47c fb271cd21ae74affe18a217a60e559d23d063915 e540eff3523ff6d5672d452b6283ea916fc0924a1e9c10cdad6e411a84e8bdea Loading...

	#2 Eval - c227e0d2aa7fa8fef428f24eae1b6349	8 B	2023-03-08	2023-03-12
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-03-12 12:28:06 Times Seen1 Hash c227e0d2aa7fa8fef428f24eae1b6349 c451f7190df42bfe12784f8dd1a5984e9612e05d 1b1466c09d596fcada1a883ababa157703fda0370dbe3af0a6d4cd93d650a68e Loading...

	#3 Eval - 5638f73047fd3adceff99a58afabbe0d	7 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 5638f73047fd3adceff99a58afabbe0d 7a68bbb88f11948c10bb35e173cb6f037d61a1a9 07fcfc823f6eb2dbc204581488b46dd30a8245de37e4b89a24c07f25d8444095 Loading...

	#4 Eval - a1e812d5f05d7cece0f88cbbd441cb0c	10 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash a1e812d5f05d7cece0f88cbbd441cb0c b3c0ae9c7de7985f174bfe604b81b6068d8acfbf 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86 Loading...

	#5 Eval - f8e3db69f9d544d712a057a91bc2a7ba	5 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash f8e3db69f9d544d712a057a91bc2a7ba 64f66c3f74a457ea1d5c233a9c2172a51d640d95 e679ba08e9aa79b7ab72183f6d23c67c9e40276f44d5caac4f6305a5b849d325 Loading...

	#6 Eval - 8e47adacd186b44e069895c02d32c90c	28 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 8e47adacd186b44e069895c02d32c90c b7a6a5fb691da602354e323e3eaca693df07c8d8 83399909dc134cac35ba243f89703b0a2b19d4892a72064c1db74530b6a68367 Loading...

	#7 Eval - 5ce9b403c3027b4a5df06eacf6541385	10 B	2023-03-08	2023-06-19
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-06-19 02:07:34 Times Seen4 Hash 5ce9b403c3027b4a5df06eacf6541385 293c5761f8c36cd2e858df40bda8aa5e789db017 e6b9977e33025b4e5e94dcbfb3693b8b60b05245cdfe0d6b63fce4fa5a783cca Loading...

	#8 Eval - febcd1edf6010db4858e623d1dd2f3bc	8 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash febcd1edf6010db4858e623d1dd2f3bc a74bf07a162b19311370c60b3d4b724f089f0992 5985e40b5e87364a9e91ad59937dfcb39298e0d218ef54bf23c7a4f03fc2042d Loading...

	#9 Eval - 94de87f72b0eda417b4fc03e4b0af2ea	10 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 94de87f72b0eda417b4fc03e4b0af2ea 02e81c125e6687275e50ba0374fe15a9691bfa87 2a49cf844faec4ce673304854207e6ddc96241be760b111f412a71e8a448225d Loading...

	#10 Eval - e1cae01e1a0f787319b09f31d3c1d461	7 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash e1cae01e1a0f787319b09f31d3c1d461 1ba7b97a65e691d2989ec93b5265015a76ea3fd6 531ba6f66e1f6ea25947b7c7855727af207bf67015d775db59c9256cdb82b599 Loading...

	#11 Eval - 21d566847e9042cc77cf9638e62ca733	20 B	2023-03-07	2024-03-04
Pretty Observations First Seen2023-03-07 14:54:44 Last Seen2024-03-04 16:36:09 Times Seen144 Hash 21d566847e9042cc77cf9638e62ca733 1529a4f32a05ea70623bfc36673e78b013859da1 690111e4c32b4994fac8ab5125a2e99136c4284cf5857d42d1fe65c42f609a9d Loading...

	#12 Eval - d4aab59e71eb9fe8c5e9aa1c78c0766d	8 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash d4aab59e71eb9fe8c5e9aa1c78c0766d 7989dd2581949159a0febf23621a1bc0f0ef1fab 8b7a61822ff99290d6d9533283b520988f624f760b9658ba682f3b48cf50f822 Loading...

	#13 Eval - b552cf27f62c0b802d1c35b412a4d462	11 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash b552cf27f62c0b802d1c35b412a4d462 6c92e611f2c529f04e199b2b7f183cec1d8963db 2e22f065f364a8e9b48f76a19f244fee022f6ab696a00db5fd905f33dda10e3f Loading...

	#14 Eval - 555fc7931eb2cf9a46761a29bbf54b5c	76 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 555fc7931eb2cf9a46761a29bbf54b5c 7ead4d17e5d2f5cd6cda4ed8bcee46be50cb1f40 11b19cefd5be97fa129b375f3428fb1d34f8fd8641e9d3f4df580c1e7c7f0b17 Loading...

	#15 Eval - d066c179a444118cb57f3c2c7bbc579f	12 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash d066c179a444118cb57f3c2c7bbc579f 2360e18b98d230ad8f2ffeb37fa09a2e9cd66262 bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3 Loading...

	#16 Eval - cdc36a7f095e3455d82395abced0e812	12 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash cdc36a7f095e3455d82395abced0e812 4bb58ff9ad02f5fa1ec4a0c3ff8c7c8f64d54751 50cadee5eaf10e9141af667dbe4cc003d748e10f8c37b628afa61927c357e3fd Loading...

	#17 Eval - e6461d1b09ed059841ee03f1a685ad4f	7 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash e6461d1b09ed059841ee03f1a685ad4f 8a66db2008399a2f50241cd765f641f7b79033b1 259a9831751e74c5c0d082de5cb88efb89c8139e9e0936d320b396fbeb22e58b Loading...

	#18 Eval - b7330e9561297cdf3329a8553c319a6f	19 B	2023-03-08	2024-01-25
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2024-01-25 03:24:59 Times Seen30 Hash b7330e9561297cdf3329a8553c319a6f 7a8b40a1565ccc0b962addc715c6a659211f3f0d c79627a7f9ef361f7b3763bb2e0de164546ee448e183d4ff448714a92fcdf8c0 Loading...

	#19 Eval - b4734db14bd1bb43cd03949aa45bcef3	12 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash b4734db14bd1bb43cd03949aa45bcef3 20cbe426c387b7a149b77b8975481e2985daca82 bb7c271804952bb8a05b975f015c2bf5c998347e68d0f0d3495f53bdfeea8f8a Loading...

	#20 Eval - c283a90e7c9b1743898c2347de3e500e	23 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash c283a90e7c9b1743898c2347de3e500e de3b8f46160ccf1c1e962f9a7f39b0136ad462e6 2451101feb9d6dec5546ba03764f41220b441f084d3fba4c31d02e8e0b2c2fae Loading...

	#21 Eval - 4f47924df1fa56990e14acaf264d97aa	17 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 4f47924df1fa56990e14acaf264d97aa 740225f82d0aabd8071991bc8e7529407bf524a6 c4cf569d2aebffe73838ef3b29349befda2332e7b28e56653f365fba8ddbb10b Loading...

	#22 Eval - 9aca1c156db84373fbaf67b54a7d31d4	10 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 23:55:55 Last Seen2023-04-30 08:15:02 Times Seen24 Hash 9aca1c156db84373fbaf67b54a7d31d4 d3ce3033f173d0e2591a498852d09d876714bbc3 d1152a1a8c6451a5259a99422563e736ad1c23ca49ba298c5b64ddf2bbb9026e Loading...

HTTP Transactions (115)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8781
Expires: Fri, 09 Dec 2022 16:05:41 GMT
Date: Fri, 09 Dec 2022 13:39:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5314
Expires: Fri, 09 Dec 2022 15:07:54 GMT
Date: Fri, 09 Dec 2022 13:39:20 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 13:08:18 GMT
content-type: application/json
age: 1862
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8625
Expires: Fri, 09 Dec 2022 16:03:05 GMT
Date: Fri, 09 Dec 2022 13:39:20 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: r/H8IqvRIYeXrVw3H5ZWhB9RA4eDr1pNwKoSTipgdhz9yy3MDNq3Ln+15qQOvWLJ/Ok6KNqtrFs=
x-amz-request-id: STEHBF74DJSXN3ZB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 12:48:20 GMT
age: 3060
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:39:20 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 13:07:55 GMT
age: 1885
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5818
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:21 GMT
Last-Modified: Fri, 09 Dec 2022 12:02:23 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.148.213.75

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.213.75:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vh/K8xbbP432gdNC8hw09Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3p5E5BOIIqZXGRlZ/Nkt8azT3QY=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Fri, 09 Dec 2022 19:18:14 GMT
Date: Fri, 09 Dec 2022 13:39:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5169 bytes)
Hash
06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 31987
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 56878
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 23167
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 36056
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 23123
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5245 bytes)
Hash
43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 01:23:35 GMT
age: 44147
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

citi.requestssl.com/verify/login.php

18.222.145.119

200 OK

38 kB

URL HTTP/1.1
citi.requestssl.com/verify/login.php
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF, CR line terminators
Size
38 kB (38457 bytes)
Hash
71cb2496aaf93d8d532f92bbbdf2275b
f2386b8f5edcaae7f9bf3b42d245abfb9e7cca7f
dbce1ec39c16edf743f0236c0afc15c9babc64c0b896e50abc64329500d5daac

HTTP Headers

GET /verify/login.php HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/js/Bootstrap.js

18.222.145.119

200 OK

93 kB

URL HTTP/1.1
citi.requestssl.com/verify/js/Bootstrap.js
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (577), with CRLF line terminators
Size
93 kB (92986 bytes)
Hash
065af722ae00f597b5f8a2573a13065b
b1c4affcd37095321d33e8e2469a0098abc29297
2e27a93e60495b70a719adce123e3765c190649651332dcb11641a48a69d8c55

HTTP Headers

GET /verify/js/Bootstrap.js HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "45e8f-60c0f008-13dad3;gz"
last-modified: Wed, 09 Jun 2021 16:44:56 GMT
content-type: application/x-javascript
content-length: 92986
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/Interstate-Regular.woff

18.222.145.119

200 OK

79 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/Interstate-Regular.woff
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Size
79 kB (78762 bytes)
Hash
b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/Interstate-Regular.woff HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
etag: "133aa-60c0ec72-13dab9;;;"
last-modified: Wed, 09 Jun 2021 16:29:38 GMT
content-type: application/font-woff
content-length: 78762
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/Interstate-Light.woff

18.222.145.119

200 OK

76 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/Interstate-Light.woff
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/Interstate-Light.woff HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
etag: "12712-60c0ec70-13dab8;;;"
last-modified: Wed, 09 Jun 2021 16:29:36 GMT
content-type: application/font-woff
content-length: 75538
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/Interstate-Bold.woff

18.222.145.119

200 OK

72 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/Interstate-Bold.woff
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/Interstate-Bold.woff HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
etag: "118c2-60c0ec6e-13dab7;;;"
last-modified: Wed, 09 Jun 2021 16:29:34 GMT
content-type: application/font-woff
content-length: 71874
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695

54.72.35.25

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695
IP
54.72.35.25:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citi.requestssl.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0bb46f593.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=88687908196940025313362779659057318245; Max-Age=15552000; Expires=Wed, 07 Jun 2023 13:39:24 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: FF7cqFsMQsI=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695

54.72.35.25

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695
IP
54.72.35.25:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1670593163695 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://citi.requestssl.com
Content-Type: application/x-www-form-urlencoded
Referer: http://citi.requestssl.com/
Connection: keep-alive

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citi.requestssl.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-05ee5fd88.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: LiXOqA/yTSI=
Content-Length: 124
Connection: keep-alive

citi.requestssl.com/verify/css/styles.css

18.222.145.119

200 OK

159 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/styles.css
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size
159 kB (158639 bytes)
Hash
113e0a3c1debf8b475499aa144a5c0a3
3c9292d4752c21553159a47d91bc0a4e4bc4b7ae
fa2345fe4287325b850dcaf39b572476bdaa553065c95dc84d45129fc9c2ab3d

HTTP Headers

GET /verify/css/styles.css HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "152f86-60c5d824-13dacd;gz"
last-modified: Sun, 13 Jun 2021 10:04:20 GMT
content-type: text/css
content-length: 158639
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/social-media_facebook@3x.png

18.222.145.119

200 OK

445 B

URL HTTP/1.1
citi.requestssl.com/verify/css/social-media_facebook@3x.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/social-media_facebook@3x.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "1bd-60c0e66a-13daca;;;"
last-modified: Wed, 09 Jun 2021 16:03:54 GMT
content-type: image/png
content-length: 445
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/icon_globe_med-grey@2x.svg

18.222.145.119

200 OK

1.4 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/icon_globe_med-grey@2x.svg
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
1.4 kB (1419 bytes)
Hash
ebcbe76ba2da728d84c6a76b3541919d
cacffc8e5130f938cc86399ba1b9fe379ba65b3b
a2f31bb6f70cfc842d1e8d3709aac9a8dd58fc4adebdc4cd2556051eb49d2bd8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "dc3-60c0ec5a-13dac2;gz"
last-modified: Wed, 09 Jun 2021 16:29:14 GMT
content-type: image/svg+xml
content-length: 1419
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png

18.222.145.119

200 OK

45 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size
45 kB (44996 bytes)
Hash
7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "afc4-60c0e660-13daaf;;;"
last-modified: Wed, 09 Jun 2021 16:03:44 GMT
content-type: image/png
content-length: 44996
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/jamp-spinner-2x.gif

18.222.145.119

200 OK

37 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/jamp-spinner-2x.gif
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 60 x 60\012- data
Size
37 kB (36855 bytes)
Hash
9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb

HTTP Headers

GET /verify/css/jamp-spinner-2x.gif HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "8ff7-60c0e676-13dac3;;;"
last-modified: Wed, 09 Jun 2021 16:04:06 GMT
content-type: image/gif
content-length: 36855
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/050-location@2x.svg

18.222.145.119

200 OK

758 B

URL HTTP/1.1
citi.requestssl.com/verify/css/050-location@2x.svg
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
758 B (758 bytes)
Hash
2b7cfe76b3d07bceb495d2dcc63dafa3
dd9a3e5c21135454fb20655caf55b7269a06a579
b1fff2f946232e402a12ac7b4f262d09a3268446dbb829ffc6a22eb89dd3360f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/050-location@2x.svg HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "6d8-60c0ec4c-13daaa;gz"
last-modified: Wed, 09 Jun 2021 16:29:00 GMT
content-type: image/svg+xml
content-length: 758
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/citipridelogo.jpg

18.222.145.119

200 OK

2.7 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/citipridelogo.jpg
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2658 bytes)
Hash
9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40

HTTP Headers

GET /verify/css/citipridelogo.jpg HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "a62-60c0e666-13dac1;;;"
last-modified: Wed, 09 Jun 2021 16:03:50 GMT
content-type: image/jpeg
content-length: 2658
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/img/Citi-Branding-Sprite.png

18.222.145.119

404 Not Found

705 B

URL HTTP/1.1
citi.requestssl.com/verify/img/Citi-Branding-Sprite.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
705 B (705 bytes)
Hash
bfbf1451d2d0ca64731dda41aadbfee9
8ced5f4e49d615a0855492ea12a174f8f63ac9aa
d7a6693a3add3dc913f5472fabcc097a55a4269210d8af2c37e1ad53a1565a55

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/img/Citi-Branding-Sprite.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
content-encoding: gzip
vary: Accept-Encoding
transfer-encoding: chunked
connection: Keep-Alive

citi.requestssl.com/verify/css/social-media_twitter@3x.png

18.222.145.119

200 OK

1.3 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/social-media_twitter@3x.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/social-media_twitter@3x.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "4fd-60c0e66c-13dacb;;;"
last-modified: Wed, 09 Jun 2021 16:03:56 GMT
content-type: image/png
content-length: 1277
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/LSO_4959.jpg

18.222.145.119

200 OK

175 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/LSO_4959.jpg
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size
175 kB (174933 bytes)
Hash
4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/LSO_4959.jpg HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "2ab55-60c39bc0-13daba;;;"
last-modified: Fri, 11 Jun 2021 17:22:08 GMT
content-type: image/jpeg
content-length: 174933
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/social-media_youtube@3x.png

18.222.145.119

200 OK

1.2 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/social-media_youtube@3x.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/social-media_youtube@3x.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "497-60c0e66e-13dacc;;;"
last-modified: Wed, 09 Jun 2021 16:03:58 GMT
content-type: image/png
content-length: 1175
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1670593163955

15.188.95.229

200 OK

89 B

URL HTTP/1.1
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1670593163955
IP
15.188.95.229:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
89 B (89 bytes)
Hash
93ecd1478b07d792a819edd92bf37dd4
1fd7d5ac7e2ac42cfad54741458cb1a7b8e6fad0
a3260aa065057d30091c34e0fccf886e626b1dac61b89558453b8a6513e1bd54

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1670593163955 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
access-control-allow-origin: http://citi.requestssl.com
access-control-allow-credentials: true
date: Fri, 09 Dec 2022 13:39:25 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C99D46BB1C950D-600014A5F6F4C7C1[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 08 Dec 2024 13:39:39 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C06197551418422927072529149890134711386; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 08 Dec 2024 13:39:39 GMT;
s_ecid=MCMID%7C06197551418422927072529149890134711386; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Sun, 08 Dec 2024 13:39:39 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=06197551418422927072529149890134711386&d_cid_ic=AVID%0131C99D46BB1C950D-600014A5F6F4C7C1&ts=1670593164156

54.72.35.25

200 OK

299 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=06197551418422927072529149890134711386&d_cid_ic=AVID%0131C99D46BB1C950D-600014A5F6F4C7C1&ts=1670593164156
IP
54.72.35.25:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Size
299 B (299 bytes)
Hash
59dfd849df0262b002f4e4d20caca23e
1ae02e0fe0ee024717bbd76cac815cd248be6cd4
c41476bcbcf8dda945470d051b981a983d875fa8312be878243c1adb5a2cc635

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=06197551418422927072529149890134711386&d_cid_ic=AVID%0131C99D46BB1C950D-600014A5F6F4C7C1&ts=1670593164156 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://citi.requestssl.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0c67d0b74.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=00884647694571576963078986967512819193; Max-Age=15552000; Expires=Wed, 07 Jun 2023 13:39:25 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: O4mTd5XzT/0=
Content-Length: 299
Connection: keep-alive

citi.requestssl.com/verify/css/1440_Citi-PLT@3x.png

18.222.145.119

200 OK

28 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/1440_Citi-PLT@3x.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "6df5-60c0e656-13daab;;;"
last-modified: Wed, 09 Jun 2021 16:03:34 GMT
content-type: image/png
content-length: 28149
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

citi.requestssl.com/verify/css/320_Citi-PLT@3x.png

18.222.145.119

200 OK

12 kB

URL HTTP/1.1
citi.requestssl.com/verify/css/320_Citi-PLT@3x.png
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /verify/css/320_Citi-PLT@3x.png HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:24 GMT
etag: "2d2a-60c0e65c-13daad;;;"
last-modified: Wed, 09 Jun 2021 16:03:40 GMT
content-type: image/png
content-length: 11562
accept-ranges: bytes
date: Fri, 09 Dec 2022 13:39:24 GMT
server: LiteSpeed
connection: Keep-Alive

nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError

54.230.111.74

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 09 Dec 2022 00:20:40 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qdVvm2UHGJPDmdJC0CAmZUOieEajmBxIlGmB_VFH3M7wp3W8mXyeAw==
Age: 47925

nexus.ensighten.com/citi/na_prod/serverComponent.php?r=0.9755028359622883&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php

54.230.111.74

200 OK

532 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=0.9755028359622883&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1155)
Size
532 B (532 bytes)
Hash
db5bf02ebed50defb9cdce21941a6133
1eec1a650eb78c6f53b06efe2bf247895c77216c
3aea06671cc5612e91aa1bbd2eaf4e63fd8a7682b0302f5a3f1b9b929429918b

HTTP Headers

GET /citi/na_prod/serverComponent.php?r=0.9755028359622883&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 09 Dec 2022 13:39:25 GMT
Expires: Fri, 09 Dec 2022 13:39:24 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CLgijkufb5moNCHqopwpQKHEgt-lZBP8pB1YPO1zuoEkqzmue7MSCw==

cm.everesttech.net/cm/dd?d_uuid=00884647694571576963078986967512819193

54.77.60.152

301 Moved Permanently

134 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=00884647694571576963078986967512819193
IP
54.77.60.152:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /cm/dd?d_uuid=00884647694571576963078986967512819193 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=00884647694571576963078986967512819193

citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=50cb2b78934c40b897a3b13f9f9b8e76&mboxPC=&mboxPage=5711344bd4514e78b91a8beb63f31808&mboxRid=c21253c263c942ec95b07e0f4642649d&mboxVersion=1.7.0&mboxCount=1&mboxTime=1670593163705&mboxHost=citi.requestssl.com&mboxURL=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=62F6552D751380D6-26AB4A974C1D674D&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=06197551418422927072529149890134711386&mboxMCAVID=31C99D46BB1C950D-600014A5F6F4C7C1&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6

34.252.149.97

200

142 B

URL HTTP/1.1
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=50cb2b78934c40b897a3b13f9f9b8e76&mboxPC=&mboxPage=5711344bd4514e78b91a8beb63f31808&mboxRid=c21253c263c942ec95b07e0f4642649d&mboxVersion=1.7.0&mboxCount=1&mboxTime=1670593163705&mboxHost=citi.requestssl.com&mboxURL=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=62F6552D751380D6-26AB4A974C1D674D&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=06197551418422927072529149890134711386&mboxMCAVID=31C99D46BB1C950D-600014A5F6F4C7C1&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP
34.252.149.97:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
142 B (142 bytes)
Hash
341a2845864d3d3d5a94cbd7c7d5607b
fa4e57c6beed93304d3ddbaacbfc71121c50cdac
323b2ed9fd5c8d1a40db282b2da5c03c8f2f2f1abc0400386726a46b858c3087

HTTP Headers

GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=50cb2b78934c40b897a3b13f9f9b8e76&mboxPC=&mboxPage=5711344bd4514e78b91a8beb63f31808&mboxRid=c21253c263c942ec95b07e0f4642649d&mboxVersion=1.7.0&mboxCount=1&mboxTime=1670593163705&mboxHost=citi.requestssl.com&mboxURL=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=62F6552D751380D6-26AB4A974C1D674D&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=06197551418422927072529149890134711386&mboxMCAVID=31C99D46BB1C950D-600014A5F6F4C7C1&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://citi.requestssl.com
Access-Control-Allow-Credentials: true
X-Request-ID: c21253c263c942ec95b07e0f4642649d
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=50cb2b78934c40b897a3b13f9f9b8e76; Max-Age=1860; Expires=Fri, 09-Dec-2022 14:10:25 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=50cb2b78934c40b897a3b13f9f9b8e76.37_0; Max-Age=63244800; Expires=Tue, 10-Dec-2024 13:39:25 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *

citi.requestssl.com/verify/img/favicon.ico

18.222.145.119

200 OK

8.1 kB

URL HTTP/1.1
citi.requestssl.com/verify/img/favicon.ico
IP
18.222.145.119:0
ASN
#16509 AMAZON-02

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
8.1 kB (8116 bytes)
Hash
7408f1858b7d67263a001f84022b33a4
89161c6255a5559cc1282c5a9c7d4d84623bd12f
0cffb7ed99266581c5b90b6b2d8c758232f6746f9784ead6ae85725806691eb6

HTTP Headers

GET /verify/img/favicon.ico HTTP/1.1
Host: citi.requestssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19336%7CMCMID%7C06197551418422927072529149890134711386%7CMCAID%7C31C99D46BB1C950D-600014A5F6F4C7C1%7CMCOPTOUT-1670600364s%7CNONE%7CMCAAMLH-1671197964%7C6%7CMCAAMB-1671197964%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C3.1.2; check=true; mbox=session#50cb2b78934c40b897a3b13f9f9b8e76#1670595024; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1

HTTP/1.1 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 13:39:25 GMT
etag: "222b-60c11206-13dad0;gz"
last-modified: Wed, 09 Jun 2021 19:09:58 GMT
content-type: image/x-icon
content-length: 8116
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:25 GMT
server: LiteSpeed
connection: Keep-Alive

nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099

54.230.111.74

200 OK

2.2 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (542)
Size
2.2 kB (2184 bytes)
Hash
9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec

HTTP Headers

GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 09 Dec 2022 01:09:54 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZaJW2VsMUuWz3-ENQlBuu-gdaGVJsC0TrVlbPVHjBZXD-IM7JZeuzA==
Age: 44972

nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963

54.230.111.74

200 OK

1.2 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (619)
Size
1.2 kB (1222 bytes)
Hash
8621afe09918c8b527b2f6c410270234
f6f8315236bb14d91c27693d2fde5b5e7fb327d8
d64fd9ecde6c4c303d19919337c86d7856689cc73c459b3fd4e88d0851f14a41

HTTP Headers

GET /citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 14 Nov 2022 11:40:58 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 18 Oct 2022 17:52:59 GMT
ETag: W/"7df0440e45009010a99db868682aafb3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q8CWwWgJxjj-Km77r_J5QtzDk9gOi3MkdvBM_pO0tJ6FBiRlSZ73JQ==
Age: 2167108

nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

54.230.111.74

200 OK

655 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
655 B (655 bytes)
Hash
b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034

HTTP Headers

GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 27 Nov 2022 17:37:10 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dm8rHJUr7quA0J0AaQ-q55XFRYRCkEQcFkGNz3rO1RdiSojv4UP0CQ==
Age: 1022536

nexus.ensighten.com/citi/na_prod/code/3130622cda902787229d46ad9fe87f0b.js?conditionId0=486757

54.230.111.74

200 OK

42 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/3130622cda902787229d46ad9fe87f0b.js?conditionId0=486757
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (586)
Size
42 kB (41961 bytes)
Hash
1373325c5760fa8c5a8c1cafbfe24259
e24e5488f391a6f587985f5ceca601ec866abdb1
c2385d3fb404894fc0a07d7b0e448d77a2b94d2f32d83a2758edb70a4896a30f

HTTP Headers

GET /citi/na_prod/code/3130622cda902787229d46ad9fe87f0b.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 02 Dec 2022 07:26:17 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 15 Nov 2022 18:15:08 GMT
ETag: W/"341dee3296d22f905d1bd88e7f279590"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: v0iIZV7IcneHZ3eW11iEDXRzv51oeO1K
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cJJU4A5bOd-X9uvpQ1fwHn7Tcz-5TG1rLkNGqN6C9CvEauvpl9yabA==
Age: 627189

fast.citi.demdex.net/dest5.html?d_nsid=0

23.33.119.10

200 OK

2.8 kB

URL HTTP/1.1
fast.citi.demdex.net/dest5.html?d_nsid=0
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2785 bytes)
Hash
b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citi

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

nexus.ensighten.com/citi/na_prod/code/53f747481c9f2c8bdf26582de927ef52.js?conditionId0=421908

54.230.111.74

200 OK

35 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/53f747481c9f2c8bdf26582de927ef52.js?conditionId0=421908
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (557)
Size
35 kB (35014 bytes)
Hash
a7a10e8f64cfe946dec98b5ed45b589a
a475da6d3313cffeba59ecc5b2b0ae8e338a1eb6
02ba22f1008a66261d83f92f6e9c5e5b8ad17c619d52d1a45d11343934463fb4

HTTP Headers

GET /citi/na_prod/code/53f747481c9f2c8bdf26582de927ef52.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 08 Dec 2022 22:14:01 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 08 Dec 2022 22:08:04 GMT
ETag: W/"907f6a92c22fd26a8cf42254772283f0"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: uZ8jLretl22PzNSilKgogF1OZo.HsbE1
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2772dK-e1wKibH4NE0L1s1py5PvBQrLp-yBhJV_OZv1DsM-7qyCjtw==
Age: 55525

c1.rfihub.net/js/tc.min.js

54.230.111.62

200 OK

6.2 kB

URL HTTP/1.1
c1.rfihub.net/js/tc.min.js
IP
54.230.111.62:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (19497)
Size
6.2 kB (6162 bytes)
Hash
ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f

HTTP Headers

GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Fri, 09 Dec 2022 13:10:09 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 09 Dec 2022 14:10:09 GMT
Last-Modified: Fri, 09 Dec 2022 13:09:59 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LQ61yvFbKkcf-MFXW0GL52v4WyhIkkcy4sYB15Y5ObG5kYzD1Cgh3w==
Age: 1756

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
41d80815e4ff8a4fa9a3b683359676f2
5b1589d5759b334b9b9d9006b8a4a367c1f3399e
b65d53199e0778167a3af0a6707f11f4f21b6984879d1a09f2e0ce37c71c9e4a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93110
Date: Fri, 09 Dec 2022 13:39:25 GMT
Etag: "6391ee1f-1d7"
Expires: Sat, 10 Dec 2022 15:31:15 GMT
Last-Modified: Thu, 08 Dec 2022 14:01:03 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Tgj35xlkIQzrbLPsxHzpst0go8DEA2vYew8f8NYP5Y1jiIUz6JuGuw==
Age: 5412

cm.everesttech.net/cm/dd?d_uuid=00884647694571576963078986967512819193

54.77.60.152

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=00884647694571576963078986967512819193
IP
54.77.60.152:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=00884647694571576963078986967512819193 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y5M6jQAAAJ9PKQN6; Domain=.everesttech.net; Expires=Sat, 09-Dec-2023 13:39:25 GMT; Path=/
everest_session_v2=Y5M6jQAAAJ9PKgN6; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6
Server: AMO-cookiemap/1.1

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
39f8bd1911f1222338ae765da30ee679
c5c84f00a58bb4f486c857f9a8ed7416a2513fcd
c68d448ff357806c05ff74facba946e1a7f7b451c3f7be91e02a4f023f8b10f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5309
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:25 GMT
Last-Modified: Fri, 09 Dec 2022 12:10:56 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/ibs:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6

54.72.35.25

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6
IP
54.72.35.25:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0dc3ea27c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=28162154121756866684516926571534376115; Max-Age=15552000; Expires=Wed, 07 Jun 2023 13:39:25 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Wgr4CWgJSFA=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6

54.72.35.25

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6
IP
54.72.35.25:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5M6jQAAAJ9PKQN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-034f2d6c4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: VIN8aX/rRhA=
Content-Length: 59
Connection: keep-alive

20766699p.rfihub.com/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771

193.0.160.128

302 Found

0 B

URL HTTP/1.1
20766699p.rfihub.com/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771
IP
193.0.160.128:0
ASN
#54312 ROCKETFUEL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Fri, 09 Dec 2022 13:39:25 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771
Content-Length: 0

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
87a665a6e9dbcd52321e3255c65f0f1f
1b862aa663ca4b1fbbc2279ea6cadd4223fb70bd
79cd6539962ee3b2822e12cf3e3c59dd12132ceb70c8f6df658ce33cd106d869

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 02:15:46 GMT
Expires: Wed, 14 Dec 2022 02:15:45 GMT
Etag: "1b862aa663ca4b1fbbc2279ea6cadd4223fb70bd"
Cache-Control: max-age=390379,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776e25965cf1b50b-OSL

20766699p.rfihub.com/sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771

193.0.160.128

200 OK

118 B

URL HTTP/1.1
20766699p.rfihub.com/sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771
IP
193.0.160.128:0
ASN
#54312 ROCKETFUEL

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

HTTP Headers

GET /sr/ca.html?ver=9&ra=426&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&pf=&ra=6593276187745771 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 13:39:25 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0NjExNTUxMjAyMLYwNzYyMRbiM9RNMclIMQiPyk8pcjQCAEpZXpMlAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 3 Jan 2024 13:39:25 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0NjExNTUxMjAyMLYwNzYyMRbiM9RNMclIMQiPyk8pcjQCAEpZXpMlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.40

302 Found

253 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
253 B (253 bytes)
Hash
e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:25 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
dfd8f53ca5c2c39aafe4cb113356c8f0
e0fa7598c95aa496db7f2678738b564610277841
11c24186d5c8b598172fc549f8e8165a0225d0f24a4a68b76c9b3ba67f6c05e2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5267
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Etag: "63931c80-1d7"
Last-Modified: Fri, 09 Dec 2022 12:11:40 GMT
Server: ECS (amb/6B90)
X-Cache: HIT
Content-Length: 471

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.40

200 OK

67 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2917)
Size
67 kB (66904 bytes)
Hash
b4ed65a08a84e846e70805e1a824ec73
5b78dfa7ccc3800cdf2940e1047964aa8713c07a
5dc1fdeb4d749d3580013e9fd3282b45fc45c79ccba1b1c2a5e08e6cc127ea6c

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citi.requestssl.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:39:26 GMT
expires: Fri, 09 Dec 2022 13:39:26 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66904
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

104.17.208.240

200 OK

4.1 kB

URL HTTP/2
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6801)
Size
4.1 kB (4120 bytes)
Hash
0278bb247d9dcfea7a9df14da5dea7f5
834da48b2a4617f763089272e24e8accadeb3b39
6d6d91ef76ec71a35f6908b552108c5c7dd4e4b8aa800fc7979ba4e7f008bb14

HTTP Headers

GET /SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc HTTP/1.1
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 776e25979d33fabc-OSL
access-control-allow-origin: *
age: 197182
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-3rJKcsfYLyqh+TLmSfkOfT7rzaE"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62

HTTP Headers

GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb

HTTP Headers

GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce

HTTP Headers

GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4

HTTP Headers

GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e

HTTP Headers

GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c

HTTP Headers

GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

142.250.74.40

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64

HTTP Headers

GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

142.250.74.40

302 Found

280 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
280 B (280 bytes)
Hash
a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd

HTTP Headers

GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citi.requestssl.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 13:39:26 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e3b657ebd655fbfa5f10c01c775f2aa0
2478fd171e6791a10d83b2bad9de0165d268db7e
2d91737e61e5338bc24c7df4aa36b1c20d9f79fe8ea4bb4914fd2c15e99a7ee3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1670593165172&cv=11&fst=1670593165172&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

902 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1670593165172&cv=11&fst=1670593165172&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1947), with no line terminators
Size
902 B (902 bytes)
Hash
6ac1ff8eb60bef5593f85ebd72e6a890
cde6ef130e6b967172176f26e26f0228bc0d173d
00d076687ce829bd38326a75d8f8bd49adfa252b67a9cb80836591cd985b1da0

HTTP Headers

GET /pagead/viewthroughconversion/916451471/?random=1670593165172&cv=11&fst=1670593165172&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 902
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1670593165332&cv=11&fst=1670593165332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

903 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1670593165332&cv=11&fst=1670593165332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1947), with no line terminators
Size
903 B (903 bytes)
Hash
10c7daf6a47870f95b54f4fade64d60e
20eaf99b357d3ce57bc6031cf98fca2818fa631d
92a0460ef9bee1f0bd7cb3d447f56585bd8f9c69d3548a503c060d6da22e5250

HTTP Headers

GET /pagead/viewthroughconversion/644574043/?random=1670593165332&cv=11&fst=1670593165332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 903
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1670593165313&cv=11&fst=1670593165313&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

902 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1670593165313&cv=11&fst=1670593165313&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1947), with no line terminators
Size
902 B (902 bytes)
Hash
ed0b20e887d4ac67f5a20a2c996b9e3e
80e66cacc8f692fa2eaa8f8c52a3fec8e611bab4
0f6b88cbf9a5ac6d5a2f6a50e098c58d889f860d5f00187da884ca3a34c1206a

HTTP Headers

GET /pagead/viewthroughconversion/960621875/?random=1670593165313&cv=11&fst=1670593165313&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 902
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1670593165345&cv=11&fst=1670593165345&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

903 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1670593165345&cv=11&fst=1670593165345&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1947), with no line terminators
Size
903 B (903 bytes)
Hash
29caaece43ec00303e3fcf2f1b0d31f9
2c9b0003770d655030f7978aad10b8b429c59540
a0eeab289f70fa14528d02b0a1d697393c37f8a4092a68148abf699101a0723d

HTTP Headers

GET /pagead/viewthroughconversion/695231162/?random=1670593165345&cv=11&fst=1670593165345&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 903
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1670593165359&cv=11&fst=1670593165359&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

901 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1670593165359&cv=11&fst=1670593165359&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1945), with no line terminators
Size
901 B (901 bytes)
Hash
47dc13aacc8e6d79762f6120a1c8e028
6b90903b1a06412fa40d41231d70ae29be24c3f2
ef35eee55f0f09f89fa3bebffd5743063849f9a58042192e1980cc58b1580cb4

HTTP Headers

GET /pagead/viewthroughconversion/975701947/?random=1670593165359&cv=11&fst=1670593165359&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 901
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1670593165373&cv=11&fst=1670593165373&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

900 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1670593165373&cv=11&fst=1670593165373&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1947), with no line terminators
Size
900 B (900 bytes)
Hash
01d64e8b4dc9c3eb85b35a9ef46e329e
a94d17d40f34d5b6f34f75eafbefd1f99c161c40
ecf1628982e0b0dc828943efa88d8dd2c0a11ebe874885262e519752e72b31b3

HTTP Headers

GET /pagead/viewthroughconversion/819500023/?random=1670593165373&cv=11&fst=1670593165373&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 900
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e3b657ebd655fbfa5f10c01c775f2aa0
2478fd171e6791a10d83b2bad9de0165d268db7e
2d91737e61e5338bc24c7df4aa36b1c20d9f79fe8ea4bb4914fd2c15e99a7ee3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1670593165394&cv=11&fst=1670593165394&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4

216.58.207.226

200 OK

901 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1670593165394&cv=11&fst=1670593165394&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1945), with no line terminators
Size
901 B (901 bytes)
Hash
f8ac381c59797def8d03ec3ab929eb67
0c4bb965cc0c37b167edcf658985147c0cb1d8ba
8a8bdbdc65e0b09de962f78f04a456ada9b793af7c8e9584b385c20577fcdd69

HTTP Headers

GET /pagead/viewthroughconversion/830907969/?random=1670593165394&cv=11&fst=1670593165394&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=616701445.1670593165&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 901
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 13:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
23f0fed6cb9af080a75d8b899ae5bd84
2c02a8cb4a6e70d8ba58696fd709838656d443c3
b1102b6924fcffe1f07a07385010a47aa142435d4efc79b338e50f8258a4d5da

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
23f0fed6cb9af080a75d8b899ae5bd84
2c02a8cb4a6e70d8ba58696fd709838656d443c3
b1102b6924fcffe1f07a07385010a47aa142435d4efc79b338e50f8258a4d5da

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
23f0fed6cb9af080a75d8b899ae5bd84
2c02a8cb4a6e70d8ba58696fd709838656d443c3
b1102b6924fcffe1f07a07385010a47aa142435d4efc79b338e50f8258a4d5da

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

32 kB

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
32 kB (32510 bytes)
Hash
32d948dc88a9c81c92782f262e6003db
eb6bebb6a87332a7bc79a8727696811f02f37d44
137a438686be825dada78a5427393ee1f6e03d51eaadf2674a3c6cd7440903d1

HTTP Headers

GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/javascript
cf-ray: 776e25992e12fabc-OSL
access-control-allow-origin: *
age: 194013
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19b73-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105331
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
23f0fed6cb9af080a75d8b899ae5bd84
2c02a8cb4a6e70d8ba58696fd709838656d443c3
b1102b6924fcffe1f07a07385010a47aa142435d4efc79b338e50f8258a4d5da

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/819500023/?random=1670593165373&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1465401369&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975701947/?random=1670593165359&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=970661766&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/644574043/?random=1670593165332&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4065468845&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/644574043/?random=1670593165332&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4065468845&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/644574043/?random=1670593165332&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4065468845&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/916451471/?random=1670593165172&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3489142010&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1670593165313&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3525866864&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=0&ipr=y

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=0&ipr=y
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/695231162/?random=1670593165345&cv=11&fst=1670590800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fciti.requestssl.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3110948310&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:39:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8585fe73b51c643ee300c3df9313bfe1
c184ce0c12fbfc0f17a81ad0e0bdaad5503bceb1
807b590f961c83886bbd27c879dfbf03a3336005cdabbba42d4d63bdcb11bf51

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:39:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

2.18.173.116

200 OK

2.2 kB

URL HTTP/2
iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc
IP
2.18.173.116:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 112 x 39, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2196 bytes)
Hash
e6ed675f115fb1568bb1aabc00aa3f30
5cd752c6b199a3fdefe95712c77b240a92e9f1f2
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

HTTP Headers

GET /WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc HTTP/1.1
Host: iad1.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
access-control-allow-origin: *
x-request-id: 2ecddb2f-a2dd-489d-93ac-36a2b0ab9d4c
x-transaction-id: 86098b14-15dc-40e1-b4d0-b5a17a27c76b
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
content-disposition: inline; filename=feedback.png
content-length: 2196
content-type: image/png
x-robots-tag: noindex
cache-control: public, max-age=56
expires: Fri, 09 Dec 2022 13:40:23 GMT
date: Fri, 09 Dec 2022 13:39:27 GMT
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

104.17.208.240

200 OK

254 B

URL HTTP/2
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced\012- data
Size
254 B (254 bytes)
Hash
48240b2998738f29efb197386e688338
2a864e0cdba56126f8eb46d4945b758c7c732bcd
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

HTTP Headers

GET /WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:27 GMT
content-type: image/png
content-length: 254
cf-ray: 776e25a02bdbfabc-OSL
accept-ranges: bytes
age: 16039799
cache-control: max-age=315360000, public
expires: Mon, 23 Feb 2032 07:18:15 GMT
last-modified: Wed, 23 Feb 2022 00:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
referrer-policy: strict-origin-when-cross-origin
servershortname: 
trace-id: d15759f42a15818a
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
server: cloudflare
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8345 bytes)
Hash
659b6eb1f1c430e2780758c7787b9a23
4792b0893827924e84cc51450012407717da4d2b
f14393b6bcc036fa9ed61114944ebb25192adfec72c09807eb7948a88c790d69

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8345
x-amzn-requestid: 4e42c335-cc27-41bc-8d5c-cbe3dcc1f623
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwRBF_gIAMFdCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-254d38575d76726a4462c66f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X1pe947CVDaM6wJ4x5ncH2N_Mu56YAqB6ApLNePkm3ZMl-u1LiDo7Q==
via: 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 13:22:44 GMT
age: 1005
etag: "4792b0893827924e84cc51450012407717da4d2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 98
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/json
cf-ray: 776e25980d6ffabc-OSL
access-control-allow-origin: http://citi.requestssl.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 27536c30ee3b62e3
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/javascript
cf-ray: 776e259a3ec5fabc-OSL
access-control-allow-origin: *
age: 194012
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"102f7-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=66295
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:27 GMT
content-type: application/json
cf-ray: 776e259a3ec8fabc-OSL
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Mon, 06 Dec 2032 13:39:27 GMT
last-modified: Fri, 09 Dec 2022 13:39:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname: 
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&r=1670593166435

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&r=1670593166435
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&r=1670593166435 HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:27 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 776e25a02bdefabc-OSL
access-control-allow-origin: http://citi.requestssl.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: 3d515badd607c046
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citi.requestssl.com

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citi.requestssl.com
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citi.requestssl.com HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/javascript
cf-ray: 776e2597cd4ffabc-OSL
access-control-allow-origin: *
age: 194014
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"f871-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=63601
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=18&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=18&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=18&Q_ORIGIN=http://citi.requestssl.com&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://citi.requestssl.com
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:27 GMT
content-type: application/json
cf-ray: 776e259a3ec6fabc-OSL
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Mon, 06 Dec 2032 13:39:27 GMT
last-modified: Fri, 09 Dec 2022 13:39:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname: 
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/javascript
cf-ray: 776e259a3ec1fabc-OSL
access-control-allow-origin: *
age: 194014
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"7380-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29568
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citi.requestssl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:39:26 GMT
content-type: application/javascript
cf-ray: 776e259a3ec0fabc-OSL
access-control-allow-origin: *
age: 194014
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"9eb-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=2539
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (56)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations