Report - www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

Report Overview

Submitted URL
www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
IP
162.241.203.161
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-09-19 16:10:57
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	822 B	862 B	52.17.180.229
ocsps.ssl.com	14517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	2.3 kB	52.6.97.148
citicorpcreditservic.tt.omtrdc.net	31643	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	1.1 kB	18.202.61.67
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.3 kB	142.250.74.3
www.citibankcustomerservices.com.sabedoria-online.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.4 kB	945 kB	162.241.203.161
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	104.18.32.68
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	5.1 kB	142.250.74.72
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.217.237.91
20766699p.rfihub.com	40171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	1.1 kB	193.0.160.129
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	16 kB	142.250.74.164
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.0 kB	18 kB	142.250.74.162
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.5 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
c1.rfihub.net	6410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	305 B	6.8 kB	54.230.111.29
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.8 kB	6.8 kB	142.250.74.3
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
fast.citi.demdex.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	431 B	3.2 kB	23.36.76.161
cdn.pbbl.co	8838	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	300 B	1.3 kB	143.204.55.125
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	3.1 kB	34.248.152.242
metrics.citi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	512 B	1.0 kB	15.188.95.229
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	51 kB	54.230.111.14
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	143.204.42.165
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	88 kB	151.101.85.230
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	518 B	35.241.45.82

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php	Phishing
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js	Phishing
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff	Phishing
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff	Phishing
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff	Phishing
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg	Phishing
2022-09-19	medium	www.citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456	2.2 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:04 Times Seen29 Hash c12999fcad47ab9cba1967b8c736048d cd62dba28e44aceb5f26c5757f24f59f4f79dc95 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716 Loading...

	www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 19e04952984bdac0f28d265c06179622 9416f0179867c6b0bcd60a4462e8a69560d0429a e416ecc18e8cedf44827ff2d0a9eabb2eb6c945ad0f22f2e5bca074fc98574b2 Loading...

	www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 4d94faa958cdbf3f8041ecf197d6fe97 c6a02d725c9ef37b628dc7cc5d48b0214a187b7c ff6401f16d5f65899e6053fa17b1c71eabab3ba38ab7368e0a5a87b868bacf88 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash b2826ea05d194add3de4419a09666c13 203bbaf7d1a66ed2e89f3199598f7ee7d56052f0 9580bbff399a6926682eca6c773d3cf86e318949cfcbe882958f71a1df818ec8 Loading...

	fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php	6.7 kB	2023-03-07	2024-03-23
Pretty URL fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	nexus.ensighten.com/citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php	1.3 kB	2023-03-07	2023-03-07
Pretty URL nexus.ensighten.com/citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 3bc6926842d61fa360a25b7e9267f8ab 1db0601ca41ce0029efd107d03dbfe112960d3f6 b6c54a40d7719f3519efe23550f4d23825c22378dcff9ca561ccd7c7d488a417 Loading...

	www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 0c762f7ef47f33641ff83b4a5acae83b 8acf70faf199da9180780bca3d36c2f539e7b58d 2312c266ed947562ab88d1d7fef1ba2ec5635696df5da14a59307e594d19f953 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash e04eba852fc4020a1c23d8c2a0bf7be4 f01d9e4b59af82fd11d7b02e1a6124c6577abd5e 69aae4f7f95ed4f139afd136ad10758b8326ee4c7cb3c780fc6de0e351bdf06e Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 070f4401e1b720dcaa2b5df5cf0274b1 13d7a43f20e1310435d0840c1d65250cd92ca0f6 e2e9b6e62922c0ff31361334e6246b29804e8eb128b6cb1c39bbbd736707db04 Loading...

	nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153	1.3 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:05 Times Seen57 Hash 4d37444c012a76a0557182615bf5cdd3 1ba1932dcc6dff6035c37a14de9852606de28329 bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650 Loading...

	20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483	54 B	2023-03-07	2023-03-29
Pretty URL 20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483 IP 193.0.160.129 ASN #54312 ROCKETFUEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-29 22:08:24 Times Seen3 Hash b83d4eb61e10d05bb3a3ff3c84d78520 c36664ca67a5ff74cc7769baa4284e1967c305a4 4ad528ebef2558de7f30f5917a123f7fd844c6a4462b4609fffeb7a8d922eb35 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js	1.1 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash c1db4c234cf539e2bfab42c09c1ca05d 970f866c6f6acd458e94d3d6cbec3cddac256a0b 1c5391cd953f0795fdd58a4e26899f1952522101afc71b63de87f5f467c0d1a6 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash b7198525ddf7a1d84511449ae6839980 0856326fe3ebc70c31d93195ccd2c744681ba44b f2bb05069e3f2bdf8a3dc6298427b6ee958d5539b28f18756eeaef035285b9ca Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 258b1520f14170d31544a8acee7eb5c1 4a077579070e1d368da9e830caacfe18e041d126 41845a44cd0204aa565172f0bb09b4d61a2a934dfd78276819ef7ae2fda76366 Loading...

	unknown	0 B	2023-03-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 15:12:26 Times Seen37410635 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=AW-916451471	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-916451471 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 7bbe4fa2ebf00156915bbb8aaedc7c55 6b0c229f88ba82517a5ff225de2942006887646a 190daa275db390d08559bd8bb4c494af3863dbe83d0c9361a8b1b66042062302 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash b822f0dfdd126a2bc569d4b3d103ad6b 9601df390eb8cb6db6b005a1d953395b55cb2231 4b199f195b30121e59f3ae90f247cbc935fc8622bc083fac4e4c93f84783a07b Loading...

	c1.rfihub.net/js/tc.min.js	20 kB	2023-03-07	2023-09-15
Pretty URL c1.rfihub.net/js/tc.min.js IP 54.230.111.29 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2023-09-15 03:24:05 Times Seen185 Hash 83c2974d08241a92c3b2dcb8f441271f 424d72cd7dfe7371c647addd7145ab3444a6b121 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:28:40 Last Seen2023-03-17 12:55:48 Times Seen1 Hash cedb242a337140e0dedb365b50a20508 cf2420a336b9405dfc7d236ec57873fe3ef0f726 5a39699f592d82029c73d15d80e407d51367dd5cf2d49172c9ad4aa8176ce67b Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash e610a5e62aedba5356ebae543d281ca0 e10e2f8a08762241c8c0c801f3bf7b6d3b97a9d3 591774556833b4d406706a82d1248a45cf677cc0918d22c4fb8bec64bf656aa7 Loading...

	www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 2f153c881ab1c0d7ad586d56df971e3e bf1df5d616a0578297f8547bbb3c01e0d45206f4 701ea73b9bf270859149b3419ce9131392e471bf9fa7d0ecf278625ca5313829 Loading...

	www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 3444caf16bac88e7c016da36557e3dae 54af7446dfd5a41647211df46b5db5e59683396a 237e67ad1170d39dd8f5f0feddf25fc5693b123779004a68819d98f70274988b Loading...

	www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 3f7136b1bac2879d1a0d3fc4cb6da41e 008cdcce4de96d5b368686d2fa8cd39b668abcc8 573114a3301bbe18ed7d91f8e3da2c9ae415c13a818f19aad5358d52af4b41c6 Loading...

	nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099	7.5 kB	2023-03-07	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 412eb38d6a797c24fd5d7e30e1b9799d d2e692a369931cc5bda6418efcef831cbf115ac2 d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02 Loading...

	nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963	989 B	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-09-15 03:24:05 Times Seen29 Hash a88ee16d6636b998b8a6bb0eedf3a3bb 84b7338657d33ace2048bf6b6e3b8b3fa649548a 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110 Loading...

	nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908	170 kB	2023-03-07	2023-03-17
Pretty URL nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:00:26 Last Seen2023-03-17 12:26:16 Times Seen1 Hash de2e8ecdb9334e6565ea8d4feb369116 1ad3b61e26ae8b90d88541ef759869209bde74c8 6643bb410c647786949016cd3032ea1ed824a5a17313a2216c115de612482a5a Loading...

	www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash a3cf11239ee360d754bb7aff596dcc37 d317f64ac5caef6024de1129862ed1136ac40c76 20192276983c31b6266d582220bd2320c7d46e92b55cb1e8ba6189c34b07a4a4 Loading...

	www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash a609d8af4131b97f3292c63e03af6d98 8c839a3a8bc05f9f161b8a1cc702150ae862ea84 0a45532447281bd67c5df895a73df715dc25399bd312e195382f0ff73a8579fa Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 1905172deb196bd6e574719318971f16 d6931f8723c3e236119de0c5804c11a922846ecf d68d5ad141ac1993b1ddced5fe7c62e7434fcd4ebe3a7294dc767d8e7e217aa5 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:17:24 Last Seen2023-03-07 21:17:24 Times Seen1 Hash 2b8da0978da86513b59c73b0b57ef7a5 6041d183454df30cf48d3dbe4d24281f178fb1cc 245be332abc74b6276730fb4e3f0e944aa1b0bf8375d9b971447783caf0ef971 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d066c179a444118cb57f3c2c7bbc579f	12 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash d066c179a444118cb57f3c2c7bbc579f 2360e18b98d230ad8f2ffeb37fa09a2e9cd66262 bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3 Loading...

	#2 Eval - a1e812d5f05d7cece0f88cbbd441cb0c	10 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash a1e812d5f05d7cece0f88cbbd441cb0c b3c0ae9c7de7985f174bfe604b81b6068d8acfbf 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86 Loading...

HTTP Transactions (103)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5929
Expires: Mon, 19 Sep 2022 17:49:35 GMT
Date: Mon, 19 Sep 2022 16:10:46 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 15:12:42 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PF2ovEv9fiwwSiBUYxk4UQtUlDxixb3NrWzicVoG60Fo8_1yGdOiZQ==
Age: 3484

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: N7nGQs_bkUQGjLVT1LvqTSmI5OK9hkA68ybPYnQaAc80_VwYgIVWiA==
age: 41733
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 16:10:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 16:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 16:06:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S4Fmoo_H78zGIBIjXMAH4UNNe9-4-2UZWKV2LNnGN-AQBg2xi7p6zw==
Age: 444

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2593
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:47 GMT
Last-Modified: Mon, 19 Sep 2022 15:27:34 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.217.237.91

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.217.237.91:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m+qByV+Nbe5/+8jmbezeXg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9iVPSmEFtpZzzdIObVpSFS2JDSw=

www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

162.241.203.161

200 OK

73 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF, CR line terminators
Size
73 kB (72904 bytes)
Hash
3565d04cb83d61e57c012f3e29f61eb4
18679875ddc361b1c27e5d6aae97858d73dee6c4
a5eb74739dfe0b70593de05d3944be014bdfd788ec3765254c4a93b605a17bb3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/login.php HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js

162.241.203.161

200 OK

114 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (577), with CRLF line terminators
Size
114 kB (113980 bytes)
Hash
68966964a18642e6aaa5273bf94fe6a8
2fc396777f28a911237883b976e9fe07b1f9f177
14cd0967e19247a39f8c5e0d77a4c15d332346d6596afc7d20e7c45d6ac271e1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/js/Bootstrap.js HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff

162.241.203.161

200 OK

76 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/css/Interstate-Light.woff HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 75538
Keep-Alive: timeout=5, max=75
Content-Type: font/woff

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff

162.241.203.161

200 OK

79 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Size
79 kB (78762 bytes)
Hash
b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/css/Interstate-Regular.woff HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 78762
Keep-Alive: timeout=5, max=75
Content-Type: font/woff

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff

162.241.203.161

200 OK

0 B

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/css/Interstate-Bold.woff HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 71874
Keep-Alive: timeout=5, max=75
Content-Type: font/woff

dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1663603828470

34.248.152.242

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1663603828470
IP
34.248.152.242:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1663603828470 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Content-Type: application/x-www-form-urlencoded
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v041-07c43034b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: n2LwzKhzQ34=
Content-Length: 124
Connection: keep-alive

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/styles.css

162.241.203.161

200 OK

282 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/styles.css
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size
282 kB (282125 bytes)
Hash
0087944986f5d5dd6fdbcc3948140211
a3e6c93ea943470ee96fe361e3e4af91d534312d
78f7b2ca443bdcb6490779f9b4533a4eb70b969cd35ff01d7d24f8139e4a4101

HTTP Headers

GET /verify/css/styles.css HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css

metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1663603828713

15.188.95.229

200 OK

89 B

URL HTTP/1.1
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1663603828713
IP
15.188.95.229:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
89 B (89 bytes)
Hash
1d05c9d974481e51dbe99cdf5ccf9cf9
b821d7d4928d7c44a9c6f2a768aa746fef9a25c9
86645f3a9c4f88ad041c3c8fda6030659fc2a24c29c0777c3d51ad8429ee9aa1

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1663603828713 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
access-control-allow-origin: http://www.citibankcustomerservices.com.sabedoria-online.com
access-control-allow-credentials: true
date: Mon, 19 Sep 2022 16:10:48 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31944A443DD488CB-600013246E405272[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 16:10:10 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C33141825722442223213185272606493349812; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 16:10:10 GMT;
s_ecid=MCMID%7C33141825722442223213185272606493349812; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 16:10:10 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_facebook@3x.png

162.241.203.161

200 OK

445 B

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_facebook@3x.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

HTTP Headers

GET /verify/css/social-media_facebook@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 445
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/citipridelogo.jpg

162.241.203.161

200 OK

2.7 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/citipridelogo.jpg
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2658 bytes)
Hash
9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40

HTTP Headers

GET /verify/css/citipridelogo.jpg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 2658
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/jamp-spinner-2x.gif

162.241.203.161

200 OK

37 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/jamp-spinner-2x.gif
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
GIF image data, version 89a, 60 x 60\012- data
Size
37 kB (36855 bytes)
Hash
9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb

HTTP Headers

GET /verify/css/jamp-spinner-2x.gif HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 36855
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/gif

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg

162.241.203.161

200 OK

1.8 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Size
1.8 kB (1752 bytes)
Hash
2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/css/050-location@2x.svg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 1752
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/svg+xml

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg

162.241.203.161

200 OK

3.5 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Size
3.5 kB (3523 bytes)
Hash
8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /verify/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 3523
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/svg+xml

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png

162.241.203.161

200 OK

45 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size
45 kB (44996 bytes)
Hash
7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

HTTP Headers

GET /verify/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 44996
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png

dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=33141825722442223213185272606493349812&d_cid_ic=AVID%0131944A443DD488CB-600013246E405272&ts=1663603828899

34.248.152.242

200 OK

301 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=33141825722442223213185272606493349812&d_cid_ic=AVID%0131944A443DD488CB-600013246E405272&ts=1663603828899
IP
34.248.152.242:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Size
301 B (301 bytes)
Hash
fdb72536295376aaad6cd9fd7ef426b9
c0b9df38996dc50b8377cf23d4de2428815a382e
3dff46b3416821667177b5b32bbb43844d813682781b3b92d02e0cef5fe09402

HTTP Headers

GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=33141825722442223213185272606493349812&d_cid_ic=AVID%0131944A443DD488CB-600013246E405272&ts=1663603828899 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v041-01b9d9b61.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26204762537807362102708852188243537431; Max-Age=15552000; Expires=Sat, 18 Mar 2023 16:10:48 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: NKYqb7NQQpk=
Content-Length: 301
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive

fast.citi.demdex.net/dest5.html?d_nsid=0

23.36.76.161

200 OK

2.8 kB

URL HTTP/1.1
fast.citi.demdex.net/dest5.html?d_nsid=0
IP
23.36.76.161:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2785 bytes)
Hash
b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6428 bytes)
Hash
893f3495f1f575e946a57c8e8411b2a5
480182fd29c7edd369339847b85e4e2580cef0f6
097d868881231eae089ac8b97d5dc290583477f63dc35b7458ed4898e0db3e0c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6428
x-amzn-requestid: 7dd3072b-403a-4bb4-b8c4-58a6d7c254f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRmgCGJVIAMFk5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d5133-0756be8c75da02a857e36a2f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 03:08:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UPvPiYucU7q4x4t0X4tGF7XPXUy0D4F0gcXtWVx-MS-MOunPEWcVUA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:43 GMT
age: 65825
etag: "480182fd29c7edd369339847b85e4e2580cef0f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_youtube@3x.png

162.241.203.161

200 OK

1.2 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_youtube@3x.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

HTTP Headers

GET /verify/css/social-media_youtube@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10894 bytes)
Hash
d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 01:08:23 GMT
age: 54145
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5866 bytes)
Hash
1105b56cf779b6df1cbd081bbd0cda50
58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c
10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:43 GMT
age: 65945
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11919 bytes)
Hash
f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: b04884f3-149d-4750-876b-8e8762f0f2a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfzrHKMoAMFlfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6321467d-5852e5ef280580b8569b548f;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:11:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vaJ_7zKaGiXZh4VtTlLZCOFpi7bz9tpKRbsvRDJ4En-E93sREYnz5w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 05:49:41 GMT
age: 37267
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_twitter@3x.png

162.241.203.161

200 OK

1.3 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_twitter@3x.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

HTTP Headers

GET /verify/css/social-media_twitter@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 1277
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5064 bytes)
Hash
e4098577adb98eae5ba4a8b5e143df71
b0ad467f2837d103f8a96fb732bd34176c4c7110
83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RWcHVQkq3COqcWuVRgOdpVDi7VFrdjpu4q-NU0D3iod1B58xF4K_Yw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:55 GMT
age: 65933
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9901 bytes)
Hash
da8b8819fc21dcfb224ce0e7ecdc6772
e460ad4376cd118a6fe8b6b050af9398117d9531
9d0cf5fe17040e6c494d1596c24f01501babff37c95caa47d048b5e1aefa7697

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9901
x-amzn-requestid: e1792a3b-1893-48a6-8d01-463050259dc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YiGMYE3IoAMFgvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6323ea4f-42ab13411e65943538101b11;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 03:15:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XmcyJv7bahHB4wMjFmgvh2fEkJJYLPhRrISZ_DczSErdEQjXIxWUvg==
via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 03:58:21 GMT
age: 43947
etag: "e460ad4376cd118a6fe8b6b050af9398117d9531"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/1440_Citi-PLT@3x.png

162.241.203.161

200 OK

28 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/1440_Citi-PLT@3x.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /verify/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 28149
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

www.citibankcustomerservices.com.sabedoria-online.com/verify/img/Citi-Branding-Sprite.png

162.241.203.161

404 Not Found

836 B

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/img/Citi-Branding-Sprite.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
836 B (836 bytes)
Hash
e73571aebce42792b40325ac9117da29
d3fe79abd3a925079c1133a0d3c46fd8941514f7
2726faa315039af16d833fbca9694060c9cece0cbe9dd3069bdbba15d073aef2

HTTP Headers

GET /verify/img/Citi-Branding-Sprite.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Thu, 18 Jul 2019 22:27:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 836
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/320_Citi-PLT@3x.png

162.241.203.161

200 OK

12 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/320_Citi-PLT@3x.png
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /verify/css/320_Citi-PLT@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 11562
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=05169a78806242269a3a0c231720ef08&mboxPC=&mboxPage=c96dc2c80295453597a22ce76085962f&mboxRid=25f5a0bf78ea425b924ee64d965b8020&mboxVersion=1.7.0&mboxCount=1&mboxTime=1663603828478&mboxHost=www.citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=1AB522F0591DA026-3DAF0531674C415E&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=33141825722442223213185272606493349812&mboxMCAVID=31944A443DD488CB-600013246E405272&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6

18.202.61.67

200

142 B

URL HTTP/1.1
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=05169a78806242269a3a0c231720ef08&mboxPC=&mboxPage=c96dc2c80295453597a22ce76085962f&mboxRid=25f5a0bf78ea425b924ee64d965b8020&mboxVersion=1.7.0&mboxCount=1&mboxTime=1663603828478&mboxHost=www.citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=1AB522F0591DA026-3DAF0531674C415E&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=33141825722442223213185272606493349812&mboxMCAVID=31944A443DD488CB-600013246E405272&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP
18.202.61.67:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
142 B (142 bytes)
Hash
ab569ff346547a90188d75facd011755
4933203f119f5cc0272e02db7b1f8475b5784757
c7784dd68fe8438839175c99cae9da79039dd6377bd023905b87809bbe972862

HTTP Headers

GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=05169a78806242269a3a0c231720ef08&mboxPC=&mboxPage=c96dc2c80295453597a22ce76085962f&mboxRid=25f5a0bf78ea425b924ee64d965b8020&mboxVersion=1.7.0&mboxCount=1&mboxTime=1663603828478&mboxHost=www.citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=1AB522F0591DA026-3DAF0531674C415E&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=33141825722442223213185272606493349812&mboxMCAVID=31944A443DD488CB-600013246E405272&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Access-Control-Allow-Credentials: true
X-Request-ID: 25f5a0bf78ea425b924ee64d965b8020
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=05169a78806242269a3a0c231720ef08; Max-Age=1860; Expires=Mon, 19-Sep-2022 16:41:48 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=05169a78806242269a3a0c231720ef08.37_0; Max-Age=63244800; Expires=Fri, 20-Sep-2024 16:10:48 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *

www.citibankcustomerservices.com.sabedoria-online.com/verify/css/LSO_4959.jpg

162.241.203.161

200 OK

175 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/LSO_4959.jpg
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size
175 kB (174933 bytes)
Hash
4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

HTTP Headers

GET /verify/css/LSO_4959.jpg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 174933
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/jpeg

nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError

54.230.111.14

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Mon, 19 Sep 2022 01:05:17 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rS87cyccezijIfP8V9-jBgKz-9ppAEiq2V31ceT4vL8oy-3cqcoN9Q==
Age: 54331

nexus.ensighten.com/citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php

54.230.111.14

200 OK

555 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1253)
Size
555 B (555 bytes)
Hash
a836c2454c6c73433c0dece9f725d6fb
c04eea6b3127c14cd17e071048f0653baa06b719
b28db1cb7cb0d108914b20871ca486ffcaddea51748f29601665df789ce1d9ab

HTTP Headers

GET /citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Mon, 19 Sep 2022 16:10:48 GMT
Expires: Mon, 19 Sep 2022 16:10:47 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4gfCttKB-FoqfR2Hf3Snj9EgIKSbarnj5eFjE25awa-7BSG2s2YnaA==

nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757

54.230.111.14

200 OK

41 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (586)
Size
41 kB (40697 bytes)
Hash
f3425381a8f9ef05a3225c94a7926ddc
1352fc08d259ae7e45ff71f1cd4042df1c02da9c
f164290a18c4d4685c0d3022ad294436492fc01e34bcf9fa5f14cab474cda99c

HTTP Headers

GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: N08NnVG71u5ezMEXfbJn87LrihXC9WjPCWbiwH_EuXYNNQlfXjtB2Q==
Age: 2917604

nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963

54.230.111.14

200 OK

989 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
989 B (989 bytes)
Hash
a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

HTTP Headers

GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 989
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:14 GMT
ETag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hRi2M7HlW0rmQ4IHvAhOO0wLw3xJKTQLf9E4_BXlJwCc9MaD3HCLtQ==
Age: 5137243

nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099

54.230.111.14

200 OK

2.2 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (542)
Size
2.2 kB (2184 bytes)
Hash
9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec

HTTP Headers

GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BbsgvZJohqai1bihVlaHhl-7zznwg9o36HsUVLxx1ReVDqpTrcXZaA==
Age: 2917604

nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456

54.230.111.14

200 OK

769 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1964)
Size
769 B (769 bytes)
Hash
17249d0565554fe08b1871324afc421e
3f04b7021d5204a639ea4992d06ce9e028ecfd4a
2c6ac82a36a6c93b63ad4796e81574660a24d9457dba3b883f16a32f99a81de9

HTTP Headers

GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:05:43 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:09 GMT
ETag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q30g0m20p7iUOHvZbSi4xkPmzdZXwUk5Mu5MlCv0Jt0_Zz7v3LxOjQ==
Age: 5137506

nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

54.230.111.14

200 OK

655 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
655 B (655 bytes)
Hash
b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034

HTTP Headers

GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 14 Aug 2022 04:54:07 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: StUr33NxcUMdoGRNBYS_WnIdvnHUnxeRVRhW7C03WLYdhXBVpVqEVQ==
Age: 3151002

cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431

52.17.180.229

301 Moved Permanently

134 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431
IP
52.17.180.229:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /cm/dd?d_uuid=26204762537807362102708852188243537431 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=26204762537807362102708852188243537431

c1.rfihub.net/js/tc.min.js

54.230.111.29

200 OK

6.2 kB

URL HTTP/1.1
c1.rfihub.net/js/tc.min.js
IP
54.230.111.29:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (19497)
Size
6.2 kB (6162 bytes)
Hash
ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f

HTTP Headers

GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Mon, 19 Sep 2022 16:09:19 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Mon, 19 Sep 2022 17:09:19 GMT
Last-Modified: Mon, 19 Sep 2022 16:09:09 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6OPoMoCMfAJzvekAByhgoHYRWtyLxDl7D_8rAc7AdH_bU4BAa5aY2g==
Age: 89

www.citibankcustomerservices.com.sabedoria-online.com/verify/img/favicon.ico

162.241.203.161

200 OK

8.7 kB

URL HTTP/1.1
www.citibankcustomerservices.com.sabedoria-online.com/verify/img/favicon.ico
IP
162.241.203.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Size
8.7 kB (8747 bytes)
Hash
5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32

HTTP Headers

GET /verify/img/favicon.ico HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CMCMID%7C33141825722442223213185272606493349812%7CMCAID%7C31944A443DD488CB-600013246E405272%7CMCOPTOUT-1663611028s%7CNONE%7CMCAAMLH-1664208628%7C6%7CMCAAMB-1664208628%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605690|PC#05169a78806242269a3a0c231720ef08.37_0#1726848630; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1; mboxEdgeCluster=37

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 8747
Cache-Control: max-age=604800
Expires: Mon, 26 Sep 2022 16:10:48 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/x-icon

20766699p.rfihub.com/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483

193.0.160.129

302 Found

0 B

URL HTTP/1.1
20766699p.rfihub.com/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
IP
193.0.160.129:0
ASN
#54312 ROCKETFUEL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Mon, 19 Sep 2022 16:10:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
Content-Length: 0

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e61e62c2907908c95188608e7585a1da
33371f3c18b671d51f4e42e721f1df9e74580e1f
b22984c62ae943c3c5ed1f0bf96fb9c3e7262b183f6c3c99adb1cae19c2e7a54

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 16:10:48 GMT
Last-Modified: Mon, 19 Sep 2022 14:40:42 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LknjulBZ0P0qwPPPz4TaN7aYNwboGLefgBr-4Pr4TBSwWOo-c39tVQ==
Age: 5406

cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431

52.17.180.229

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431
IP
52.17.180.229:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=26204762537807362102708852188243537431 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~YyiUiAAAAFLI7AN-; Domain=.everesttech.net; Expires=Tue, 19-Sep-2023 16:10:48 GMT; Path=/
everest_session_v2=YyiUiAAAAFLI7QN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
Server: AMO-cookiemap/1.1

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60013fa61e5e9036c549e689afd0fd67
0addee22675806e077baf31e495b8fa3865c407f
53477f38fe9a3d6236666e3bebcf8d18f978c0242148d23f5c9f56fd6dd9a194

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2506
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Last-Modified: Mon, 19 Sep 2022 15:29:03 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
de804a0450efa77b8584ae7a48180edc
68316b235ee3ceda45b5cc527af0e580fb99cfc2
a2756592d52a1e9af98d5a800cd73939c4a3833e8533fb3ed4028dba2ea13237

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 14:15:47 GMT
Expires: Sat, 24 Sep 2022 14:15:46 GMT
Etag: "68316b235ee3ceda45b5cc527af0e580fb99cfc2"
Cache-Control: max-age=424496,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d397f7ef671c16-OSL

dpm.demdex.net/ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN-

34.248.152.242

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
IP
34.248.152.242:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v041-028b65498.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=92072983009602620951343293780933605465; Max-Age=15552000; Expires=Sat, 18 Mar 2023 16:10:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: qSMgfL5ERE0=
Content-Length: 0
Connection: keep-alive

20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483

193.0.160.129

200 OK

118 B

URL HTTP/1.1
20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
IP
193.0.160.129:0
ASN
#54312 ROCKETFUEL

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

HTTP Headers

GET /sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:49 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MTI2NjM3tLQ0MLcwNzU2sxDiM9RNDXO2MHJxTAn2tHABAAD3Jx8lAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 16:10:49 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MTI2NjM3tLQ0MLcwNzU2sxDiM9RNDXO2MHJxTAn2tHABAAD3Jx8lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN-

34.248.152.242

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
IP
34.248.152.242:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v041-03935e948.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: IWWjP0UMQE8=
Content-Length: 59
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.72

302 Found

253 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
253 B (253 bytes)
Hash
e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js

151.101.85.230

200 OK

531 B

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (592)
Size
531 B (531 bytes)
Hash
163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a

HTTP Headers

GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Vo5x77/FcGHnkLbfUTXVLDmJHHdrlz4aMWcNwMvtCbxicDSk8U9B1rL9IzlXQT4slGKV1Pr55/g=
x-amz-request-id: 4Y0T4GP9K3GT4QZ5
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Mon, 19 Sep 2022 16:10:49 GMT
via: 1.1 varnish
age: 1332406
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 5444
x-timer: S1663603849.250464,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js

151.101.85.230

301 Moved Permanently

0 B

URL HTTP/1.1
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 301 Moved Permanently
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
Content-Length: 0
Accept-Ranges: bytes
Date: Mon, 19 Sep 2022 16:10:49 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-bma1648-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1663603849.279902,VS0,VE1
Strict-Transport-Security: max-age=31557600

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
45f95aa258ab932ac2f8a33ff7944ffe
8f52b66e897dab7cb160d481886805ea216f407f
de4fd2aaa566b601e82c38806ec8ea84110b1d63f15efe48186f5bcf70847488

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js

151.101.85.230

200 OK

86 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (53511)
Size
86 kB (85764 bytes)
Hash
b30a7c4298aa25029a8749c6e39227b5
2dce3d234767a1ad5e61d873cae34ae5b6fe254a
7afee8874ccfd7b48f756bc872261ec5ab41aaa9af91d91b3af2ba7e6ffd1c33

HTTP Headers

GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Mon, 19 Sep 2022 16:10:49 GMT
via: 1.1 varnish
age: 494935
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663603849.294875,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2

cdn.pbbl.co/r/1560.js

143.204.55.125

403 Forbidden

986 B

URL HTTP/1.1
cdn.pbbl.co/r/1560.js
IP
143.204.55.125:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
986 B (986 bytes)
Hash
87d5ea49e8b67fe4d6dbfda6ad07eb17
b4d7bf3734e729601fba9105b351dd1f6dee18b4
b7d589d2969ef2736c9cab88139f18caa49e192d84b7ec51e44b040afe134579

HTTP Headers

GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LiA1qJANmNIv2QJfCFjDCUzTlRBoPBrECLhC5e96jz_K--CQOadkhg==
Vary: Origin

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26fcf8aea27805b4a6a29e3e2a4ba19b
f920fd6c5a79a4adb2f456edcee678757ff1602c
7aa63d03f514e4f51190e85f167f747563f980e0e6fdee6cce9393321dff1038

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62

HTTP Headers

GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb

HTTP Headers

GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce

HTTP Headers

GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4

HTTP Headers

GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c

HTTP Headers

GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e

HTTP Headers

GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64

HTTP Headers

GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4ee5c6443c11da4a5cf7ea801cd0c62f
e742a7ee1cbedf1a23a82361f3873dbc165f927c
e3682e49ed03efcf590a500154380807b54433f8344923e9017994bdf0d46924

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

142.250.74.72

302 Found

280 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
280 B (280 bytes)
Hash
a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd

HTTP Headers

GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0

www.google.com/pagead/conversion_async.js

142.250.74.164

200 OK

16 kB

URL HTTP/2
www.google.com/pagead/conversion_async.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
16 kB (15693 bytes)
Hash
890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 19 Sep 2022 16:10:49 GMT
expires: Mon, 19 Sep 2022 16:10:49 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsps.ssl.com/

52.6.97.148

200 OK

1.9 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.9 kB (1883 bytes)
Hash
1a1a98000bf8c111a5985b3efc77ccf4
57ee3d5d1bded475b95c6ea91fb0770c78ea9f7e
07ca6afd7ffd67d216ebd5c6296d020c84b6ad8aa4e197bd39c1fd9a2dc717c4

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Mon, 26 Sep 2022 14:15:19 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "57ee3d5d1bded475b95c6ea91fb0770c78ea9f7e"
Last-Modified: Mon, 19 Sep 2022 14:15:20 GMT
X-Proxy-Cache: HIT

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL3d3dy5jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzYwMzgyOTkyOCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNTY4M2VjOWEyYzctMGU0NTkxNzc0ZjE3ODQ4LTMwNmQ0NjRhLTE0MDAwMC0xODM1NjgzZWM5YjQwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly93d3cuY2l0aWJhbmtjdXN0b21lcnNlcnZpY2VzLmNvbS5zYWJlZG9yaWEtb25saW5lLmNvbS92ZXJpZnkvbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZlOWItMTFmZi05ZTI4LWJmYzUtOWVlZi03MDA3LWM4MTYtZjlmYiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjYzNjAzODI5OTI2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDg4NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2MzYwMzgyOTkyNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL3d3dy5jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzYwMzgyOTkyOCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNTY4M2VjOWEyYzctMGU0NTkxNzc0ZjE3ODQ4LTMwNmQ0NjRhLTE0MDAwMC0xODM1NjgzZWM5YjQwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly93d3cuY2l0aWJhbmtjdXN0b21lcnNlcnZpY2VzLmNvbS5zYWJlZG9yaWEtb25saW5lLmNvbS92ZXJpZnkvbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZlOWItMTFmZi05ZTI4LWJmYzUtOWVlZi03MDA3LWM4MTYtZjlmYiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjYzNjAzODI5OTI2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDg4NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2MzYwMzgyOTkyNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL3d3dy5jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzYwMzgyOTkyOCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNTY4M2VjOWEyYzctMGU0NTkxNzc0ZjE3ODQ4LTMwNmQ0NjRhLTE0MDAwMC0xODM1NjgzZWM5YjQwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly93d3cuY2l0aWJhbmtjdXN0b21lcnNlcnZpY2VzLmNvbS5zYWJlZG9yaWEtb25saW5lLmNvbS92ZXJpZnkvbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZlOWItMTFmZi05ZTI4LWJmYzUtOWVlZi03MDA3LWM4MTYtZjlmYiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjYzNjAzODI5OTI2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDg4NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2MzYwMzgyOTkyNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 19 Sep 2022 16:10:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-nxf8
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2416), with no line terminators
Size
1.1 kB (1086 bytes)
Hash
e653b832fc5810add225d631f8627f72
a65ce5f7f6a14ed8ddfaa2ae60df225c73b9c992
41bc3aeb70d2e28c5bf2dedc28f1dfb7017fbc44911c0049e001635dadbcdbcf

HTTP Headers

GET /pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1086 bytes)
Hash
d782ddcd8a5f3e1260bf9754705a33b4
db47c7a718bfdcb55dda75c1a3f1c69813756339
25b3aed003daca64084ea2ee846944d209bf7b38a5236f2f1f9f877dd830ef62

HTTP Headers

GET /pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1085 bytes)
Hash
7b8d395c27e12efdd2de8469b60df43d
9ed425d63360bdb7dfcdf3797c50c624d9209467
dc062471f56ef7b3a13e789bca6852afce33b6b1d16c6115e94dd23313a93366

HTTP Headers

GET /pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1086 bytes)
Hash
334e57be3fd4a1f5f1c39d3ba4f5aa3c
14fad76478c9dbbc0751d3835f3485c51a173f20
f0710c4d05e13feda4405a8f0f59732a290394991985fe68a0c1e3780b1fd28c

HTTP Headers

GET /pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1086 bytes)
Hash
cfdde5d1537e5dcc14edf8bda023a7c5
fe944873d25428e06a4e67f4700ab1ac5a5849ab
47633ebdbb8e3dc7cac93058b6bc41b414665ffb9b30d3f19dd39f53accc375e

HTTP Headers

GET /pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1084 bytes)
Hash
685d3e1e6b0ac51c35edf501d9db9bbf
530f8ef33cea823aae52b11a51483653dafea483
07abf7f540a5db18ffc76d8a229a388312c67b6a8a2b7fab89d481ed05d50fe8

HTTP Headers

GET /pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1084
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1084 bytes)
Hash
b8e6514e769666d3873df0377089db7f
5650c7283f9d1936f23d0465924ae16f84f45fc1
1c3c453a0a9ca7e3ea4f2dfd21d7e66af02a8d3fda8aecefe4fda124d8371656

HTTP Headers

GET /pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1084
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2412), with no line terminators
Size
1.1 kB (1087 bytes)
Hash
c6f3ae59fe702e32919f015e6bcc008e
dc16c8506ecea358b7f3be151740f1ba91fbd5f5
361881e99e028cf7e94794d4c49e4aa55e7a3cb5c0e9dcdd756dc12b3ff9bafd

HTTP Headers

GET /pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1087
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4

142.250.74.162

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2410), with no line terminators
Size
1.1 kB (1085 bytes)
Hash
a075012de6a6aa77f9e82ec3de69737c
e13b21a35093e1faa4a081e20d9c640493fdaffc
698c4f89b78fef08e075657b3d1159d8bbd0d4c04a8239ff6b07fe342602d9f5

HTTP Headers

GET /pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fa65e4428adb73fd14d3e23085784699
00f883ce942c6c1be5e8e39d8ebe126de77dbadf
8eb4b4b2d5dc9f17570f22fc0afdf63d1fc80cc0aa37ad77cc81d52dda2bc281

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fd6f5d48a8eb6a76f7c699a235f6ed95
6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4
a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/819500023/?random=1663603830286&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1001224935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/819500023/?random=1663603830286&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1001224935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/819500023/?random=1663603830286&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1001224935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/10955006959/?random=1663603830299&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3693209483&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10955006959/?random=1663603830299&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3693209483&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10955006959/?random=1663603830299&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3693209483&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/830907969/?random=1663603830289&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2277894990&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/830907969/?random=1663603830289&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2277894990&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/830907969/?random=1663603830289&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2277894990&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/975701947/?random=1663603830293&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=309964053&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975701947/?random=1663603830293&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=309964053&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975701947/?random=1663603830293&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=309964053&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/959299794/?random=1663603830291&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3541473177&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/959299794/?random=1663603830291&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3541473177&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/959299794/?random=1663603830291&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3541473177&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/644574043/?random=1663603830296&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1572416009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/644574043/?random=1663603830296&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1572416009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/644574043/?random=1663603830296&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1572416009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/960621875/?random=1663603830281&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3151719667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/960621875/?random=1663603830281&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3151719667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1663603830281&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3151719667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/695231162/?random=1663603830276&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1586265035&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/695231162/?random=1663603830276&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1586265035&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/695231162/?random=1663603830276&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1586265035&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fd6f5d48a8eb6a76f7c699a235f6ed95
6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4
a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/916451471/?random=1663603829985&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3092482502&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/916451471/?random=1663603829985&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3092482502&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/916451471/?random=1663603829985&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3092482502&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908

54.230.111.14

200 OK

0 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Sep 2022 17:24:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 13 Sep 2022 17:23:26 GMT
ETag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lGAwbXAnF8_PkMHkqzkBv42IrV8vkVXKRMl4wGTbHJVSBnrJYhTIzA==
Age: 513950

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations