Report - bank-citi.officials.workers.dev/

Report Overview

Submitted URL
bank-citi.officials.workers.dev/
IP
104.21.41.73
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-14 09:51:59
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.36.76.226
www.citi.com	26692	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	2.7 kB	104.110.29.32
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	528 B	192 B	35.190.60.146
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.0 kB	6.8 kB	142.250.74.3
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	70 kB	34.120.237.76
ocsps.ssl.com	14517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	2.3 kB	34.237.184.165
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	518 B	35.241.45.82
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.8 kB	23.36.76.226
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	32 kB	142.250.74.106
api.ipify.org	3267	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	211 B	54.91.59.199
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.187.71.185
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.9 kB	172.64.155.188
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.3 kB	141 kB	54.230.111.74
c1.rfihub.net	6410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	6.7 kB	54.230.111.62
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	847 B	88 kB	151.101.85.230
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.6 kB	93.184.220.29
cdn.pbbl.co	8838	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	360 B	1.3 kB	143.204.55.77
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.4 kB	16 kB	142.250.74.66
bank-citi.officials.workers.dev	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	605 B	104.21.41.73
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	7.7 kB	142.250.74.3
dl.dropboxusercontent.com	12831	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	740 kB	162.125.71.15
20766699p.rfihub.com	40171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	693 B	669 B	193.0.160.128
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	16 kB	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-13	medium	bank-citi.officials.workers.dev/	Citigroup Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-14	medium	bank-citi.officials.workers.dev/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (45)

	URL	Size	First Seen	Last Seen
	bank-citi.officials.workers.dev/	1.2 MB	2023-03-07	2023-03-07
Pretty URL bank-citi.officials.workers.dev/ IP 104.21.41.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash a48bbe5eb6456dc8b6d935f8d76c9ee2 7c348f7b9b94c145d6ed900fb295d14fa54a4261 f276cf712a2f2d4fd515814a0e3d938908e73d6081a9ff960932750e91800a48 Loading...

	bank-citi.officials.workers.dev/	1.3 kB	2023-03-07	2023-03-07
Pretty URL bank-citi.officials.workers.dev/ IP 104.21.41.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 6c383254331cbccf35a8bcfff3bff3eb cfc8bc6cb526a341a55df52b8a918de0aa0c0597 c8958a7742fa7c1fd6698a6f0964bc79989453cccd864e054f817a58f13418d8 Loading...

	nexus.ensighten.com/citi/na_prod/serverComponent.php?r=893370933.8984753&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fbank-citi.officials.workers.dev%2F	1.5 kB	2023-03-07	2023-03-07
Pretty URL nexus.ensighten.com/citi/na_prod/serverComponent.php?r=893370933.8984753&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fbank-citi.officials.workers.dev%2F IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 983801bcf67a3b81f205659293c83c31 2227e62277181dbf3605cbdb4ce2c84e37cdd5e9 27dafe3bb7fdd3c985783211cd13491d65a3bc911ee962d8f236c17ec1944480 Loading...

	nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153	1.3 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:05 Times Seen57 Hash 4d37444c012a76a0557182615bf5cdd3 1ba1932dcc6dff6035c37a14de9852606de28329 bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650 Loading...

	c1.rfihub.net/js/tc.min.js	20 kB	2023-03-07	2023-09-15
Pretty URL c1.rfihub.net/js/tc.min.js IP 54.230.111.62 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2023-09-15 03:24:05 Times Seen185 Hash 83c2974d08241a92c3b2dcb8f441271f 424d72cd7dfe7371c647addd7145ab3444a6b121 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Loading...

	www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 7c4ca08d29e1ccd33b4d706d97e3066c 55f1ad687afa2fd776b6cd6fac4bf389dee19545 ec382603f136d9615a396041cceab3d10ea6ef311b50e61062c1d6b22e27e44a Loading...

	www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 952a4babaee470e6f0b0e150ff3781a8 060e0e934e7211dd0d104506f49fa18134f0d412 f5ec1136dadf4ca4f785c7b58576150cf1bf2b4940945a648f4b0fb9822e33b7 Loading...

	www.googletagmanager.com/gtag/js?id=AW-916451471	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-916451471 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 656a4a38027b5de124e392bd41cdda76 5a5a0546119de471b2c912595c2db534444b0b4d f12b28f70b0158b120e160b42404f05f285fa4837ba470a5b96a50145e591527 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-27
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-27 01:02:55 Times Seen261874 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js	286 kB	2023-03-07	2024-04-11
Pretty URL dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js IP 162.125.71.15 ASN #19679 DROPBOX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-11 02:39:48 Times Seen114 Hash 551a7fe0d5b6fdebb3d356a632e41f8e b2b4871d0eaf5125336e174160889a1c7dc309f5 c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935 Loading...

	bank-citi.officials.workers.dev/	2.1 kB	2023-03-07	2024-04-22
Pretty URL bank-citi.officials.workers.dev/ IP 104.21.41.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:55 Last Seen2024-04-22 02:05:03 Times Seen167 Hash f614f20afbf576b484daff8f1cd754e9 1638b3a4fd33b596e4f2c0b34fb4dfda7ea5b419 b706e7f259717a7f26145ad3877f817c14b281f2fb6698998dd967cfe45304ef Loading...

	bank-citi.officials.workers.dev/	1.0 kB	2023-03-07	2023-03-17
Pretty URL bank-citi.officials.workers.dev/ IP 104.21.41.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:27:45 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 1b6bc9e9bf63ad6995ead9dcefa6364b ae1c91f79fcfc7cdbf962893c96f57e5743666b8 ec0d481955908000e6e9f2e96896c6d4977dbaec6ecc6b09d80eef919068dfeb Loading...

	api.ipify.org/?format=jsonp&callback=getIP	29 B	2023-03-07	2024-04-26
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 54.91.59.199 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2024-04-26 20:08:06 Times Seen16502 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099	7.5 kB	2023-03-07	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 412eb38d6a797c24fd5d7e30e1b9799d d2e692a369931cc5bda6418efcef831cbf115ac2 d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02 Loading...

	www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash d811eb5b8aa343245ad7d0b8d38fe379 66adc57ddf8c8801e26e6b91a72b3fc6c3fd6179 52933fa8acea5b7558ac3d0116d43abb99b352c46fbc7a4afc0fe2c997f684e8 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663149099533&cv=9&fst=1663149099533&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663149099533&cv=9&fst=1663149099533&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 85c26f2f19f2faf5785b695defc8735b 7d26a8492a1d0bb594d33a6230f416606cb15b32 dc4c728391fa9e64bf83f8f050b915394607adc1cc256fe2ca931522fc4110e4 Loading...

	www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 5104303d7d4357d7cdf0d699fe4a58e7 a1ca20afccb322c87e5a2f52954c1dfe1ce517d5 6c8be3d51ce552de1145d9e3458e2bbb8885596c2b943df7f7259eae735b6ddc Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663149099364&cv=9&fst=1663149099364&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663149099364&cv=9&fst=1663149099364&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash e12ebad06adac776e92ba6b98ec3ca82 105dee56aeab902a011109ddda3379adff049446 26657053edb43b6cb31fdd75d61f3ae643f756a76aa43a7c00ae5ce1a7851887 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663149099368&cv=9&fst=1663149099368&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663149099368&cv=9&fst=1663149099368&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 54b0985ef1183a6740ae2f526dba2978 6ff366a4731423c714553c2dd41d8fd42c92a01b 8b60a629d40a6931ce192b7205efd9b53d079415d359b7d1e4d68c3098f6bac7 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663149099541&cv=9&fst=1663149099541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663149099541&cv=9&fst=1663149099541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash f6761b25f718779d80758b73134454bd a0580288c135738dc5822a1c66952d99e64d56e3 b30ba47bb3ad598775344ce4d3db92c16ad3c5afe686bf020149b3dbe0edab1c Loading...

	nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456	2.2 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:04 Times Seen29 Hash c12999fcad47ab9cba1967b8c736048d cd62dba28e44aceb5f26c5757f24f59f4f79dc95 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716 Loading...

	nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299	76 kB	2023-03-07	2023-03-08
Pretty URL nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:44:51 Last Seen2023-03-08 08:41:04 Times Seen1 Hash 6ee8c75c11d701bd85d6e3c25093c469 b777ba3d595409473ca8e9cda336f36be74095ef cc23ed6fa37ee5c404d8dc720360520d576d3732fa957152a9bc54958a1478fd Loading...

	nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757	177 kB	2023-03-07	2023-03-17
Pretty URL nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-17 11:32:21 Times Seen1 Hash 6c0ec1ecef630bef7b1fb87b13b4f2cb 6fdd53de6b6f733011ebeb9f0d149d93660ad711 aa04a8b0e57ead0aa5ab793816b58772250bd6efdd01042f1bc7ccc4c20ec540 Loading...

	www.googletagmanager.com/gtag/js?id=DC-6260004	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6260004 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash adb99ca424a97d6e652cab0db9fae1f5 76f5c8ceb56ef5787c2b95ce7ab0534e3e974ff8 33e71fe9406fe212f3ebe2335e9c37912e9b64dd7c494ab0619701c90f410432 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663149099526&cv=9&fst=1663149099526&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663149099526&cv=9&fst=1663149099526&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash a3b05eba99ce762a01218b2113163a5a 699afd7d599e3874f44a655f1e93d4c66e3039fe 1224350cbf4f33b45fb77eab560cf769e63fe3995130314f8818d9e20a9bf614 Loading...

	bank-citi.officials.workers.dev/	84 B	2023-03-07	2023-04-03
Pretty URL bank-citi.officials.workers.dev/ IP 104.21.41.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2023-04-03 23:57:57 Times Seen28 Hash 520412486dba0be8f6db00ab2199a5cc 8917078de42620486e711423f6bbb93de7a6e2f7 1530c97a0e87b9f70cc67a64306f6e9025698fb60a278af437f31b5ad7908621 Loading...

	nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908	170 kB	2023-03-07	2023-03-17
Pretty URL nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:00:26 Last Seen2023-03-17 12:26:16 Times Seen1 Hash de2e8ecdb9334e6565ea8d4feb369116 1ad3b61e26ae8b90d88541ef759869209bde74c8 6643bb410c647786949016cd3032ea1ed824a5a17313a2216c115de612482a5a Loading...

	20766699p.rfihub.com/ca.html?ver=9&ra=1203&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&pf=&ra=10874551942186983	54 B	2023-03-07	2023-03-29
Pretty URL 20766699p.rfihub.com/ca.html?ver=9&ra=1203&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&pf=&ra=10874551942186983 IP 193.0.160.128 ASN #54312 ROCKETFUEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-29 22:08:24 Times Seen3 Hash b83d4eb61e10d05bb3a3ff3c84d78520 c36664ca67a5ff74cc7769baa4284e1967c305a4 4ad528ebef2558de7f30f5917a123f7fd844c6a4462b4609fffeb7a8d922eb35 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js	515 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 31ab1facffb3500494bf6aca3d7e439d f06c23dba145d5aea0291e3e0a657c5f93e48ad9 cc1f329f34c5f9f4c759b787ccc409241a8ffe8d13863a87cc9214e628b43cff Loading...

	www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c	117 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash f7560c764b18736d7eb822b60264aa0f e13c56ebeb0e29c06f4d9e7482b96714805a3747 4ec2d36ed2e24af2f9b8efe133253dc3c8088fbec9c3a60920bef6f617eb0c46 Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:19 Last Seen2023-03-17 12:30:23 Times Seen1 Hash 70049e468e315dbffce0c07753fca6f9 6c1cb5e25675de7746ed7dbb4d103aba9faabea0 94cc0d6d41e4b4bcde2f4f3d6292224215a698f20ffe7915c04cb55146537266 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663149099528&cv=9&fst=1663149099528&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663149099528&cv=9&fst=1663149099528&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 81673c4d778395ffea8993f22f57d0d1 7630a71b3411594853756fea3c6021d10b737496 d8ff595b3efeb98546e9d691f8fc2d136d87658ff46e385ddc79a3d1a411da5e Loading...

	www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 43d00dd6b37ee81f55ec4caacc9b032b 08f8ae55af55c33b2e612e50aa553ed97379d68f 270a3fae2253c64c7b2721858934f70837204e3483a46c31e1812fcf72cbe49c Loading...

	www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash ce5c9a4b93d33e9af93e27d752da6816 673197e88081b6122b27280bfcc39aa3f3702ba5 03a2041231eb781cb9fea7ea3095a009d923f1f1510eecd3028628bebf5923e0 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js	1.1 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash c1db4c234cf539e2bfab42c09c1ca05d 970f866c6f6acd458e94d3d6cbec3cddac256a0b 1c5391cd953f0795fdd58a4e26899f1952522101afc71b63de87f5f467c0d1a6 Loading...

	www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 5dde000ec44fcf4b462b1195e468c5fa 77e717ccb8887c1053dbd56dbf9bba325108a366 376b901c12821f9fc9f1885b66810d7fc7d14589da3e2ca0c9566e2297e4850f Loading...

	www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c	117 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash ff2893d571e2379b422e85731a705d4e e7a8340f99fb151f888afd50a87f2d86c27ebdd0 e15f0c80ecee1e6220327052b24cea4b9d51f968e723a450c32cd98450dd283e Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663149099497&cv=9&fst=1663149099497&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663149099497&cv=9&fst=1663149099497&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash c3b0467ff9b709907451f0dad7ffdf7f 9664f62d30f169759135760184c1a044c90b0fcb 9d73874c6d90de6678f963b44f33caed5bebc3c7f41665a3a3b5225a02243ad4 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663149099537&cv=9&fst=1663149099537&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663149099537&cv=9&fst=1663149099537&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 4664815153499d515d9bcce60b871f66 22f76d5d665efada606be14f5a0890291d367abd 4eb025ab5a0d2ac4244be24b3b9071ac45e9adfb65884d6b0ec1cb2ad63a0f4b Loading...

	nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963	989 B	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-09-15 03:24:05 Times Seen29 Hash a88ee16d6636b998b8a6bb0eedf3a3bb 84b7338657d33ace2048bf6b6e3b8b3fa649548a 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110 Loading...

	nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881	1.6 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881 IP 54.230.111.74 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:44:51 Last Seen2023-09-15 03:24:05 Times Seen29 Hash 43372887591ae43fb66862c6ae6d2c9b f32f657f4a8162f6ee9f1cf9a3d88e688d0eb027 1243ffed4530d6d237dd040101bf2933687f6e9272b10132060115058f914206 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663149099544&cv=9&fst=1663149099544&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663149099544&cv=9&fst=1663149099544&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.66 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 6016f4c3a24feea757d38f3c26e48429 8c2f04401fc2204949544d7f301febbb2b38a9d4 f9fa036fc5d6a5083848a73d9ac0552c2f15137a650d34491d1472e90c0a031b Loading...

		Size	First Seen	Last Seen
	#1 Eval - d066c179a444118cb57f3c2c7bbc579f	12 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash d066c179a444118cb57f3c2c7bbc579f 2360e18b98d230ad8f2ffeb37fa09a2e9cd66262 bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3 Loading...

	#2 Eval - a1e812d5f05d7cece0f88cbbd441cb0c	10 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash a1e812d5f05d7cece0f88cbbd441cb0c b3c0ae9c7de7985f174bfe604b81b6068d8acfbf 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86 Loading...

		Size	First Seen	Last Seen
	#1 Write - 22b70068224d262968c3fbc2e77395af	412 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 16:20:01 Last Seen2023-03-07 16:20:01 Times Seen1 Hash 22b70068224d262968c3fbc2e77395af 38e1d3cd01b73208cdf0c2ad68eb851715f49dcd dd22ee1011dcf6f98808d8980094f8202a24c3bd36c7ebbf42dcecc5e305cd1e Loading...

HTTP Transactions (86)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15133
Expires: Wed, 14 Sep 2022 14:04:00 GMT
Date: Wed, 14 Sep 2022 09:51:47 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 14 Sep 2022 09:09:29 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IhlThwFeyYAbaITPTa-e7ZOYaUyOpkS0-GDUM69jtRpJrLtnctre_w==
Age: 2538

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 14 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: g_ftjL14wVBWaAeWZ2T9eaHMOycwuLYxdq4eTsnPB97m1uNfBUX9Ww==
age: 18992
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f62e5bb49c3ccf09395cbbe58639a275
99756bfe957a87a58843f620603a4e1d0c695194
d4ccc35b5220280c323050d53494b445c52846471bbbff3e58b63748e2ff8978

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D4CCC35B5220280C323050D53494B445C52846471BBBFF3E58B63748E2FF8978"
Last-Modified: Tue, 13 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 14 Sep 2022 15:51:47 GMT
Date: Wed, 14 Sep 2022 09:51:47 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 14 Sep 2022 09:51:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f62e5bb49c3ccf09395cbbe58639a275
99756bfe957a87a58843f620603a4e1d0c695194
d4ccc35b5220280c323050d53494b445c52846471bbbff3e58b63748e2ff8978

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D4CCC35B5220280C323050D53494B445C52846471BBBFF3E58B63748E2FF8978"
Last-Modified: Tue, 13 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Wed, 14 Sep 2022 15:51:47 GMT
Date: Wed, 14 Sep 2022 09:51:48 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
969bdef2bff6e8723f225ab5b486b3fe
a7e62b5a807d9537c1155f7176e5755d5e4b93c8
e1da3cf6e2d6cb653ed35e36f3ddc6deda16fed25bd8ab687a5652140c2efb68

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4791
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Last-Modified: Wed, 14 Sep 2022 08:31:57 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
969bdef2bff6e8723f225ab5b486b3fe
a7e62b5a807d9537c1155f7176e5755d5e4b93c8
e1da3cf6e2d6cb653ed35e36f3ddc6deda16fed25bd8ab687a5652140c2efb68

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2295
Cache-Control: max-age=128467
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Etag: "6320ee10-1d7"
Expires: Thu, 15 Sep 2022 21:32:55 GMT
Last-Modified: Tue, 13 Sep 2022 20:54:40 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
969bdef2bff6e8723f225ab5b486b3fe
a7e62b5a807d9537c1155f7176e5755d5e4b93c8
e1da3cf6e2d6cb653ed35e36f3ddc6deda16fed25bd8ab687a5652140c2efb68

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5575
Cache-Control: max-age=131747
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Etag: "6320ee10-1d7"
Expires: Thu, 15 Sep 2022 22:27:35 GMT
Last-Modified: Tue, 13 Sep 2022 20:54:40 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
969bdef2bff6e8723f225ab5b486b3fe
a7e62b5a807d9537c1155f7176e5755d5e4b93c8
e1da3cf6e2d6cb653ed35e36f3ddc6deda16fed25bd8ab687a5652140c2efb68

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3760
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Last-Modified: Wed, 14 Sep 2022 08:49:09 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4a68e0856575d52f7778bc821b5c881b
0956533f660fd0e7096540292f9b60451f60f148
0fde07586af73476634e76ed5badfce43d8b4ec078fd0f172d80c28ad98e3d27

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 09:42:03 GMT
expires: Tue, 12 Sep 2023 09:42:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 173385
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8cde7cfad467d0aea5bde984692bcf3a
628c92fb0e013e825c7472b062bd195309929c55
a78b90e26b5a7fe07ae106cc32fdfc8ea058b4ef21da8eb15a694fc676bcaf43

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4703
Cache-Control: max-age=143154
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Etag: "63211e07-1d7"
Expires: Fri, 16 Sep 2022 01:37:42 GMT
Last-Modified: Wed, 14 Sep 2022 00:19:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4a68e0856575d52f7778bc821b5c881b
0956533f660fd0e7096540292f9b60451f60f148
0fde07586af73476634e76ed5badfce43d8b4ec078fd0f172d80c28ad98e3d27

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 14 Sep 2022 09:03:22 GMT
Expires: Wed, 14 Sep 2022 09:28:04 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ehB3lGGoqCf-QzBj-Onqoy3Zi6K0ASeJRO5hcMDWuCJFmoqx20eTCA==
Age: 2906

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
24d6f073b418e3826c74d24240cf9f1b
c0975e501d24dcddc864070a9bf64b30b0066772
89c3cfca828ff68a4bedbea00bfbda28d1a6ba2c24f3f60305ba54c11daa2bb1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 09:51:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 15:35:59 GMT
Expires: Mon, 19 Sep 2022 15:35:58 GMT
Etag: "c0975e501d24dcddc864070a9bf64b30b0066772"
Cache-Control: max-age=452049,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a839e80f50b4eb-OSL

api.ipify.org/?format=jsonp&callback=getIP

54.91.59.199

200 OK

29 B

URL HTTP/1.1
api.ipify.org/?format=jsonp&callback=getIP
IP
54.91.59.199:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: application/javascript
Vary: Origin
Date: Wed, 14 Sep 2022 09:51:48 GMT
Content-Length: 29
Via: 1.1 vegur

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3ac56507d17ffff5e8b486406985d68
17d26336cd8ea65af3f23db166945f1b3fbbfbab
e7e321340eed681c1269f715b0214e1511d5762fffbe930e7c157b800afa9a39

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3296
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:48 GMT
Last-Modified: Wed, 14 Sep 2022 08:56:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png

104.110.29.32

200 OK

1.8 kB

URL HTTP/1.1
www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png
IP
104.110.29.32:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /CBOL/IA/Angular/assets/citilogoredesign.png HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 30 Nov 2021 10:40:38 GMT
Accept-Ranges: bytes
Content-Length: 1799
X-Akamai-CITISITE: SWDC
Strict-Transport-Security: max-age=300
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
Content-Type: image/png
X-WebKit-CSP: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Date: Wed, 14 Sep 2022 09:51:48 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=171D9309F889EC65EEBACE2D95750D21; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com

push.services.mozilla.com/

54.187.71.185

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.187.71.185:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TEGGVesOtBvo21Q7yuywNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KSaa4z4knpnTmBQL1a+raxTNHYc=

dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff

162.125.71.15

200 OK

76 kB

URL HTTP/2
dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

HTTP Headers

GET /s/5pecxff6thpa7bk/Interstate-Light.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bank-citi.officials.workers.dev
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Light.woff"; filename*=UTF-8''Interstate-Light.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968851764500n
pragma: public
set-cookie: uc_session=U9it26Ido2iw74vbSm2xj9cdx8RPUXeQsRL1QcFNHgZAs0tnjXb7CEIorcf4W5Bf; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 262
content-type: application/octet-stream
date: Wed, 14 Sep 2022 09:51:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 75538
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 675c1d23c2714ef1bcc4c3c24d3bba9b
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0

162.125.71.15

200 OK

203 kB

URL HTTP/2
dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
203 kB (202636 bytes)
Hash
d50be2f9656b4a0afde516a972ffd676
f2824c945965cff67a29515526ee4d18e3023d3b
16938051613d9dd624e55b5d4b40fa3d741718e4eb3e35c8a52527133d2758e6

HTTP Headers

GET /s/esn6641krlordqt/styles.css?dl=0 HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=CMs1m15JMZYpCJmMmKeU36Wbnsm4ptyFGeGNBJiwmbERFACcWTYsGnGvuYygADJc; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 229
content-type: text/css; charset=utf-8
date: Wed, 14 Sep 2022 09:51:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 6b6a2f6ebe854d43affd98914a65d353
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png

162.125.71.15

200 OK

76 kB

URL HTTP/2
dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
76 kB (75877 bytes)
Hash
237ebb6953c6afd8e3dae049d8c62b67
ad8e6332714be4a29caf1679db7cab7464f38775
b877698f09410d413674710686635533329cab170062dbe29e8000a4a4aaf804

HTTP Headers

GET /s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Cookie: uc_session=YlQsfHXD1KooaCQeDSoo9jpmvU01enOJ4kOMcNfcDmvTJR4FPlb0Q25XPkc3r0OQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Citi-Branding-Sprite.png"; filename*=UTF-8''Citi-Branding-Sprite.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968652168104n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 209
content-type: image/png
date: Wed, 14 Sep 2022 09:51:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4952
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 08bf92b88ac64b73bf74e33c4427457e
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png

162.125.71.15

200 OK

445 B

URL HTTP/2
dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

HTTP Headers

GET /s/tx4dbqw0bze09il/social-media_facebook%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Cookie: uc_session=YlQsfHXD1KooaCQeDSoo9jpmvU01enOJ4kOMcNfcDmvTJR4FPlb0Q25XPkc3r0OQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_facebook@3x.png"; filename*=UTF-8''social-media_facebook%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968884486105n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 246
content-type: image/png
date: Wed, 14 Sep 2022 09:51:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 445
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 264bac8655774b6e856aaee6b360d9ed
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js

162.125.71.15

200 OK

105 kB

URL HTTP/2
dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
105 kB (104595 bytes)
Hash
5c8c012f5cdff26d18d83e5f07c6d1e9
2d5951f5551621d839512f13d2a4aad61300927a
9270821fe53914d0873de55647900afdcefc50ef79a06058032d04fd79b14e65

HTTP Headers

GET /s/z095l2wk45dt9ci/Bootstrap.js HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Bootstrap.js"; filename*=UTF-8''Bootstrap.js
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=YlQsfHXD1KooaCQeDSoo9jpmvU01enOJ4kOMcNfcDmvTJR4FPlb0Q25XPkc3r0OQ; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 198
content-type: application/javascript
date: Wed, 14 Sep 2022 09:51:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 44e4e1d4c0164dc9bf4b847b59f8b1a1
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png

162.125.71.15

200 OK

187 kB

URL HTTP/2
dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
187 kB (186812 bytes)
Hash
171bc3426291644b7d1d396fe334b39d
4ce2f917f682ce86568864f7b9654936dd73151c
f12493515ac4f7877d020e185a41ebfd25d2215e2c1e4103d4153b916a4addd1

HTTP Headers

GET /s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Cookie: uc_session=YlQsfHXD1KooaCQeDSoo9jpmvU01enOJ4kOMcNfcDmvTJR4FPlb0Q25XPkc3r0OQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Appstore-Googleplay-JDPower-Sprite.png"; filename*=UTF-8''Appstore-Googleplay-JDPower-Sprite.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968650157896n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 230
content-type: image/png
date: Wed, 14 Sep 2022 09:51:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 44996
x-dropbox-response-origin: far_remote
x-dropbox-request-id: f5f64d4eb2bc42e3bba8f8d5ecff319c
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png

162.125.71.15

200 OK

1.0 kB

URL HTTP/2
dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 5 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 kB (1001 bytes)
Hash
a673c51b56b022c5a190b93060e3368b
15ff8d5fa005554f2a5cf9d4c2440da5ebe8c8c0
8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc

HTTP Headers

GET /s/gd8h4cwovjh6a2u/progress-indicator-bg.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
Cookie: uc_session=YlQsfHXD1KooaCQeDSoo9jpmvU01enOJ4kOMcNfcDmvTJR4FPlb0Q25XPkc3r0OQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="progress-indicator-bg.png"; filename*=UTF-8''progress-indicator-bg.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968878381358n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 353
content-type: image/png
date: Wed, 14 Sep 2022 09:51:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1001
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4f4c622a8e384a15b25b1f5916926dc9
X-Firefox-Spdy: h2

nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError

54.230.111.74

204 No Content

0 B

URL HTTP/2
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: CloudFront
date: Wed, 14 Sep 2022 01:05:17 GMT
cache-control: no-cache, no-store
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M-TZlWBK4HwDDHGvv9HlEWwJpv8AdVjevGikRJqncUuR4RKvHTA5MQ==
age: 31592
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963

54.230.111.74

200 OK

989 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
989 B (989 bytes)
Hash
a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

HTTP Headers

GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 989
date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:14 GMT
etag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gmZ2dKlTO823vnpXOZ0hDeihWP2akEqJWjX5yhvmivX3qIRBSqdTpg==
age: 4682504
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c79a6d9219e52788c0288a4288601f0b
a55c74c35279d08872bb4b0805d3f8ff684bc322
345482ec25a567e189a52a824fa13f6bbcfa8ce636c40f3619232b9cff65fa6a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299

54.230.111.74

200 OK

53 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (615)
Size
53 kB (53017 bytes)
Hash
5d4064ea7a2067aa0bf1979b12b21c80
bf9a30196900c14b318ba96106a6cf1b55927e44
421fdb245a4092ab79df23d3f32a05e065c3a22a7165b9870b129c048afb5e02

HTTP Headers

GET /citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 16 Aug 2022 21:43:10 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
etag: W/"6ee8c75c11d701bd85d6e3c25093c469"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: jza8GqxZGhVz18cCFAItH4ZpiQFQqNOt
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5gRby0yJvVmk0g8lB-aHBtVhmJ5Xewg6xc4NpR4iGxgPFEIy3r8E5Q==
age: 2462920
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

54.230.111.74

200 OK

1.0 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
1.0 kB (1036 bytes)
Hash
5dce81a2d69093b88c4687588288e799
b5ba1e2518a891b5f343589f740357f24e794234
bb1d69be199b9f8c92136513ec3606370d1658126524801d5dd51f94b618f985

HTTP Headers

GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 04:58:00 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 31 Aug 2021 17:19:04 GMT
etag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EBKBiCW8QZfTE9EnI9m6WEaUNdnC8zGPrLE3VxEuY-qowGvOPLPLHg==
age: 4683229
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757

54.230.111.74

200 OK

80 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (586)
Size
80 kB (79608 bytes)
Hash
451586149e15a89c9c54513b84e09cfd
847b641f0bae625fe7f4dd4bdb299022bd834664
17983825bd045f659476e86d9e6139d4fa8d49550378623a7516793cf426a611

HTTP Headers

GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 16 Aug 2022 21:43:10 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
etag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NDu6mbJCLtrfg5njagGaNpog0lV_UghofLUVYDkU1Dx7TaTYbVZt9g==
age: 2462920
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8508
Expires: Wed, 14 Sep 2022 12:13:38 GMT
Date: Wed, 14 Sep 2022 09:51:50 GMT
Connection: keep-alive

nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456

54.230.111.74

200 OK

1.2 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1964)
Size
1.2 kB (1163 bytes)
Hash
da80499f4d5ae25616136b3e8dc41900
b7ab46c8e2af0436cd17e39a9dfa64818940ed6e
8146bcb2eb00079a868d3b61bdf9c37dc0756fd24f4a18a3ae71a6447c36900c

HTTP Headers

GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 04:43:02 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:09 GMT
etag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GSO_JNj7rdNlG7BFmbxKXClG1LlrkfPv2eGdlY4LKtpTvO0Fdihg0A==
age: 4684128
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7859b5f-1c86-429e-be16-f7b41657b096.jpeg

34.120.237.76

200 OK

17 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7859b5f-1c86-429e-be16-f7b41657b096.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
17 kB (16980 bytes)
Hash
d7be52d818b206e064541ef4f4b0786b
7674123112859fd79ee9214c5308ad6a5e4ed015
bb011cf1e3c97c42f22c0553b64c23f120fa52d4bc7b56b5bde5678226aff0ce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7859b5f-1c86-429e-be16-f7b41657b096.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16980
x-amzn-requestid: 7c555cd5-4a33-452e-82d4-cac3282c0b0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYZfRHYOoAMFtIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320092e-0bbd43cc499db9ed24226439;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 04:38:06 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: m4lRTnfzeQluGV3fqyeSS6yLeU8tcfijOqcqyVdZ2L2pENHfWdrUHg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 03:30:38 GMT
age: 22872
etag: "7674123112859fd79ee9214c5308ad6a5e4ed015"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6078 bytes)
Hash
f2157f7cfbdeb607f28ae51eb090f2c3
33d0dcadaa42179b2eae914c8ad16c9c088afbc9
135cd89c2c82f0f5e53d2612d5eac868c175b28a567a07e63a2073942e36a066

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6078
x-amzn-requestid: e09c099f-5a2d-49d7-b6ab-e16f09c28bd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YavJEEM5IAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f8a0-0fbb7b3d0cd6fbfa04f5a5d2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:39:44 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ur-HTN2DS8b3ojSQldJOZi6YW2wtCwRfbGqxg49ZUJ_00hC_rFxYEw==
via: 1.1 9b21fd56256eda6d1379e32829c4c446.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:05:07 GMT
age: 42403
etag: "33d0dcadaa42179b2eae914c8ad16c9c088afbc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26eefe41-9675-409e-9a6b-8c39594eb7de.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7543 bytes)
Hash
967db8594cfbc60139ea4bccfe259742
be8239300d4abfb14466655eedb6b277543ad8b2
eb6585e04cd275e2bf02c2cf8d8693e43f0c0a3e7fec0092fc2ff18025b45dde

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26eefe41-9675-409e-9a6b-8c39594eb7de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7543
x-amzn-requestid: a8a09d68-971d-4d84-bf6b-ca78644927b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yau8DHQ4IAMFzFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f84c-54803f1d5f1777f334c7a4d5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r4qPNiUXDiV_XGCo5FGPM_yuDeYj5n09eonvoNMdqymZnc5aDmhTVg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:59:56 GMT
age: 42714
etag: "be8239300d4abfb14466655eedb6b277543ad8b2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c31b50-df9d-4fb5-8912-45e00991efb0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8658 bytes)
Hash
0a8f751d08647c72b709802aef65c313
41d9a867d08faf7ff6269e8be37170db5ccc4b12
ee7ac0fc01b3820dd1125644a4f260595a387385c835857ac8ab128441fc3e12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c31b50-df9d-4fb5-8912-45e00991efb0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8658
x-amzn-requestid: 02eef443-b348-43c4-a541-d9bd5f8fcb72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvltHKfIAMFb6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c8a-0f779de53c6380b11012eef9;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:08:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7XmvaFkSaTqmjODHGlIFlNECiQsEBjVyBAeoOTWOKIx-hiXS5RFEng==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 07:21:54 GMT
age: 8996
etag: "41d9a867d08faf7ff6269e8be37170db5ccc4b12"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf118ca5-e4f8-4e97-a3c2-87e36a56e609.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9270 bytes)
Hash
b20499b3b8ef7b8ee73bd8b27e8c0c16
744a852e9357455d55e72809841411258fec44a9
457c8a9e4974a9529fa852b37f7ffc083e0eac987fe47aaebda808bf9f9f2941

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf118ca5-e4f8-4e97-a3c2-87e36a56e609.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9270
x-amzn-requestid: bba505a1-bbba-4d14-ad3a-1f72c028cc43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLj-YGaOIAMFeOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ae6c2-08d743cc73070f6653991180;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 07:09:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vGRrbI4hDMlyKh7qDB3mVRNKJW6vqpnJR94CU6lZVyTzNqjmI0hrpA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 23:11:58 GMT
age: 38392
etag: "744a852e9357455d55e72809841411258fec44a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15547 bytes)
Hash
56811a1a20a467464e1f3da171ef8b14
366b2090d409d694b72b4b4131df46dd65d69c5a
4c208fb88884166adf4ecc5882f75948b4a87d85c76ad6e7137e8edbd125c996

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15547
x-amzn-requestid: a78f7d90-84c3-4198-88bf-1d722c37f09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4EUDoAMF13A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-49535e5525606250306488ba;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CWzE6n2U7hSFcSIHX5z76DPIid9pvbOqM6ikOlegBxzbuRThMeLKZA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:46:14 GMT
etag: "366b2090d409d694b72b4b4131df46dd65d69c5a"
content-type: image/jpeg
age: 43536
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

c1.rfihub.net/js/tc.min.js

54.230.111.62

200 OK

6.2 kB

URL HTTP/2
c1.rfihub.net/js/tc.min.js
IP
54.230.111.62:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (19497)
Size
6.2 kB (6162 bytes)
Hash
ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f

HTTP Headers

GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6162
date: Wed, 14 Sep 2022 09:07:26 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
expires: Wed, 14 Sep 2022 10:07:26 GMT
last-modified: Wed, 14 Sep 2022 09:07:16 GMT
content-encoding: gzip
server: Jetty(9.3.29.v20201019)
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qa4Ojd8CmkFA_R9HSBm_EEUHSfKvalpxT3MJWLf7rneCVDagvpSIPQ==
age: 2664
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e3c83de875a9342e445b7953d827dc41
d5deaf955bdca84a2188c56a33a0c13a25dc128e
693fd5f7e9d01ac372764071ca4adab8d32092832206a081ecc0e7770f5cf240

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 09:51:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 02:15:45 GMT
Expires: Wed, 21 Sep 2022 02:15:44 GMT
Etag: "d5deaf955bdca84a2188c56a33a0c13a25dc128e"
Cache-Control: max-age=576833,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a839f29c09b4eb-OSL

20766699p.rfihub.com/ca.html?ver=9&ra=1203&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&pf=&ra=10874551942186983

193.0.160.128

200 OK

118 B

URL HTTP/1.1
20766699p.rfihub.com/ca.html?ver=9&ra=1203&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&pf=&ra=10874551942186983
IP
193.0.160.128:0
ASN
#54312 ROCKETFUEL

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

HTTP Headers

GET /ca.html?ver=9&ra=1203&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&pf=&ra=10874551942186983 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 09:51:50 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0Mja0NDMxMjYyNjc0MjMyNRfiM9R1KzTxdkp1zgoy9wkAAMe7918lAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 9 Oct 2023 09:51:50 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0Mja0NDMxMjYyNjc0MjMyNRfiM9R1KzTxdkp1zgoy9wkAAMe7918lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff

162.125.71.15

200 OK

72 kB

URL HTTP/2
dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

HTTP Headers

GET /s/onrn6uufd9w6dw9/Interstate-Bold.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bank-citi.officials.workers.dev
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Bold.woff"; filename*=UTF-8''Interstate-Bold.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968844676205n
pragma: public
set-cookie: uc_session=zv8vTadJkWHeaK4iGqJgz2OUgeDzhiB035l1CD3eVmDGOb1prcMWbJHpEMF23Y8x; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 3827
content-type: application/octet-stream
date: Wed, 14 Sep 2022 09:51:52 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 71874
x-dropbox-response-origin: far_remote
x-dropbox-request-id: a30c459e8caa4ebb9373637231eebda6
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js

151.101.85.230

200 OK

531 B

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (592)
Size
531 B (531 bytes)
Hash
163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a

HTTP Headers

GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Vo5x77/FcGHnkLbfUTXVLDmJHHdrlz4aMWcNwMvtCbxicDSk8U9B1rL9IzlXQT4slGKV1Pr55/g=
x-amz-request-id: 4Y0T4GP9K3GT4QZ5
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Sep 2022 09:51:52 GMT
via: 1.1 varnish
age: 877670
x-served-by: cache-bma1671-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663149113.993839,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2

cdn.pbbl.co/r/1560.js

143.204.55.77

403 Forbidden

986 B

URL HTTP/2
cdn.pbbl.co/r/1560.js
IP
143.204.55.77:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
986 B (986 bytes)
Hash
4029a8614d035dae4d87ae6352d6a57d
3ccd50b275ce0bddc30f8133ace1ed4ca314926c
9c8ca31a573a4ae8e884fb20a27a5145366744a97835cbb8a4544fd5043ba0e1

HTTP Headers

GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
server: CloudFront
date: Wed, 14 Sep 2022 09:51:53 GMT
content-type: text/html
content-length: 986
x-cache: Error from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7VerVQYpxNUtL-PUdffQXxdz8E5iGYHchEE6hHZVc7Olj-5UkK1mCA==
vary: Origin
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js

151.101.85.230

200 OK

86 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (53511)
Size
86 kB (85764 bytes)
Hash
b30a7c4298aa25029a8749c6e39227b5
2dce3d234767a1ad5e61d873cae34ae5b6fe254a
7afee8874ccfd7b48f756bc872261ec5ab41aaa9af91d91b3af2ba7e6ffd1c33

HTTP Headers

GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Wed, 14 Sep 2022 09:51:53 GMT
via: 1.1 varnish
age: 40198
x-served-by: cache-bma1671-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663149113.010807,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
78f8bae58862d8be3437cfe9e927011d
fb01a9cfd346f2c9b7694276c72a76e213887b06
389d233aa4b3ea23315c9d6e8d72d96fb2f802e227d24199c788a5a89e96a19e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/conversion_async.js

142.250.74.164

200 OK

16 kB

URL HTTP/2
www.google.com/pagead/conversion_async.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1623)
Size
16 kB (15687 bytes)
Hash
4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 14 Sep 2022 09:51:53 GMT
expires: Wed, 14 Sep 2022 09:51:53 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
583b7bb4fb7fde8d957d862d38c3164a
db4b64d96f4999e1603bb68fe3cae5d35c720e43
14efad296b4734eaa8038bb53187ac89eb1be3ae15dca59a8c610b89de5916ef

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 09:51:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 12:15:17 GMT
Expires: Mon, 19 Sep 2022 12:15:16 GMT
Etag: "db4b64d96f4999e1603bb68fe3cae5d35c720e43"
Cache-Control: max-age=440002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a83a041f9db4eb-OSL

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b743089bdff5635e2f7c38d20c1910f6
f1874493bc88c2d9ba4a95a43e810da1cb452abd
3a60895d54c86a3e46a3dbcacfc07f3fae4ba79add296b16d0938baacc8d462a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Wed, 14 Sep 2022 09:51:53 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsps.ssl.com/

34.237.184.165

200 OK

1.9 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
34.237.184.165:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.9 kB (1883 bytes)
Hash
d5c64bf708cd0a5a1bc5616a579316ba
5821797e7a7282e2d5319655fa7c121049576521
890abc63d72428f07d5b20691dc810283bff117dacccae13d607d3996e70e3fe

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Sep 2022 09:51:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Tue, 20 Sep 2022 14:15:13 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "5821797e7a7282e2d5319655fa7c121049576521"
Last-Modified: Tue, 13 Sep 2022 14:15:14 GMT
X-Proxy-Cache: HIT

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
89dc4294d8e50675a5cb111e84d38452
993b0be337e43de62b8a33bef20c972881c8a646
27e6f64589d2befddc951fc27b83d03e1113bcfe301c76a2e412a20d2558a0c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
89dc4294d8e50675a5cb111e84d38452
993b0be337e43de62b8a33bef20c972881c8a646
27e6f64589d2befddc951fc27b83d03e1113bcfe301c76a2e412a20d2558a0c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663149099364&cv=9&fst=1663149099364&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663149099364&cv=9&fst=1663149099364&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2260), with no line terminators
Size
1.0 kB (1041 bytes)
Hash
771b0b1f29eee8103dcf8d7541769a8d
a64e449c784f196345baae194bc4c41f352c97bd
fb6c530ed794fbf2afbc0cfdc222d05df300e8f295e681bb9ce6e57efef5eab5

HTTP Headers

GET /pagead/viewthroughconversion/916451471/?random=1663149099364&cv=9&fst=1663149099364&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1041
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663149099368&cv=9&fst=1663149099368&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663149099368&cv=9&fst=1663149099368&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2262), with no line terminators
Size
1.0 kB (1042 bytes)
Hash
d374f8d714ebaa760451a081b912a0ef
3c6fc0accfb63d8ab5e04a5cf88880ac378e028e
fcd058838a7ddd6325640b13cbda922301e7065f5a4a3d5f0e035331de5ef6eb

HTTP Headers

GET /pagead/viewthroughconversion/644574043/?random=1663149099368&cv=9&fst=1663149099368&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1042
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9iYW5rLWNpdGkub2ZmaWNpYWxzLndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMTQ5MDk5MjUwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODMzYjY5NDhlNDViMi0wZmRjOGJkMTQ2ODZlNzgtMzA2ZDQ2NGEtMTQwMDAwLTE4MzNiNjk0OGU1NGMzIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vYmFuay1jaXRpLm9mZmljaWFscy53b3JrZXJzLmRldi8iLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiMjg5NC05OGJkLTEzZTQtZWVmMS04YjU3LTI4NTMtM2M1Mi1iMGE1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjMxNDkwOTkyNDgiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMjkwLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjYzMTQ5MDk5MjUwLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9iYW5rLWNpdGkub2ZmaWNpYWxzLndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMTQ5MDk5MjUwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODMzYjY5NDhlNDViMi0wZmRjOGJkMTQ2ODZlNzgtMzA2ZDQ2NGEtMTQwMDAwLTE4MzNiNjk0OGU1NGMzIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vYmFuay1jaXRpLm9mZmljaWFscy53b3JrZXJzLmRldi8iLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiMjg5NC05OGJkLTEzZTQtZWVmMS04YjU3LTI4NTMtM2M1Mi1iMGE1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjMxNDkwOTkyNDgiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMjkwLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjYzMTQ5MDk5MjUwLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9iYW5rLWNpdGkub2ZmaWNpYWxzLndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMTQ5MDk5MjUwIiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODMzYjY5NDhlNDViMi0wZmRjOGJkMTQ2ODZlNzgtMzA2ZDQ2NGEtMTQwMDAwLTE4MzNiNjk0OGU1NGMzIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vYmFuay1jaXRpLm9mZmljaWFscy53b3JrZXJzLmRldi8iLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJtZF9pc1N1cnZleVN1Ym1pdHRlZEluU2Vzc2lvbiI6ICIiLCJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiMjg5NC05OGJkLTEzZTQtZWVmMS04YjU3LTI4NTMtM2M1Mi1iMGE1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2NjMxNDkwOTkyNDgiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMjkwLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Ny4zIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Ny4zIiwiaGlzdG9yeV9sZW5ndGgiOiAxLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjYzMTQ5MDk5MjUwLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19 HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 14 Sep 2022 09:51:53 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-1bzp
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
89dc4294d8e50675a5cb111e84d38452
993b0be337e43de62b8a33bef20c972881c8a646
27e6f64589d2befddc951fc27b83d03e1113bcfe301c76a2e412a20d2558a0c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663149099541&cv=9&fst=1663149099541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663149099541&cv=9&fst=1663149099541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2264), with no line terminators
Size
1.0 kB (1042 bytes)
Hash
ec13d4bd18672eb4430ef093d81ac1f8
bfe0273ab5123e8a33b45c2c1288f174def3a8b2
8006b5111663f64ad99e80a3ff832e9c43212abf0e7cd859c79f9b9474253f1a

HTTP Headers

GET /pagead/viewthroughconversion/10955006959/?random=1663149099541&cv=9&fst=1663149099541&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1042
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663149099544&cv=9&fst=1663149099544&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663149099544&cv=9&fst=1663149099544&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2262), with no line terminators
Size
1.0 kB (1040 bytes)
Hash
4865ea130af6ff8dbbb924c6099a261e
3ea0561e7edfa9bd5d2fcaa3f2c1f1aca614b197
5ce07fd1e74a90a704c30779903e46cb34dc370b2d1cb1e8973e165d3ef12abd

HTTP Headers

GET /pagead/viewthroughconversion/819500023/?random=1663149099544&cv=9&fst=1663149099544&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1040
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663149099533&cv=9&fst=1663149099533&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663149099533&cv=9&fst=1663149099533&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2260), with no line terminators
Size
1.0 kB (1040 bytes)
Hash
c9380d61cf92862573929783b6ac77ed
677dc5c1f147bf28fee1b917169cfa677be1d059
b591a0ddba813efb09c3c35e6661de4f87838c04bfa8a78e859cfa989c707d40

HTTP Headers

GET /pagead/viewthroughconversion/960621875/?random=1663149099533&cv=9&fst=1663149099533&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1040
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/faq078xaxkrnxze/favicon.ico

162.125.71.15

200 OK

9.3 kB

URL HTTP/2
dl.dropboxusercontent.com/s/faq078xaxkrnxze/favicon.ico
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
9.3 kB (9282 bytes)
Hash
5d91c44f67db2a1dc53744c78d8db37c
9470d5d1a401d573ed948aefb8d2e807d9bfe86f
54b64a6b6affa1e67cec3bff2c265b1cd43bde5e361fca8514d16d073f0466d8

HTTP Headers

GET /s/faq078xaxkrnxze/favicon.ico HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Cookie: uc_session=YlQsfHXD1KooaCQeDSoo9jpmvU01enOJ4kOMcNfcDmvTJR4FPlb0Q25XPkc3r0OQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="favicon.ico"; filename*=UTF-8''favicon.ico
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
x-content-type-options: nosniff
x-server-response-time: 187
content-type: image/x-icon
date: Wed, 14 Sep 2022 09:51:49 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 3dd3d3f206254d30b2c58e524ca206b0
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663149099526&cv=9&fst=1663149099526&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663149099526&cv=9&fst=1663149099526&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2262), with no line terminators
Size
1.0 kB (1042 bytes)
Hash
15b5711d687403418e1d6ba20d1be99d
fa8dd2256cd465c9a1e4f9663ccc5963cd7d25f8
ec792680690521abde79cd69c775fc366e670b8d44b8784a9a46a41d055ce2b0

HTTP Headers

GET /pagead/viewthroughconversion/975701947/?random=1663149099526&cv=9&fst=1663149099526&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1042
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663149099497&cv=9&fst=1663149099497&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663149099497&cv=9&fst=1663149099497&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2262), with no line terminators
Size
1.0 kB (1039 bytes)
Hash
e35f32516841b3f62055ce531c95f7c7
48876ffe2d98d8ca747e9da2f9af8984f41c7f98
a5f2097611ac0bdfdc2c73da9f9290544fa5baf83bdc32af327c7729dd107a82

HTTP Headers

GET /pagead/viewthroughconversion/830907969/?random=1663149099497&cv=9&fst=1663149099497&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1039
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c216fe14f0540c85a40ae7fab4bedf07
be38555ec9d5508b0fd6a1c6393ee1a6a6df6d34
fd4ae18423d4332653f8c824ba79b9fb89c47e496f0955d484ca5bf03ca91021

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c216fe14f0540c85a40ae7fab4bedf07
be38555ec9d5508b0fd6a1c6393ee1a6a6df6d34
fd4ae18423d4332653f8c824ba79b9fb89c47e496f0955d484ca5bf03ca91021

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663149099537&cv=9&fst=1663149099537&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.66

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663149099537&cv=9&fst=1663149099537&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2262), with no line terminators
Size
1.0 kB (1040 bytes)
Hash
ca7d43ed3a93fabb8ae4ca2a05bf593a
999b9fbca855d8f013aa0ceecd898135583186db
ca01a04cb2352e2a253a187cb1a0cb99ad10f57ca41382f87c8956c34934993b

HTTP Headers

GET /pagead/viewthroughconversion/695231162/?random=1663149099537&cv=9&fst=1663149099537&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&auid=1413824625.1663149096&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1040
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 10:06:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/916451471/?random=1663149099364&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=459085274&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/916451471/?random=1663149099364&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=459085274&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/916451471/?random=1663149099364&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=459085274&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/644574043/?random=1663149099368&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3525834629&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/644574043/?random=1663149099368&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3525834629&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/644574043/?random=1663149099368&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3525834629&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
583b7bb4fb7fde8d957d862d38c3164a
db4b64d96f4999e1603bb68fe3cae5d35c720e43
14efad296b4734eaa8038bb53187ac89eb1be3ae15dca59a8c610b89de5916ef

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 14 Sep 2022 09:51:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 12:15:17 GMT
Expires: Mon, 19 Sep 2022 12:15:16 GMT
Etag: "db4b64d96f4999e1603bb68fe3cae5d35c720e43"
Cache-Control: max-age=440002,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a83a069a31b4eb-OSL

www.google.no/pagead/1p-user-list/830907969/?random=1663149099497&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1854532521&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/830907969/?random=1663149099497&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1854532521&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/830907969/?random=1663149099497&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1854532521&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/960621875/?random=1663149099533&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=210572673&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/960621875/?random=1663149099533&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=210572673&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1663149099533&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=210572673&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/959299794/?random=1663149099528&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3280489660&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/959299794/?random=1663149099528&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3280489660&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/959299794/?random=1663149099528&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3280489660&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/975701947/?random=1663149099526&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2988112169&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975701947/?random=1663149099526&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2988112169&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975701947/?random=1663149099526&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2988112169&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/10955006959/?random=1663149099541&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=761657453&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10955006959/?random=1663149099541&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=761657453&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10955006959/?random=1663149099541&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=761657453&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/819500023/?random=1663149099544&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3161551402&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/819500023/?random=1663149099544&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3161551402&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/819500023/?random=1663149099544&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3161551402&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/695231162/?random=1663149099537&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=4272213328&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/695231162/?random=1663149099537&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=4272213328&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/695231162/?random=1663149099537&cv=9&fst=1663146000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9c0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbank-citi.officials.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=4272213328&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 09:51:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c216fe14f0540c85a40ae7fab4bedf07
be38555ec9d5508b0fd6a1c6393ee1a6a6df6d34
fd4ae18423d4332653f8c824ba79b9fb89c47e496f0955d484ca5bf03ca91021

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 09:51:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908

54.230.111.74

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 13 Sep 2022 17:23:36 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 13 Sep 2022 17:23:26 GMT
etag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: esmboKcViY9-ZEbFHPG05DOAz1m5FPazmAGVKGROrXs1sCBulXP81w==
age: 59293
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881

54.230.111.74

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 04:43:02 GMT
x-amz-replication-status: COMPLETED
last-modified: Thu, 14 Jul 2022 20:16:36 GMT
etag: W/"43372887591ae43fb66862c6ae6d2c9b"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: RvpSCqGYAfuhljj0NjnAsdqP.N32uojg
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: siYbhg3e_6uz7zDW-eBfySTSRDaYS7lFlsenBcgJKEZaxAtTCZMgWw==
age: 4684128
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/ttemfbjw200ljgk/050-location%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=050-location%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=Qokq9u8Bte3lE4BgpqmwSNX6gFOQG6gPHX0Rmea7jgDV8qOtZX0GTHMrvzlgOiNm; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 147
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Wed, 14 Sep 2022 09:51:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 6b1b4e0b61c44cbdaa7ef83dd45ffc8e
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/serverComponent.php?r=893370933.8984753&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fbank-citi.officials.workers.dev%2F

54.230.111.74

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=893370933.8984753&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fbank-citi.officials.workers.dev%2F
IP
54.230.111.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/serverComponent.php?r=893370933.8984753&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fbank-citi.officials.workers.dev%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
server: nginx
date: Wed, 14 Sep 2022 09:51:49 GMT
expires: Wed, 14 Sep 2022 09:51:48 GMT
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3V_PwfmaSKYm1UUhfmvG76sh-e7FdnpscaL3Jv-1Sq5CAHEgIhb1CQ==
X-Firefox-Spdy: h2

bank-citi.officials.workers.dev/

104.21.41.73

200 OK

0 B

URL HTTP/2
bank-citi.officials.workers.dev/
IP
104.21.41.73:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: bank-citi.officials.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 14 Sep 2022 09:51:48 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BaGQEvFsJQZVo3OCgpSiQut%2Fz%2B9xPJYCOMoVy5XqNXooyBpdkLsDt0KXlnrloQoxUMILaeKaz5g%2B%2BuYntq5c7uGOFlcHfoJfkwf4d269OgiRWNOoVvgF7MIzeufeLaO9MJ715ShdZjp4L1Y24e5GTBGl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a839e4fc080b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bank-citi.officials.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=icon_globe_med-grey%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=sNo7THxlbbwq3PKNY9sNbIIxJWHLK62hkpN1MyQu8xsnTi2ov07lcmNhjU0Sv7Dq; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 205
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Wed, 14 Sep 2022 09:51:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 5188c786ae4642cb94c231e4487f2525
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (45)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations