r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5929
Expires: Mon, 19 Sep 2022 17:49:35 GMT
Date: Mon, 19 Sep 2022 16:10:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 15:12:42 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PF2ovEv9fiwwSiBUYxk4UQtUlDxixb3NrWzicVoG60Fo8_1yGdOiZQ==
Age: 3484
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: N7nGQs_bkUQGjLVT1LvqTSmI5OK9hkA68ybPYnQaAc80_VwYgIVWiA==
age: 41733
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 16:10:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 16:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 16:06:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S4Fmoo_H78zGIBIjXMAH4UNNe9-4-2UZWKV2LNnGN-AQBg2xi7p6zw==
Age: 444
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2593
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:47 GMT
Last-Modified: Mon, 19 Sep 2022 15:27:34 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.217.237.91101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.217.237.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m+qByV+Nbe5/+8jmbezeXg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9iVPSmEFtpZzzdIObVpSFS2JDSw=
www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
162.241.203.161200 OK 73 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2276), with CRLF, CR line terminators
Hash 3565d04cb83d61e57c012f3e29f61eb4
18679875ddc361b1c27e5d6aae97858d73dee6c4
a5eb74739dfe0b70593de05d3944be014bdfd788ec3765254c4a93b605a17bb3
Analyzer Verdict Alert fortinet Phishing
GET /verify/login.php HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:46 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js
162.241.203.161200 OK 114 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/js/Bootstrap.js
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (577), with CRLF line terminators
Size 114 kB (113980 bytes)
Hash 68966964a18642e6aaa5273bf94fe6a8
2fc396777f28a911237883b976e9fe07b1f9f177
14cd0967e19247a39f8c5e0d77a4c15d332346d6596afc7d20e7c45d6ac271e1
Analyzer Verdict Alert fortinet Phishing
GET /verify/js/Bootstrap.js HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff
162.241.203.161200 OK 76 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Light.woff
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/Interstate-Light.woff HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 75538
Keep-Alive: timeout=5, max=75
Content-Type: font/woff
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff
162.241.203.161200 OK 79 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Regular.woff
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Hash b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/Interstate-Regular.woff HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 78762
Keep-Alive: timeout=5, max=75
Content-Type: font/woff
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff
162.241.203.161200 OK 0 B URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Interstate-Bold.woff
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/Interstate-Bold.woff HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 71874
Keep-Alive: timeout=5, max=75
Content-Type: font/woff
dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1663603828470
34.248.152.242200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1663603828470
IP 34.248.152.242:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1663603828470 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Content-Type: application/x-www-form-urlencoded
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v041-07c43034b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Vary: Origin
X-Error: 172
X-TID: n2LwzKhzQ34=
Content-Length: 124
Connection: keep-alive
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/styles.css
162.241.203.161200 OK 282 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/styles.css
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (1069), with CRLF line terminators
Size 282 kB (282125 bytes)
Hash 0087944986f5d5dd6fdbcc3948140211
a3e6c93ea943470ee96fe361e3e4af91d534312d
78f7b2ca443bdcb6490779f9b4533a4eb70b969cd35ff01d7d24f8139e4a4101
GET /verify/css/styles.css HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1663603828713
15.188.95.229200 OK 89 B URL HTTP/1.1 metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1663603828713
IP 15.188.95.229:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1d05c9d974481e51dbe99cdf5ccf9cf9
b821d7d4928d7c44a9c6f2a768aa746fef9a25c9
86645f3a9c4f88ad041c3c8fda6030659fc2a24c29c0777c3d51ad8429ee9aa1
GET /id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1663603828713 HTTP/1.1
Host: metrics.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
access-control-allow-origin: http://www.citibankcustomerservices.com.sabedoria-online.com
access-control-allow-credentials: true
date: Mon, 19 Sep 2022 16:10:48 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31944A443DD488CB-600013246E405272[CE]; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 16:10:10 GMT;
AMCV_61834D9B5228A7430A490D45%40AdobeOrg=0%7CMCMID%7C33141825722442223213185272606493349812; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 16:10:10 GMT;
s_ecid=MCMID%7C33141825722442223213185272606493349812; Path=/; Domain=citi.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 16:10:10 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_facebook@3x.png
162.241.203.161200 OK 445 B URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_facebook@3x.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
GET /verify/css/social-media_facebook@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 445
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/citipridelogo.jpg
162.241.203.161200 OK 2.7 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/citipridelogo.jpg
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0ca893e4bfaea57af02ffe82867243
7035c26c91a3da162492df77d59bc19356a8e3bb
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
GET /verify/css/citipridelogo.jpg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 2658
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/jamp-spinner-2x.gif
162.241.203.161200 OK 37 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/jamp-spinner-2x.gif
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 60 x 60\012- data
Hash 9132ad37e83e5eef39e5e315c2b6c94f
9036fb328a9266e1f6fb95021464a77a11894ec1
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
GET /verify/css/jamp-spinner-2x.gif HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 36855
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/gif
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg
162.241.203.161200 OK 1.8 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/050-location@2x.svg
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 2a7528b41a09c242728c2805a6c37219
44f73d9270a82962219bb314894d5b5624c55631
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/050-location@2x.svg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 1752
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/svg+xml
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg
162.241.203.161200 OK 3.5 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/icon_globe_med-grey@2x.svg
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2189)
Hash 8409dd31d1b13d560ad4b9ae144054f7
37114f6c37aa187f5bdc360547678f22eaa9d9c6
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Analyzer Verdict Alert fortinet Phishing
GET /verify/css/icon_globe_med-grey@2x.svg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 3523
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/svg+xml
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png
162.241.203.161200 OK 45 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/Appstore-Googleplay-JDPower-Sprite.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Hash 7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
GET /verify/css/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 44996
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=33141825722442223213185272606493349812&d_cid_ic=AVID%0131944A443DD488CB-600013246E405272&ts=1663603828899
34.248.152.242200 OK 301 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=33141825722442223213185272606493349812&d_cid_ic=AVID%0131944A443DD488CB-600013246E405272&ts=1663603828899
IP 34.248.152.242:0
File type JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Hash fdb72536295376aaad6cd9fd7ef426b9
c0b9df38996dc50b8377cf23d4de2428815a382e
3dff46b3416821667177b5b32bbb43844d813682781b3b92d02e0cef5fe09402
GET /id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=33141825722442223213185272606493349812&d_cid_ic=AVID%0131944A443DD488CB-600013246E405272&ts=1663603828899 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v041-01b9d9b61.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26204762537807362102708852188243537431; Max-Age=15552000; Expires=Sat, 18 Mar 2023 16:10:48 GMT; Path=/; Domain=.demdex.net
Vary: Origin
X-TID: NKYqb7NQQpk=
Content-Length: 301
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive
fast.citi.demdex.net/dest5.html?d_nsid=0
23.36.76.161200 OK 2.8 kB URL HTTP/1.1 fast.citi.demdex.net/dest5.html?d_nsid=0
IP 23.36.76.161:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: fast.citi.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 893f3495f1f575e946a57c8e8411b2a5
480182fd29c7edd369339847b85e4e2580cef0f6
097d868881231eae089ac8b97d5dc290583477f63dc35b7458ed4898e0db3e0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6428
x-amzn-requestid: 7dd3072b-403a-4bb4-b8c4-58a6d7c254f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRmgCGJVIAMFk5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d5133-0756be8c75da02a857e36a2f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 03:08:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UPvPiYucU7q4x4t0X4tGF7XPXUy0D4F0gcXtWVx-MS-MOunPEWcVUA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:43 GMT
age: 65825
etag: "480182fd29c7edd369339847b85e4e2580cef0f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e0d4379f6517fd75a29a3d94d9199eb
0d383b811ebe839400f04333d16a5c9d4d78f802
e64c0c03925bdfaa2520d90339c90d1f8d98c432441adb771dfe1e818220f06f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2263
Expires: Mon, 19 Sep 2022 16:48:31 GMT
Date: Mon, 19 Sep 2022 16:10:48 GMT
Connection: keep-alive
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_youtube@3x.png
162.241.203.161200 OK 1.2 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_youtube@3x.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
GET /verify/css/social-media_youtube@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 01:08:23 GMT
age: 54145
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1105b56cf779b6df1cbd081bbd0cda50
58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c
10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:43 GMT
age: 65945
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: b04884f3-149d-4750-876b-8e8762f0f2a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfzrHKMoAMFlfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6321467d-5852e5ef280580b8569b548f;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:11:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vaJ_7zKaGiXZh4VtTlLZCOFpi7bz9tpKRbsvRDJ4En-E93sREYnz5w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 05:49:41 GMT
age: 37267
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_twitter@3x.png
162.241.203.161200 OK 1.3 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/social-media_twitter@3x.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
GET /verify/css/social-media_twitter@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 1277
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4098577adb98eae5ba4a8b5e143df71
b0ad467f2837d103f8a96fb732bd34176c4c7110
83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RWcHVQkq3COqcWuVRgOdpVDi7VFrdjpu4q-NU0D3iod1B58xF4K_Yw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:55 GMT
age: 65933
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da8b8819fc21dcfb224ce0e7ecdc6772
e460ad4376cd118a6fe8b6b050af9398117d9531
9d0cf5fe17040e6c494d1596c24f01501babff37c95caa47d048b5e1aefa7697
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9901
x-amzn-requestid: e1792a3b-1893-48a6-8d01-463050259dc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YiGMYE3IoAMFgvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6323ea4f-42ab13411e65943538101b11;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 03:15:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XmcyJv7bahHB4wMjFmgvh2fEkJJYLPhRrISZ_DczSErdEQjXIxWUvg==
via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 03:58:21 GMT
age: 43947
etag: "e460ad4376cd118a6fe8b6b050af9398117d9531"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/1440_Citi-PLT@3x.png
162.241.203.161200 OK 28 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/1440_Citi-PLT@3x.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
GET /verify/css/1440_Citi-PLT@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 28149
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
www.citibankcustomerservices.com.sabedoria-online.com/verify/img/Citi-Branding-Sprite.png
162.241.203.161404 Not Found 836 B URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/img/Citi-Branding-Sprite.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash e73571aebce42792b40325ac9117da29
d3fe79abd3a925079c1133a0d3c46fd8941514f7
2726faa315039af16d833fbca9694060c9cece0cbe9dd3069bdbba15d073aef2
GET /verify/img/Citi-Branding-Sprite.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Thu, 18 Jul 2019 22:27:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 836
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/320_Citi-PLT@3x.png
162.241.203.161200 OK 12 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/320_Citi-PLT@3x.png
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
GET /verify/css/320_Citi-PLT@3x.png HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 11562
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=05169a78806242269a3a0c231720ef08&mboxPC=&mboxPage=c96dc2c80295453597a22ce76085962f&mboxRid=25f5a0bf78ea425b924ee64d965b8020&mboxVersion=1.7.0&mboxCount=1&mboxTime=1663603828478&mboxHost=www.citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=1AB522F0591DA026-3DAF0531674C415E&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=33141825722442223213185272606493349812&mboxMCAVID=31944A443DD488CB-600013246E405272&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
18.202.61.67200 142 B URL HTTP/1.1 citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=05169a78806242269a3a0c231720ef08&mboxPC=&mboxPage=c96dc2c80295453597a22ce76085962f&mboxRid=25f5a0bf78ea425b924ee64d965b8020&mboxVersion=1.7.0&mboxCount=1&mboxTime=1663603828478&mboxHost=www.citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=1AB522F0591DA026-3DAF0531674C415E&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=33141825722442223213185272606493349812&mboxMCAVID=31944A443DD488CB-600013246E405272&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
IP 18.202.61.67:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ab569ff346547a90188d75facd011755
4933203f119f5cc0272e02db7b1f8475b5784757
c7784dd68fe8438839175c99cae9da79039dd6377bd023905b87809bbe972862
GET /m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=05169a78806242269a3a0c231720ef08&mboxPC=&mboxPage=c96dc2c80295453597a22ce76085962f&mboxRid=25f5a0bf78ea425b924ee64d965b8020&mboxVersion=1.7.0&mboxCount=1&mboxTime=1663603828478&mboxHost=www.citibankcustomerservices.com.sabedoria-online.com&mboxURL=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&mboxReferrer=&mboxXDomain=enabled&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=1AB522F0591DA026-3DAF0531674C415E&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=33141825722442223213185272606493349812&mboxMCAVID=31944A443DD488CB-600013246E405272&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6 HTTP/1.1
Host: citicorpcreditservic.tt.omtrdc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 142
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://www.citibankcustomerservices.com.sabedoria-online.com
Access-Control-Allow-Credentials: true
X-Request-ID: 25f5a0bf78ea425b924ee64d965b8020
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Set-Cookie: citicorpcreditservic!mboxSession=05169a78806242269a3a0c231720ef08; Max-Age=1860; Expires=Mon, 19-Sep-2022 16:41:48 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
citicorpcreditservic!mboxPC=05169a78806242269a3a0c231720ef08.37_0; Max-Age=63244800; Expires=Fri, 20-Sep-2024 16:10:48 GMT; Domain=citicorpcreditservic.tt.omtrdc.net; Path=/; HttpOnly; SameSite=None
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
www.citibankcustomerservices.com.sabedoria-online.com/verify/css/LSO_4959.jpg
162.241.203.161200 OK 175 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/css/LSO_4959.jpg
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size 175 kB (174933 bytes)
Hash 4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
GET /verify/css/LSO_4959.jpg HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605689
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:14 GMT
Accept-Ranges: bytes
Content-Length: 174933
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/jpeg
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
54.230.111.14204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP 54.230.111.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Fjs%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Mon, 19 Sep 2022 01:05:17 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rS87cyccezijIfP8V9-jBgKz-9ppAEiq2V31ceT4vL8oy-3cqcoN9Q==
Age: 54331
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php
54.230.111.14200 OK 555 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php
IP 54.230.111.14:0
File type ASCII text, with very long lines (1253)
Hash a836c2454c6c73433c0dece9f725d6fb
c04eea6b3127c14cd17e071048f0653baa06b719
b28db1cb7cb0d108914b20871ca486ffcaddea51748f29601665df789ce1d9ab
GET /citi/na_prod/serverComponent.php?r=533028.6312186272&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Mon, 19 Sep 2022 16:10:48 GMT
Expires: Mon, 19 Sep 2022 16:10:47 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4gfCttKB-FoqfR2Hf3Snj9EgIKSbarnj5eFjE25awa-7BSG2s2YnaA==
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
54.230.111.14200 OK 41 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP 54.230.111.14:0
File type ASCII text, with very long lines (586)
Hash f3425381a8f9ef05a3225c94a7926ddc
1352fc08d259ae7e45ff71f1cd4042df1c02da9c
f164290a18c4d4685c0d3022ad294436492fc01e34bcf9fa5f14cab474cda99c
GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: N08NnVG71u5ezMEXfbJn87LrihXC9WjPCWbiwH_EuXYNNQlfXjtB2Q==
Age: 2917604
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
54.230.111.14200 OK 989 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP 54.230.111.14:0
File type ASCII text, with very long lines (524)
Hash a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 989
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:14 GMT
ETag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hRi2M7HlW0rmQ4IHvAhOO0wLw3xJKTQLf9E4_BXlJwCc9MaD3HCLtQ==
Age: 5137243
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
54.230.111.14200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP 54.230.111.14:0
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BbsgvZJohqai1bihVlaHhl-7zznwg9o36HsUVLxx1ReVDqpTrcXZaA==
Age: 2917604
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
54.230.111.14200 OK 769 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP 54.230.111.14:0
File type ASCII text, with very long lines (1964)
Hash 17249d0565554fe08b1871324afc421e
3f04b7021d5204a639ea4992d06ce9e028ecfd4a
2c6ac82a36a6c93b63ad4796e81574660a24d9457dba3b883f16a32f99a81de9
GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:05:43 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:09 GMT
ETag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q30g0m20p7iUOHvZbSi4xkPmzdZXwUk5Mu5MlCv0Jt0_Zz7v3LxOjQ==
Age: 5137506
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
54.230.111.14200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP 54.230.111.14:0
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 14 Aug 2022 04:54:07 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: StUr33NxcUMdoGRNBYS_WnIdvnHUnxeRVRhW7C03WLYdhXBVpVqEVQ==
Age: 3151002
cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431
52.17.180.229301 Moved Permanently 134 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431
IP 52.17.180.229:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cm/dd?d_uuid=26204762537807362102708852188243537431 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://cm.everesttech.net:443/cm/dd?d_uuid=26204762537807362102708852188243537431
c1.rfihub.net/js/tc.min.js
54.230.111.29200 OK 6.2 kB URL HTTP/1.1 c1.rfihub.net/js/tc.min.js
IP 54.230.111.29:0
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Mon, 19 Sep 2022 16:09:19 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Mon, 19 Sep 2022 17:09:19 GMT
Last-Modified: Mon, 19 Sep 2022 16:09:09 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6OPoMoCMfAJzvekAByhgoHYRWtyLxDl7D_8rAc7AdH_bU4BAa5aY2g==
Age: 89
www.citibankcustomerservices.com.sabedoria-online.com/verify/img/favicon.ico
162.241.203.161200 OK 8.7 kB URL HTTP/1.1 www.citibankcustomerservices.com.sabedoria-online.com/verify/img/favicon.ico
IP 162.241.203.161:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c529d13403aaef133f480514b0d7b3f
73b6a54f396770a92bd13f0af7b0530e7a68b546
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
GET /verify/img/favicon.ico HTTP/1.1
Host: www.citibankcustomerservices.com.sabedoria-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/verify/login.php
Cookie: AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C19255%7CMCMID%7C33141825722442223213185272606493349812%7CMCAID%7C31944A443DD488CB-600013246E405272%7CMCOPTOUT-1663611028s%7CNONE%7CMCAAMLH-1664208628%7C6%7CMCAAMB-1664208628%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C3.1.2; check=true; mbox=session#05169a78806242269a3a0c231720ef08#1663605690|PC#05169a78806242269a3a0c231720ef08.37_0#1726848630; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1; mboxEdgeCluster=37
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:48 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 22:45:16 GMT
Accept-Ranges: bytes
Content-Length: 8747
Cache-Control: max-age=604800
Expires: Mon, 26 Sep 2022 16:10:48 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/x-icon
20766699p.rfihub.com/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
193.0.160.129302 Found 0 B URL HTTP/1.1 20766699p.rfihub.com/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
IP 193.0.160.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Mon, 19 Sep 2022 16:10:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
Content-Length: 0
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash e61e62c2907908c95188608e7585a1da
33371f3c18b671d51f4e42e721f1df9e74580e1f
b22984c62ae943c3c5ed1f0bf96fb9c3e7262b183f6c3c99adb1cae19c2e7a54
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 16:10:48 GMT
Last-Modified: Mon, 19 Sep 2022 14:40:42 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LknjulBZ0P0qwPPPz4TaN7aYNwboGLefgBr-4Pr4TBSwWOo-c39tVQ==
Age: 5406
cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431
52.17.180.229302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=26204762537807362102708852188243537431
IP 52.17.180.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=26204762537807362102708852188243537431 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 19 Sep 2022 16:10:48 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~YyiUiAAAAFLI7AN-; Domain=.everesttech.net; Expires=Tue, 19-Sep-2023 16:10:48 GMT; Path=/
everest_session_v2=YyiUiAAAAFLI7QN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
Server: AMO-cookiemap/1.1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60013fa61e5e9036c549e689afd0fd67
0addee22675806e077baf31e495b8fa3865c407f
53477f38fe9a3d6236666e3bebcf8d18f978c0242148d23f5c9f56fd6dd9a194
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2506
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Last-Modified: Mon, 19 Sep 2022 15:29:03 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash de804a0450efa77b8584ae7a48180edc
68316b235ee3ceda45b5cc527af0e580fb99cfc2
a2756592d52a1e9af98d5a800cd73939c4a3833e8533fb3ed4028dba2ea13237
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 14:15:47 GMT
Expires: Sat, 24 Sep 2022 14:15:46 GMT
Etag: "68316b235ee3ceda45b5cc527af0e580fb99cfc2"
Cache-Control: max-age=424496,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d397f7ef671c16-OSL
dpm.demdex.net/ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
34.248.152.242302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
IP 34.248.152.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=YyiUiAAAAFLI7AN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v041-028b65498.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=92072983009602620951343293780933605465; Max-Age=15552000; Expires=Sat, 18 Mar 2023 16:10:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: qSMgfL5ERE0=
Content-Length: 0
Connection: keep-alive
20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
193.0.160.129200 OK 118 B URL HTTP/1.1 20766699p.rfihub.com/sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483
IP 193.0.160.129:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
GET /sr/ca.html?ver=9&ra=1798&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&pf=&ra=41170218313654483 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 16:10:49 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MTI2NjM3tLQ0MLcwNzU2sxDiM9RNDXO2MHJxTAn2tHABAAD3Jx8lAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 16:10:49 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MTI2NjM3tLQ0MLcwNzU2sxDiM9RNDXO2MHJxTAn2tHABAAD3Jx8lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
34.248.152.242200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN-
IP 34.248.152.242:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyiUiAAAAFLI7AN- HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v041-03935e948.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: IWWjP0UMQE8=
Content-Length: 59
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.72302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
151.101.85.230200 OK 531 B URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP 151.101.85.230:0
File type ASCII text, with very long lines (592)
Hash 163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a
GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Vo5x77/FcGHnkLbfUTXVLDmJHHdrlz4aMWcNwMvtCbxicDSk8U9B1rL9IzlXQT4slGKV1Pr55/g=
x-amz-request-id: 4Y0T4GP9K3GT4QZ5
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Mon, 19 Sep 2022 16:10:49 GMT
via: 1.1 varnish
age: 1332406
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 5444
x-timer: S1663603849.250464,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
151.101.85.230301 Moved Permanently 0 B URL HTTP/1.1 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP 151.101.85.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 301 Moved Permanently
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
Content-Length: 0
Accept-Ranges: bytes
Date: Mon, 19 Sep 2022 16:10:49 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-bma1648-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1663603849.279902,VS0,VE1
Strict-Transport-Security: max-age=31557600
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 45f95aa258ab932ac2f8a33ff7944ffe
8f52b66e897dab7cb160d481886805ea216f407f
de4fd2aaa566b601e82c38806ec8ea84110b1d63f15efe48186f5bcf70847488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
151.101.85.230200 OK 86 kB URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP 151.101.85.230:0
File type Unicode text, UTF-8 text, with very long lines (53511)
Hash b30a7c4298aa25029a8749c6e39227b5
2dce3d234767a1ad5e61d873cae34ae5b6fe254a
7afee8874ccfd7b48f756bc872261ec5ab41aaa9af91d91b3af2ba7e6ffd1c33
GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Mon, 19 Sep 2022 16:10:49 GMT
via: 1.1 varnish
age: 494935
x-served-by: cache-bma1670-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1663603849.294875,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2
cdn.pbbl.co/r/1560.js
143.204.55.125403 Forbidden 986 B IP 143.204.55.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 87d5ea49e8b67fe4d6dbfda6ad07eb17
b4d7bf3734e729601fba9105b351dd1f6dee18b4
b7d589d2969ef2736c9cab88139f18caa49e192d84b7ec51e44b040afe134579
GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html
Content-Length: 986
Connection: keep-alive
X-Cache: Error from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LiA1qJANmNIv2QJfCFjDCUzTlRBoPBrECLhC5e96jz_K--CQOadkhg==
Vary: Origin
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 26fcf8aea27805b4a6a29e3e2a4ba19b
f920fd6c5a79a4adb2f456edcee678757ff1602c
7aa63d03f514e4f51190e85f167f747563f980e0e6fdee6cce9393321dff1038
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3cdb7a0d8774281c45d6a09b22e28af2
eee92813bf3130c7e6ca8be5911197c1ee486daa
cf75d10606678529391c0c7bd8cd9b13abb532df9640785934a7555f872caed4
GET /gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4ee5c6443c11da4a5cf7ea801cd0c62f
e742a7ee1cbedf1a23a82361f3873dbc165f927c
e3682e49ed03efcf590a500154380807b54433f8344923e9017994bdf0d46924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
142.250.74.72302 Found 280 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 19 Sep 2022 16:10:49 GMT
expires: Mon, 19 Sep 2022 16:10:49 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsps.ssl.com/
52.6.97.148200 OK 1.9 kB IP 52.6.97.148:0
Hash 1a1a98000bf8c111a5985b3efc77ccf4
57ee3d5d1bded475b95c6ea91fb0770c78ea9f7e
07ca6afd7ffd67d216ebd5c6296d020c84b6ad8aa4e197bd39c1fd9a2dc717c4
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Sep 2022 16:10:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Mon, 26 Sep 2022 14:15:19 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "57ee3d5d1bded475b95c6ea91fb0770c78ea9f7e"
Last-Modified: Mon, 19 Sep 2022 14:15:20 GMT
X-Proxy-Cache: HIT
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL3d3dy5jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzYwMzgyOTkyOCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNTY4M2VjOWEyYzctMGU0NTkxNzc0ZjE3ODQ4LTMwNmQ0NjRhLTE0MDAwMC0xODM1NjgzZWM5YjQwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly93d3cuY2l0aWJhbmtjdXN0b21lcnNlcnZpY2VzLmNvbS5zYWJlZG9yaWEtb25saW5lLmNvbS92ZXJpZnkvbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZlOWItMTFmZi05ZTI4LWJmYzUtOWVlZi03MDA3LWM4MTYtZjlmYiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjYzNjAzODI5OTI2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDg4NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2MzYwMzgyOTkyNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL3d3dy5jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzYwMzgyOTkyOCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNTY4M2VjOWEyYzctMGU0NTkxNzc0ZjE3ODQ4LTMwNmQ0NjRhLTE0MDAwMC0xODM1NjgzZWM5YjQwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly93d3cuY2l0aWJhbmtjdXN0b21lcnNlcnZpY2VzLmNvbS5zYWJlZG9yaWEtb25saW5lLmNvbS92ZXJpZnkvbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZlOWItMTFmZi05ZTI4LWJmYzUtOWVlZi03MDA3LWM4MTYtZjlmYiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjYzNjAzODI5OTI2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDg4NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2MzYwMzgyOTkyNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cDovL3d3dy5jaXRpYmFua2N1c3RvbWVyc2VydmljZXMuY29tLnNhYmVkb3JpYS1vbmxpbmUuY29tL3ZlcmlmeS9sb2dpbi5waHAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzYwMzgyOTkyOCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNTY4M2VjOWEyYzctMGU0NTkxNzc0ZjE3ODQ4LTMwNmQ0NjRhLTE0MDAwMC0xODM1NjgzZWM5YjQwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly93d3cuY2l0aWJhbmtjdXN0b21lcnNlcnZpY2VzLmNvbS5zYWJlZG9yaWEtb25saW5lLmNvbS92ZXJpZnkvbG9naW4ucGhwIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsibWRfaXNTdXJ2ZXlTdWJtaXR0ZWRJblNlc3Npb24iOiAiIiwiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZlOWItMTFmZi05ZTI4LWJmYzUtOWVlZi03MDA3LWM4MTYtZjlmYiIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjYzNjAzODI5OTI2Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDg4NCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDcuMyIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDcuMyIsImhpc3RvcnlfbGVuZ3RoIjogMSwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTY2MzYwMzgyOTkyNywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ== HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 16:10:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-nxf8
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2416), with no line terminators
Hash e653b832fc5810add225d631f8627f72
a65ce5f7f6a14ed8ddfaa2ae60df225c73b9c992
41bc3aeb70d2e28c5bf2dedc28f1dfb7017fbc44911c0049e001635dadbcdbcf
GET /pagead/viewthroughconversion/10955006959/?random=1663603830299&cv=9&fst=1663603830299&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash d782ddcd8a5f3e1260bf9754705a33b4
db47c7a718bfdcb55dda75c1a3f1c69813756339
25b3aed003daca64084ea2ee846944d209bf7b38a5236f2f1f9f877dd830ef62
GET /pagead/viewthroughconversion/644574043/?random=1663603830296&cv=9&fst=1663603830296&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash 7b8d395c27e12efdd2de8469b60df43d
9ed425d63360bdb7dfcdf3797c50c624d9209467
dc062471f56ef7b3a13e789bca6852afce33b6b1d16c6115e94dd23313a93366
GET /pagead/viewthroughconversion/695231162/?random=1663603830276&cv=9&fst=1663603830276&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash 334e57be3fd4a1f5f1c39d3ba4f5aa3c
14fad76478c9dbbc0751d3835f3485c51a173f20
f0710c4d05e13feda4405a8f0f59732a290394991985fe68a0c1e3780b1fd28c
GET /pagead/viewthroughconversion/916451471/?random=1663603829985&cv=9&fst=1663603829985&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash cfdde5d1537e5dcc14edf8bda023a7c5
fe944873d25428e06a4e67f4700ab1ac5a5849ab
47633ebdbb8e3dc7cac93058b6bc41b414665ffb9b30d3f19dd39f53accc375e
GET /pagead/viewthroughconversion/960621875/?random=1663603830281&cv=9&fst=1663603830281&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1086
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash 685d3e1e6b0ac51c35edf501d9db9bbf
530f8ef33cea823aae52b11a51483653dafea483
07abf7f540a5db18ffc76d8a229a388312c67b6a8a2b7fab89d481ed05d50fe8
GET /pagead/viewthroughconversion/819500023/?random=1663603830286&cv=9&fst=1663603830286&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1084
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash b8e6514e769666d3873df0377089db7f
5650c7283f9d1936f23d0465924ae16f84f45fc1
1c3c453a0a9ca7e3ea4f2dfd21d7e66af02a8d3fda8aecefe4fda124d8371656
GET /pagead/viewthroughconversion/830907969/?random=1663603830289&cv=9&fst=1663603830289&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1084
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2412), with no line terminators
Hash c6f3ae59fe702e32919f015e6bcc008e
dc16c8506ecea358b7f3be151740f1ba91fbd5f5
361881e99e028cf7e94794d4c49e4aa55e7a3cb5c0e9dcdd756dc12b3ff9bafd
GET /pagead/viewthroughconversion/959299794/?random=1663603830291&cv=9&fst=1663603830291&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1087
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2410), with no line terminators
Hash a075012de6a6aa77f9e82ec3de69737c
e13b21a35093e1faa4a081e20d9c640493fdaffc
698c4f89b78fef08e075657b3d1159d8bbd0d4c04a8239ff6b07fe342602d9f5
GET /pagead/viewthroughconversion/975701947/?random=1663603830293&cv=9&fst=1663603830293&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1600622640.1663603830&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1085
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 16:25:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fa65e4428adb73fd14d3e23085784699
00f883ce942c6c1be5e8e39d8ebe126de77dbadf
8eb4b4b2d5dc9f17570f22fc0afdf63d1fc80cc0aa37ad77cc81d52dda2bc281
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fd6f5d48a8eb6a76f7c699a235f6ed95
6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4
a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/819500023/?random=1663603830286&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1001224935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/819500023/?random=1663603830286&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1001224935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1663603830286&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1001224935&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10955006959/?random=1663603830299&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3693209483&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10955006959/?random=1663603830299&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3693209483&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10955006959/?random=1663603830299&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3693209483&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/830907969/?random=1663603830289&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2277894990&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/830907969/?random=1663603830289&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2277894990&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/830907969/?random=1663603830289&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2277894990&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/975701947/?random=1663603830293&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=309964053&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/975701947/?random=1663603830293&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=309964053&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1663603830293&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=309964053&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/959299794/?random=1663603830291&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3541473177&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/959299794/?random=1663603830291&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3541473177&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1663603830291&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3541473177&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/644574043/?random=1663603830296&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1572416009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/644574043/?random=1663603830296&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1572416009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/644574043/?random=1663603830296&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1572416009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/960621875/?random=1663603830281&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3151719667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/960621875/?random=1663603830281&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3151719667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1663603830281&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3151719667&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/695231162/?random=1663603830276&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1586265035&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/695231162/?random=1663603830276&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1586265035&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/695231162/?random=1663603830276&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1586265035&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fd6f5d48a8eb6a76f7c699a235f6ed95
6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4
a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 16:10:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/916451471/?random=1663603829985&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3092482502&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/916451471/?random=1663603829985&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3092482502&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1663603829985&cv=9&fst=1663603200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fwww.citibankcustomerservices.com.sabedoria-online.com%2Fverify%2Flogin.php&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3092482502&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 16:10:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
54.230.111.14200 OK 0 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP 54.230.111.14:0
GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.citibankcustomerservices.com.sabedoria-online.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Sep 2022 17:24:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 13 Sep 2022 17:23:26 GMT
ETag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lGAwbXAnF8_PkMHkqzkBv42IrV8vkVXKRMl4wGTbHJVSBnrJYhTIzA==
Age: 513950