Report - citionline-oauthbeec.query068.workers.dev/

Report Overview

Submitted URL
citionline-oauthbeec.query068.workers.dev/
IP
172.67.174.136
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-15 10:21:17
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
c1.rfihub.net	6410	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	6.7 kB	54.230.111.57
api.ipify.org	3267	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	391 B	211 B	3.232.242.170
i.ibb.co	13485	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	402 B	3.6 kB	217.182.228.53
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.9 kB	95 kB	54.230.111.14
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	5.6 kB	142.250.74.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	43 kB	142.250.74.72
cdn.pbbl.co	8838	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	1.3 kB	143.204.55.59
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.5 kB	6.8 kB	142.250.74.3
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
resources.digital-cloud-citi.medallia.com	25588	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	867 B	88 kB	151.101.85.230
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	16 kB	142.250.74.164
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	32 kB	142.250.74.74
udc-neb.kampyle.com	3039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	518 B	35.241.45.82
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.7 kB	18 kB	216.58.207.194
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.5 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.210.107.213
20766699p.rfihub.com	40171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	712 B	666 B	193.0.160.128
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	984 B	2.9 kB	104.18.32.68
citionline-oauthbeec.query068.workers.dev	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	459 B	625 B	104.21.55.244
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
dl.dropboxusercontent.com	12831	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.5 kB	548 kB	162.125.71.15
www.citi.com	26692	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	426 B	2.7 kB	104.110.29.32
sr.rlcdn.com	13315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	538 B	192 B	35.190.60.146
ocsps.ssl.com	14517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	2.3 kB	52.6.97.148

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-14	medium	citionline-oauthbeec.query068.workers.dev/	Citigroup Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-15	medium	citionline-oauthbeec.query068.workers.dev/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (48)

	URL	Size	First Seen	Last Seen
	nexus.ensighten.com/citi/na_prod/serverComponent.php?r=20.515975917261077&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F	1.5 kB	2023-03-07	2023-03-07
Pretty URL nexus.ensighten.com/citi/na_prod/serverComponent.php?r=20.515975917261077&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash a3014198df62a0426f5f2b4628f58864 c93e3e4639a2af2fa5ec086427c9a468da131108 bc2fc20c1287a6395b83ce712d286c520323f88f2e6ac6fc7d7df3dee82d4f38 Loading...

	nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456	2.2 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:04 Times Seen29 Hash c12999fcad47ab9cba1967b8c736048d cd62dba28e44aceb5f26c5757f24f59f4f79dc95 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716 Loading...

	nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299	76 kB	2023-03-07	2023-03-08
Pretty URL nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:44:51 Last Seen2023-03-08 08:41:04 Times Seen1 Hash 6ee8c75c11d701bd85d6e3c25093c469 b777ba3d595409473ca8e9cda336f36be74095ef cc23ed6fa37ee5c404d8dc720360520d576d3732fa957152a9bc54958a1478fd Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:19 Last Seen2023-03-17 12:30:23 Times Seen1 Hash 70049e468e315dbffce0c07753fca6f9 6c1cb5e25675de7746ed7dbb4d103aba9faabea0 94cc0d6d41e4b4bcde2f4f3d6292224215a698f20ffe7915c04cb55146537266 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663237254451&cv=9&fst=1663237254451&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663237254451&cv=9&fst=1663237254451&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 245d717d870a5df7bf87dab9e5bdbbf2 9aedf9396ab9c7fa975771465b8bc495f216cd8f b23e93bf3d112070c0fa3264bb048a9822237e3c9df5026e65b3461c1bdc5410 Loading...

	nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099	7.5 kB	2023-03-07	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 412eb38d6a797c24fd5d7e30e1b9799d d2e692a369931cc5bda6418efcef831cbf115ac2 d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02 Loading...

	nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908	170 kB	2023-03-07	2023-03-17
Pretty URL nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:00:26 Last Seen2023-03-17 12:26:16 Times Seen1 Hash de2e8ecdb9334e6565ea8d4feb369116 1ad3b61e26ae8b90d88541ef759869209bde74c8 6643bb410c647786949016cd3032ea1ed824a5a17313a2216c115de612482a5a Loading...

	www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c	109 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 7a44d59adab38edbe755257da731bc67 16961701bfdf057096706fe5d00b9f831735a296 43540ff960e83d50a3460bdc195fe17c383778684d30da7a6b33fc4fafad81c8 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663237254461&cv=9&fst=1663237254461&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663237254461&cv=9&fst=1663237254461&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 9b46e8acde8f0436c1b24ec2ad2c8834 df8a218b6791d866a160e775b13b960c4d388a60 9cacb6174840606e3eee1477944a654f1f7f5b518b98478f856be886724e23c2 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663237254465&cv=9&fst=1663237254465&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663237254465&cv=9&fst=1663237254465&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash cf2fd94e4c157f09e8538255e06a0048 923ded82aded9043e7668bca31c860e2a649e888 13b79f7fb59657efff2bd768b8571d8ffb08f4f7d9f792f2508b77c7dcdb85a2 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-25 17:52:02 Times Seen261354 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	citionline-oauthbeec.query068.workers.dev/	1.1 kB	2023-03-07	2023-03-07
Pretty URL citionline-oauthbeec.query068.workers.dev/ IP 104.21.55.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 6db1101a5f81de620d0dcd507d516c94 a9f1e601b3f23e73aed96906e0001317294d6ed1 8ec705e80e670d3465679ae04bbb363d793e06f03847c9d6c9f2794b5f00ab33 Loading...

	nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757	177 kB	2023-03-07	2023-03-17
Pretty URL nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-17 11:32:21 Times Seen1 Hash 6c0ec1ecef630bef7b1fb87b13b4f2cb 6fdd53de6b6f733011ebeb9f0d149d93660ad711 aa04a8b0e57ead0aa5ab793816b58772250bd6efdd01042f1bc7ccc4c20ec540 Loading...

	www.googletagmanager.com/gtag/js?id=DC-6260004	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6260004 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 528cee7b2152f195b5d72e774b59cfe4 299564c3d1654f12e6b23a7b96589bb187f14456 475b247d1d3c0d413eb75c555446bd1e682ccf08f6aee52fe2d7037d816c5499 Loading...

	20766699p.rfihub.com/ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&pf=&ra=05343970343467708	54 B	2023-03-07	2023-03-29
Pretty URL 20766699p.rfihub.com/ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&pf=&ra=05343970343467708 IP 193.0.160.128 ASN #54312 ROCKETFUEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-29 22:08:24 Times Seen3 Hash b83d4eb61e10d05bb3a3ff3c84d78520 c36664ca67a5ff74cc7769baa4284e1967c305a4 4ad528ebef2558de7f30f5917a123f7fd844c6a4462b4609fffeb7a8d922eb35 Loading...

	www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash bae0f8883c0d306d3c3ea27e2d7af4b5 0619ac468229f8592f118e3de6d69dcb11a08c25 dc94519d928ff572cf2c89ddc4ba33e4614f372d1bc9f5df35443e7422df2877 Loading...

	www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash aafcbfd539f021cf88be5f3a62d95b4a 62264678055aa498ab246ef74b89cb590d18978c 50e733acbff80d206e9ba4ca56a65a1486fed30f796e1794df595f3f1b8263d7 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663237254475&cv=9&fst=1663237254475&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663237254475&cv=9&fst=1663237254475&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 73307f41b9b96c13f4f52006602ee61d 0f62f101adfbe6403adf8b4183d8952d67bd38a7 0c0478462904210ed0c49cddd0cfa9cfd3dc1fc18b960b993ed8d02bc2c40575 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663237254479&cv=9&fst=1663237254479&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663237254479&cv=9&fst=1663237254479&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 914a16425b851beb8d9fb5f74c4b3890 26153701424007b43ecf26f7a590d2cdaee42306 c34057bba562a514dbbf36b5a3799d1f46625a3b613a22da55c8f6f8852f9da4 Loading...

	citionline-oauthbeec.query068.workers.dev/	3.5 MB	2023-03-07	2023-03-07
Pretty URL citionline-oauthbeec.query068.workers.dev/ IP 104.21.55.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash b63c341e3356767cb072b7ed23362196 ad30368615e883a074d2b5c175be126cc233643b 146f68ac1f252d02c75d8b4ff2c3f76c670357bcbae1a8e52c68bd0668cbee61 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 17:52:54 Times Seen37068521 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js	286 kB	2023-03-07	2024-04-11
Pretty URL dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js IP 162.125.71.15 ASN #19679 DROPBOX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-11 02:39:48 Times Seen114 Hash 551a7fe0d5b6fdebb3d356a632e41f8e b2b4871d0eaf5125336e174160889a1c7dc309f5 c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935 Loading...

	citionline-oauthbeec.query068.workers.dev/	1.3 kB	2023-03-07	2023-03-08
Pretty URL citionline-oauthbeec.query068.workers.dev/ IP 104.21.55.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-08 04:19:49 Times Seen1 Hash fb060603d8122872982469215e956769 707394725c2cd7af8d666a2585110d6c5c9a1a13 f0af65c4ea047f9a97fe2d1573f9b2195c7cc67c5b51de464f67348c006c8067 Loading...

	www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c	109 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash e9a5aebc3cc392756b10265233461907 9fd3f00323629d3f38571a41232c6a3dfb6c43a5 1aaa46633fb7b343d774092baee310ee19a2fdfdf0142d1d4e05392c979cac0a Loading...

	www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 869a2f9a4e2e69d2782038c2975e4788 6683a59ec3e12ee0c10ecdfd9d781aa57c089838 428d9f0d654ade2892c39aa39878355380702a70bbeaa8cf1f0f093148f21c40 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663237254446&cv=9&fst=1663237254446&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663237254446&cv=9&fst=1663237254446&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash be4f1e4f190daa22ce31bdd12f17494e 421ac9af74d6268562a95eca361d881c39d87d18 ed51e3c8e647d7aa2420528adb94cce129d7ad50089911902b1c98dfa47475a3 Loading...

	citionline-oauthbeec.query068.workers.dev/	84 B	2023-03-07	2023-04-03
Pretty URL citionline-oauthbeec.query068.workers.dev/ IP 104.21.55.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2023-04-03 23:57:57 Times Seen28 Hash 520412486dba0be8f6db00ab2199a5cc 8917078de42620486e711423f6bbb93de7a6e2f7 1530c97a0e87b9f70cc67a64306f6e9025698fb60a278af437f31b5ad7908621 Loading...

	nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963	989 B	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-09-15 03:24:05 Times Seen29 Hash a88ee16d6636b998b8a6bb0eedf3a3bb 84b7338657d33ace2048bf6b6e3b8b3fa649548a 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110 Loading...

	www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c	109 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 930fae760cf3f8670334014c7b7f2fe6 360de0c328b8341e172c955ddc4a79226ad71495 f9460358b0e8c3df16bda25b73dc5f30c2f2fcb8121b1ecd5d3b25c52d82feea Loading...

	www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash b45e9178819e5eff456ab7635046efa6 faaa492e2158ef0627a65987c6e2ab81cb6c3d43 ef8bd164d4e627ff23c48fae156b388ba8aa5d24501dd0c77c994cf628f5272d Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663237254271&cv=9&fst=1663237254271&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663237254271&cv=9&fst=1663237254271&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 47741de0a2cc3634c14c533a96c9b573 b16f38550ac8835af1988dee5082fe0756f61c64 2ebd14995e1bf4e6f678c252b3d032b883c3073e7701375247144d0c2d4ec95a Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663237254468&cv=9&fst=1663237254468&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663237254468&cv=9&fst=1663237254468&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 2986f9df64605caa8a3b30dd290d85eb 1a79da896527cf61e5dce843a5c9aa4de9d47970 72994695f956136c9d2e1d66a76f80efd619ee5fbe1e5395306502a917fae9cc Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663237254472&cv=9&fst=1663237254472&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4	2.4 kB	2023-03-07	2023-03-07
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663237254472&cv=9&fst=1663237254472&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash be95d040e59353467777995fee4d0893 7403ebeb3e64e52eee5bcf517976ed1ae113a53e 67a3478fd3ffa66a1b6f1c49b61c4cb381e5c61a944669ae5f7320bf817cb848 Loading...

	api.ipify.org/?format=jsonp&callback=getIP	29 B	2023-03-07	2024-04-25
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 3.232.242.170 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2024-04-25 15:52:16 Times Seen16458 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153	1.3 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:05 Times Seen57 Hash 4d37444c012a76a0557182615bf5cdd3 1ba1932dcc6dff6035c37a14de9852606de28329 bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650 Loading...

	citionline-oauthbeec.query068.workers.dev/	2.1 kB	2023-03-07	2024-04-22
Pretty URL citionline-oauthbeec.query068.workers.dev/ IP 104.21.55.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:55 Last Seen2024-04-22 02:05:03 Times Seen167 Hash f614f20afbf576b484daff8f1cd754e9 1638b3a4fd33b596e4f2c0b34fb4dfda7ea5b419 b706e7f259717a7f26145ad3877f817c14b281f2fb6698998dd967cfe45304ef Loading...

	www.googletagmanager.com/gtag/js?id=AW-916451471	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-916451471 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 87f2b5d5448773b154f833f5ecf048e4 48fcc403c4203a4e785dfa63bf215489e80a629c fe3260b775e5825c74eea9a66b7bc37daf9cfc4430c6c213db584ddbb315d798 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js	1.1 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash c1db4c234cf539e2bfab42c09c1ca05d 970f866c6f6acd458e94d3d6cbec3cddac256a0b 1c5391cd953f0795fdd58a4e26899f1952522101afc71b63de87f5f467c0d1a6 Loading...

	www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 3e94a15dced6059668a5a720083f074c 5738223b621d53a5258ed063dfecb7dc651e6803 49e0e3c72c91d8f63ca6e22e4a3979bce8f841c6ba363c81a8b2c2026e91074d Loading...

	www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c	118 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash c486033e5ae829533ffa9bf92ed47e11 36eadbd35a264fb8b587cba22db0e70b3231c415 8d3c80513ccf7c8658e8d78d3bf80c0f3ce2994df969d58c6b905cfd09cf8248 Loading...

	nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881	1.6 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:44:51 Last Seen2023-09-15 03:24:05 Times Seen29 Hash 43372887591ae43fb66862c6ae6d2c9b f32f657f4a8162f6ee9f1cf9a3d88e688d0eb027 1243ffed4530d6d237dd040101bf2933687f6e9272b10132060115058f914206 Loading...

	c1.rfihub.net/js/tc.min.js	20 kB	2023-03-07	2023-09-15
Pretty URL c1.rfihub.net/js/tc.min.js IP 54.230.111.57 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2023-09-15 03:24:05 Times Seen185 Hash 83c2974d08241a92c3b2dcb8f441271f 424d72cd7dfe7371c647addd7145ab3444a6b121 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js	515 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 31ab1facffb3500494bf6aca3d7e439d f06c23dba145d5aea0291e3e0a657c5f93e48ad9 cc1f329f34c5f9f4c759b787ccc409241a8ffe8d13863a87cc9214e628b43cff Loading...

	www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c	158 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 212aeddf15671a6494d4541befe3e340 c1262a52f4bd9c5116a5e20fe6bcd71f42103b8a 29faa3dbb6c36e8a643e037b3ddea74e2da20b3fb1b68e2a08e450be5bf57eed Loading...

		Size	First Seen	Last Seen
	#1 Eval - d066c179a444118cb57f3c2c7bbc579f	12 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash d066c179a444118cb57f3c2c7bbc579f 2360e18b98d230ad8f2ffeb37fa09a2e9cd66262 bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3 Loading...

	#2 Eval - a1e812d5f05d7cece0f88cbbd441cb0c	10 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash a1e812d5f05d7cece0f88cbbd441cb0c b3c0ae9c7de7985f174bfe604b81b6068d8acfbf 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5665d47caa59fd91f926642f649db551	1.2 MB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 16:53:31 Last Seen2023-03-07 16:53:31 Times Seen1 Hash 5665d47caa59fd91f926642f649db551 1656ab1575012ba65c4a50669de4d402351a4d0e abd767f74b1c91ecbbabcf428736031e94917c81b87f90e3580627f4fe98a97f Loading...

	#2 Write - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 17:52:54 Times Seen37068521 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (90)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 10:10:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dGmmz49rN5vWu8JpDbHZfdHAI-T8Lj9pTICBROJ60rdqMQiXQdk_KQ==
Age: 643

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8859
Expires: Thu, 15 Sep 2022 12:48:45 GMT
Date: Thu, 15 Sep 2022 10:21:06 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iD5jsJ0CYkag3qMsOzDTiDlR2FBqGcBE0XdrEtxvsgPmSkLHuw1sVg==
age: 20751
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 10:21:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
62c4df88fc2f69e10d2d54c660fe2c99
a032bfd92c236fe0091a69584b379d9a79f37df5
d2c5f5dc986c5890515f14942563bea72cd106b66d2f01bc7c2432378272075a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4772
Cache-Control: max-age=129183
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Etag: "63223f8e-1d7"
Expires: Fri, 16 Sep 2022 22:14:10 GMT
Last-Modified: Wed, 14 Sep 2022 20:54:38 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
62c4df88fc2f69e10d2d54c660fe2c99
a032bfd92c236fe0091a69584b379d9a79f37df5
d2c5f5dc986c5890515f14942563bea72cd106b66d2f01bc7c2432378272075a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3761
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Last-Modified: Thu, 15 Sep 2022 09:18:26 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
62c4df88fc2f69e10d2d54c660fe2c99
a032bfd92c236fe0091a69584b379d9a79f37df5
d2c5f5dc986c5890515f14942563bea72cd106b66d2f01bc7c2432378272075a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5735
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Last-Modified: Thu, 15 Sep 2022 08:45:32 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
01721134027b8087fcaea01ae7470149
e3d82b3dd35d846d3bd662a0f9b7a51cba2ba864
a7aa0a8736af71aee8a545362876a784954dbb37cda1a2c184c7ef99e14f2b56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
62c4df88fc2f69e10d2d54c660fe2c99
a032bfd92c236fe0091a69584b379d9a79f37df5
d2c5f5dc986c5890515f14942563bea72cd106b66d2f01bc7c2432378272075a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4772
Cache-Control: max-age=129183
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Etag: "63223f8e-1d7"
Expires: Fri, 16 Sep 2022 22:14:10 GMT
Last-Modified: Wed, 14 Sep 2022 20:54:38 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.74

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 08:21:10 GMT
expires: Thu, 14 Sep 2023 08:21:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 93597
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5a0890f76de28b917f5f437d663e6fa9
4eb47d1b9b8dce30048faa2200bcbcd5ee5317c3
99fbdd65a167b2fd9e82af4898db202e5edb109a7a36b33414660390c7f9aa65

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4586
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Last-Modified: Thu, 15 Sep 2022 09:04:41 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
01721134027b8087fcaea01ae7470149
e3d82b3dd35d846d3bd662a0f9b7a51cba2ba864
a7aa0a8736af71aee8a545362876a784954dbb37cda1a2c184c7ef99e14f2b56

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
817ae2f84d770515905ee2e9857639f6
067cb1dc3cbded220443d51bd30bfb92bbd35ecd
7bb9ed5d0a8878fd885c47e5e914331e65d92d29323d352dde418a2da82ad08d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 10:21:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 21:46:09 GMT
Expires: Wed, 21 Sep 2022 21:46:08 GMT
Etag: "067cb1dc3cbded220443d51bd30bfb92bbd35ecd"
Cache-Control: max-age=558900,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b0a238a9a6b4fd-OSL

dl.dropboxusercontent.com/s/45bc9mcqqrkf7xw/1440_Citi-PLT%403x.png

162.125.71.15

200 OK

28 kB

URL HTTP/2
dl.dropboxusercontent.com/s/45bc9mcqqrkf7xw/1440_Citi-PLT%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 4320 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28149 bytes)
Hash
33567268701e83c3e827b6062cb0c062
d23224d7d4fd15617c84c976f979b259557b6fc6
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

HTTP Headers

GET /s/45bc9mcqqrkf7xw/1440_Citi-PLT%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="1440_Citi-PLT@3x.png"; filename*=UTF-8''1440_Citi-PLT%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968561558912n
pragma: public
set-cookie: uc_session=hv8OcUActJLlvVFeWn8LBqNOZxktRuA3J9mFk3aPkU9UCK9CSKiGiu9bNnTr30wd; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 266
content-type: image/png
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 28149
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 7ebd604288d74bff858964cd1105f61a
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff

162.125.71.15

200 OK

76 kB

URL HTTP/2
dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

HTTP Headers

GET /s/5pecxff6thpa7bk/Interstate-Light.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://citionline-oauthbeec.query068.workers.dev
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Light.woff"; filename*=UTF-8''Interstate-Light.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968851764500n
pragma: public
set-cookie: uc_session=y1ZYmNXLnhGgOOg1hIzB7NJUgtM1YTzjiGICmZco3KsZ40il3fCcfL8EnWQVRitC; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 339
content-type: application/octet-stream
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 75538
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 7367330f2ea54e1f9cb1a5e48006b936
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 15 Sep 2022 10:03:22 GMT
Expires: Thu, 15 Sep 2022 11:00:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O8LrmtAu8QjvGfwPvlXVUDGZsUyv9iQ9CsJNNvk9bo_0RQEW2q9kdQ==
Age: 1065

api.ipify.org/?format=jsonp&callback=getIP

3.232.242.170

200 OK

29 B

URL HTTP/1.1
api.ipify.org/?format=jsonp&callback=getIP
IP
3.232.242.170:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: application/javascript
Vary: Origin
Date: Thu, 15 Sep 2022 10:21:07 GMT
Content-Length: 29
Via: 1.1 vegur

dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff

162.125.71.15

200 OK

72 kB

URL HTTP/2
dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

HTTP Headers

GET /s/onrn6uufd9w6dw9/Interstate-Bold.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://citionline-oauthbeec.query068.workers.dev
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Bold.woff"; filename*=UTF-8''Interstate-Bold.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968844676205n
pragma: public
set-cookie: uc_session=MRB308w7SmROcTztyRMIn60pE4pATwgxLqjHX32gJaLcseA6Ye9rC4cZMlzTaSzo; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 433
content-type: application/octet-stream
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 71874
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 550bba6eee474d9dbd1c902b5d1437ad
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/eltd16c80yf2gxb/Interstate-Regular.woff

162.125.71.15

200 OK

79 kB

URL HTTP/2
dl.dropboxusercontent.com/s/eltd16c80yf2gxb/Interstate-Regular.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 78762, version 1.197\012- data
Size
79 kB (78762 bytes)
Hash
b1f3eca7de0c2cb35740f32dd0b83823
dffc474081c23fc151265b637a4468e82004ecc8
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

HTTP Headers

GET /s/eltd16c80yf2gxb/Interstate-Regular.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://citionline-oauthbeec.query068.workers.dev
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Regular.woff"; filename*=UTF-8''Interstate-Regular.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968865208808n
pragma: public
set-cookie: uc_session=3j4SB6AGn5HmNIBkQtqhOWWmaQt3lTfj830a3AEkR53UdU9CTwYmyXjBVGAQRjch; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 455
content-type: application/octet-stream
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 78762
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 67d85c9f3d6844d7abedd431776dfd49
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5636
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:07 GMT
Last-Modified: Thu, 15 Sep 2022 08:47:11 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png

104.110.29.32

200 OK

1.8 kB

URL HTTP/1.1
www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png
IP
104.110.29.32:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /CBOL/IA/Angular/assets/citilogoredesign.png HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 30 Nov 2021 10:40:38 GMT
Accept-Ranges: bytes
Content-Length: 1799
X-Akamai-CITISITE: SWDC
Strict-Transport-Security: max-age=300
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
Content-Type: image/png
X-WebKit-CSP: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Date: Thu, 15 Sep 2022 10:21:07 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=2A15FCBA7460C8283AA17BE8D4B79069; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com

dl.dropboxusercontent.com/s/q76kbkh9nbu3304/320_Citi-PLT%403x.png

162.125.71.15

200 OK

12 kB

URL HTTP/2
dl.dropboxusercontent.com/s/q76kbkh9nbu3304/320_Citi-PLT%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 960 x 279, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11562 bytes)
Hash
7c1b9c0c6762e2405c3fea9847a1d422
441fd252e12934bfb00554eae96f091d2764bf32
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

HTTP Headers

GET /s/q76kbkh9nbu3304/320_Citi-PLT%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="320_Citi-PLT@3x.png"; filename*=UTF-8''320_Citi-PLT%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968563765161n
pragma: public
set-cookie: uc_session=6kyvG53epTJCBnZlRfaceut97pwNBQPLNAoUUy9ocowc6TxKhzp35KZdHlUYZbGi; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 585
content-type: image/png
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 11562
x-dropbox-response-origin: far_remote
x-dropbox-request-id: cf4a4c59f9764120b17ee88d0564fa1d
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg

162.125.71.15

200 OK

38 kB

URL HTTP/2
dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
38 kB (38281 bytes)
Hash
860b741e74fcc01df17ae12f064b7f23
1f45c389119e24f52d3e6ca023d0ba3f18a883cf
9befb322324c61b425a4ee7887edef03309c2656563d67f2ebe891e8673427f4

HTTP Headers

GET /s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=icon_globe_med-grey%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=Cck08zRqHLW5s0dfwhPO1LWZrnomLlAqZtvF6o5bqDiX9ZkVKPBnqt7UinXRjWHT; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 212
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: b95be84948524928849ae55922a75a1b
X-Firefox-Spdy: h2

i.ibb.co/RpLNy4f/ajax-loader.gif

217.182.228.53

200 OK

3.2 kB

URL HTTP/2
i.ibb.co/RpLNy4f/ajax-loader.gif
IP
217.182.228.53:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

HTTP Headers

GET /RpLNy4f/ajax-loader.gif HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 10:21:08 GMT
content-type: image/gif
content-length: 3208
last-modified: Tue, 02 Mar 2021 22:27:30 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/8om9e8hgtt1ovl2/LSO_4959.jpg

162.125.71.15

200 OK

175 kB

URL HTTP/2
dl.dropboxusercontent.com/s/8om9e8hgtt1ovl2/LSO_4959.jpg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3\012- data
Size
175 kB (174933 bytes)
Hash
4c50aaf00ec3fd89b59019568e3ce376
e67b56776d6f8bcfbc25c6d31cfea22dc234f58e
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

HTTP Headers

GET /s/8om9e8hgtt1ovl2/LSO_4959.jpg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Cookie: uc_session=WPCuGmUUulMU3uEJ4BadP2oissS9QJUe8TUroai1SpWXIaIaqNxWxWIP1ZLDPbaS
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="LSO_4959.jpg"; filename*=UTF-8''LSO_4959.jpg
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968910563788n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 234
content-type: image/jpeg
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 174933
x-dropbox-response-origin: far_remote
x-dropbox-request-id: c9f0fed41d4c4a458a6637dc3b41b126
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.210.107.213

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.210.107.213:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2QGzAzNnUdH29FF/RskPuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5YoQtOuF4Ti8eswEXOdZgz+M8hs=

nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError

54.230.111.14

204 No Content

0 B

URL HTTP/2
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: CloudFront
date: Thu, 15 Sep 2022 01:05:17 GMT
cache-control: no-cache, no-store
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: er3t8z4JnMMHWa-DxbjWp9crD2yRMDqWV00JgTOJKw9n9MfWQRZJ9A==
age: 33351
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png

162.125.71.15

200 OK

45 kB

URL HTTP/2
dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 120 x 203, 8-bit/color RGBA, interlaced\012- data
Size
45 kB (44996 bytes)
Hash
7be7c9b6b21cee4ae9dffb234765a60e
ec853bb38a24a01498cff42a8ef53d8707b39cb0
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

HTTP Headers

GET /s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Cookie: uc_session=6kyvG53epTJCBnZlRfaceut97pwNBQPLNAoUUy9ocowc6TxKhzp35KZdHlUYZbGi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Appstore-Googleplay-JDPower-Sprite.png"; filename*=UTF-8''Appstore-Googleplay-JDPower-Sprite.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968650157896n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 179
content-type: image/png
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 44996
x-dropbox-response-origin: far_remote
x-dropbox-request-id: a2b051eebcb14d7daa99339b85dbd02b
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png

162.125.71.15

200 OK

5.0 kB

URL HTTP/2
dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 140 x 349, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4952 bytes)
Hash
eec8cbc4608427f66f2c1e5a74911748
8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

HTTP Headers

GET /s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Cookie: uc_session=6kyvG53epTJCBnZlRfaceut97pwNBQPLNAoUUy9ocowc6TxKhzp35KZdHlUYZbGi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Citi-Branding-Sprite.png"; filename*=UTF-8''Citi-Branding-Sprite.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968652168104n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 174
content-type: image/png
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4952
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 01f75369ffe5469ba00f37ab61477b60
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png

162.125.71.15

200 OK

445 B

URL HTTP/2
dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

HTTP Headers

GET /s/tx4dbqw0bze09il/social-media_facebook%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Cookie: uc_session=6kyvG53epTJCBnZlRfaceut97pwNBQPLNAoUUy9ocowc6TxKhzp35KZdHlUYZbGi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_facebook@3x.png"; filename*=UTF-8''social-media_facebook%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968884486105n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 188
content-type: image/png
date: Thu, 15 Sep 2022 10:21:08 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 445
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 816c08d2bdd34f3694133ffcfdfc5082
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png

162.125.71.15

200 OK

1.2 kB

URL HTTP/2
dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

HTTP Headers

GET /s/d7sibblybve5blb/social-media_youtube%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Cookie: uc_session=6kyvG53epTJCBnZlRfaceut97pwNBQPLNAoUUy9ocowc6TxKhzp35KZdHlUYZbGi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_youtube@3x.png"; filename*=UTF-8''social-media_youtube%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968897745048n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 199
content-type: image/png
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1175
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 47aa2c63d73e4278bd1e2b7fdf4d3d51
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963

54.230.111.14

200 OK

989 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
989 B (989 bytes)
Hash
a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

HTTP Headers

GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 989
date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:14 GMT
etag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1k41oCI3fWHB__9YIZLT-3VfQ51awNkKn3CywJvJyLl-5rlkj8c8RQ==
age: 4770663
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/al8h1wt4q4z80q1/social-media_twitter%403x.png

162.125.71.15

200 OK

1.3 kB

URL HTTP/2
dl.dropboxusercontent.com/s/al8h1wt4q4z80q1/social-media_twitter%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
60b0fec951727b4762fabc2570a1317f
56f9ed9699233f4cef1317a9a2c83179070b5e8a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

HTTP Headers

GET /s/al8h1wt4q4z80q1/social-media_twitter%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Cookie: uc_session=6kyvG53epTJCBnZlRfaceut97pwNBQPLNAoUUy9ocowc6TxKhzp35KZdHlUYZbGi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_twitter@3x.png"; filename*=UTF-8''social-media_twitter%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968891955128n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 237
content-type: image/png
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1277
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 70950071bda241faa8303d88abe7eda6
X-Firefox-Spdy: h2

c1.rfihub.net/js/tc.min.js

54.230.111.57

200 OK

6.2 kB

URL HTTP/2
c1.rfihub.net/js/tc.min.js
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (19497)
Size
6.2 kB (6162 bytes)
Hash
ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f

HTTP Headers

GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6162
date: Thu, 15 Sep 2022 09:40:58 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
expires: Thu, 15 Sep 2022 10:40:58 GMT
last-modified: Thu, 15 Sep 2022 09:40:48 GMT
content-encoding: gzip
server: Jetty(9.3.29.v20201019)
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lQ-haP4nouSF_-1ctxMKNr3-p__5TIUHcQT20pdkZSmJGoy3WM8xBQ==
age: 2410
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456

54.230.111.14

200 OK

1.1 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1964)
Size
1.1 kB (1132 bytes)
Hash
989814fc381a9e3b6cd4cd1d26b1e56b
3b75ccbc8b8708681437e34f8b4b6945c9cfa6d0
6d5962278484d7b82f48a9b50472c9200f050972b6e25f6c8071e4cf6649351b

HTTP Headers

GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 04:43:02 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:09 GMT
etag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BkDVTeOYJwnZFqfpnNTvSh9W0AOh2nYFRH5PI4SYdYcrupHj4PimPg==
age: 4772287
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=DC-6260004

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=DC-6260004
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1720)
Size
42 kB (42442 bytes)
Hash
ccd4097e51fe4871fdf783189e7f7e66
fc2d4d6ef7266bde5273c245b162b499ce4b0cbf
8ec4d55c6371fb794d752ccd90855b147d953ce421742affbe9954477cab911e

HTTP Headers

GET /gtag/js?id=DC-6260004 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 15 Sep 2022 10:21:08 GMT
expires: Thu, 15 Sep 2022 10:21:08 GMT
cache-control: private, max-age=900
last-modified: Thu, 15 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908

54.230.111.14

200 OK

32 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (573)
Size
32 kB (32539 bytes)
Hash
00c45d4e324251fe84cffcc3d2f1f88f
e2b2c2e3455942859ea487f3c67c2a90f62e692f
cdd5d8be99f326e172c067f9f8d0d1a4a67b67be4ac351dfbf3df92f31c704b0

HTTP Headers

GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 13 Sep 2022 17:23:36 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 13 Sep 2022 17:23:26 GMT
etag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IKXLvp09I_DAVUCGTzfaPG9BW1wrXr9KvS7ntFMxpxwRdmwjMus18w==
age: 147452
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

54.230.111.14

200 OK

43 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
43 kB (43014 bytes)
Hash
f0f8c7370f88c814e9343c3c5c8b86b4
7bec43231a5a50da50779a361c5de539d54e83b2
a44a3b999403265e60cde5ea6a12994da27a77a4d3232bf4e785ca2889d18486

HTTP Headers

GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 04:58:00 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 31 Aug 2021 17:19:04 GMT
etag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lvNgq2PygY0ZJtQDQcA_6RFcmrmUn_F9S0sOtVYY7yVdNWcNHzn1tA==
age: 4771388
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299

54.230.111.14

200 OK

11 kB

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (615)
Size
11 kB (11224 bytes)
Hash
9cbcbd1fad3509f0e3e6ca2807d37b0c
a7ba54bf21d68756ed09f2670d735e2c269120e8
b5fb9be823fb49b029924e4aaa2db5d152c531916996eee18c3f16896683bf50

HTTP Headers

GET /citi/na_prod/code/2fec4c7c6dc69d561844935cdcfc1d5c.js?conditionId0=467299 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 16 Aug 2022 21:43:10 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
etag: W/"6ee8c75c11d701bd85d6e3c25093c469"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: jza8GqxZGhVz18cCFAItH4ZpiQFQqNOt
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: noDT-71dhCPkNualqCxk1abLlEMutV_-vCEPRBfTDJ-QFg5afLXV1g==
age: 2551079
X-Firefox-Spdy: h2

20766699p.rfihub.com/ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&pf=&ra=05343970343467708

193.0.160.128

200 OK

118 B

URL HTTP/1.1
20766699p.rfihub.com/ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&pf=&ra=05343970343467708
IP
193.0.160.128:0
ASN
#54312 ROCKETFUEL

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

HTTP Headers

GET /ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&pf=&ra=05343970343467708 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 10:21:08 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0MDWyNAfSQnyGulXO_vHeBqbliWYmWQBNm3yJJQAAAA; Path=/; Domain=.rfihub.com; Expires=Tue, 10 Oct 2023 10:21:08 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0MDWyNAfSQnyGulXO_vHeBqbliWYmWQBNm3yJJQAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js

151.101.85.230

200 OK

531 B

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (592)
Size
531 B (531 bytes)
Hash
163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a

HTTP Headers

GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Vo5x77/FcGHnkLbfUTXVLDmJHHdrlz4aMWcNwMvtCbxicDSk8U9B1rL9IzlXQT4slGKV1Pr55/g=
x-amz-request-id: 4Y0T4GP9K3GT4QZ5
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Thu, 15 Sep 2022 10:21:08 GMT
via: 1.1 varnish
age: 965825
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1663237269.919390,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2

cdn.pbbl.co/r/1560.js

143.204.55.59

403 Forbidden

986 B

URL HTTP/2
cdn.pbbl.co/r/1560.js
IP
143.204.55.59:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
986 B (986 bytes)
Hash
234ced3759fcc18846967004ce22d4e9
af64d59ba521bbde56a5a059e9e40058e42f0271
b2c4637a580f786eeaba52f67d5e708e4d76411884d71ed109ffb6078e8c6f41

HTTP Headers

GET /r/1560.js HTTP/1.1
Host: cdn.pbbl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
server: CloudFront
date: Thu, 15 Sep 2022 10:21:08 GMT
content-type: text/html
content-length: 986
x-cache: Error from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NondOvRut0UONDYX6-uwJI7RqJKMm-P8v9yvXr1ps-GGagq0xe_0pg==
vary: Origin
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js

151.101.85.230

200 OK

86 kB

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (53511)
Size
86 kB (85764 bytes)
Hash
b30a7c4298aa25029a8749c6e39227b5
2dce3d234767a1ad5e61d873cae34ae5b6fe254a
7afee8874ccfd7b48f756bc872261ec5ab41aaa9af91d91b3af2ba7e6ffd1c33

HTTP Headers

GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Thu, 15 Sep 2022 10:21:08 GMT
via: 1.1 varnish
age: 128354
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1663237269.937928,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8fd5ce3a74485c8774afee718e5d3abf
621807bbe40c3076dc9cba86b4b4cb4f230814f0
1877c0087003a63bf8187cd4e39dc8d35e8f7dcdc80dc9ae3928c7238c084df6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 10:21:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 13:42:54 GMT
Expires: Wed, 21 Sep 2022 13:42:53 GMT
Etag: "621807bbe40c3076dc9cba86b4b4cb4f230814f0"
Cache-Control: max-age=529904,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b0a242aeabb4fd-OSL

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ed97a4b82680caefc4ffdebf786e12fc
a638a68f346844709bac57a92bf3d2c28043165e
b81ed44963f5d8b54c62e7fe18db301d3c8eeaf8fbbfb099270562156e12fdc9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/pagead/conversion_async.js

142.250.74.164

200 OK

16 kB

URL HTTP/2
www.google.com/pagead/conversion_async.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1623)
Size
16 kB (15687 bytes)
Hash
4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 15 Sep 2022 10:21:09 GMT
expires: Thu, 15 Sep 2022 10:21:09 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

35.190.60.146

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
IP
35.190.60.146:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1
Host: sr.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 15 Sep 2022 10:21:09 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
39aa25d8411997d98f9093c19b0ccbca
3cb31e92d707cd561897042ed1a09de5a79e7108
f1b7b71241b580ec34281f5addc49d716eac9ecc46a3217e646c76e6dc8d4578

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9058
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 10:21:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9058
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 10:21:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9058
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 10:21:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaa65c72-7c91-4c77-a8d5-ff1616735614.jpeg

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaa65c72-7c91-4c77-a8d5-ff1616735614.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4527 bytes)
Hash
3d3507225fbae159e0d4225dc60769af
2220cf9725452aa89070063038064596b03bb808
b19d7250778b93eed58347332f0fa8c2e4c8ca7a2b30e9d605d39d51e981255e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaa65c72-7c91-4c77-a8d5-ff1616735614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4527
x-amzn-requestid: a3fb26b2-9090-483d-9f41-ca3032b51262
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIQp3G_6oAMF5Jg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631994a5-300b56f13864ff1b16b85eb8;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 07:07:17 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: d33zVonEQST3V4997c3mKpqhIVtXgAMVzxbFArOQvC12sCGFrTAl8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:44:04 GMT
age: 45425
etag: "2220cf9725452aa89070063038064596b03bb808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e9a2626-acb3-4c73-9ff9-e09ad82d489e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8447 bytes)
Hash
5a6939786c9343412c9af87efd3f44e0
14131148fda4e8d85b582fd20e76bcc814341bf1
8412c50f0fdc131d9c4422f2d7307fc1ee062c3580a1d754ef71cf84f9727d49

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e9a2626-acb3-4c73-9ff9-e09ad82d489e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8447
x-amzn-requestid: 6a307dbf-af18-4b40-a2c4-cda4a6e302d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLe84HUzIAMFkUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631adeb8-166dc8b954f4e5b50a0843de;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 06:35:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qQaQeJRgo5OcpjqbzgyZQCl-pYpvj6P_aoB07WGfV0YXyZqv4AQNCg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:42:17 GMT
age: 45532
etag: "14131148fda4e8d85b582fd20e76bcc814341bf1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9400 bytes)
Hash
4833535b1650b0ac875704023b650e66
96ab8cd8e14350f730d26731f3445710324e24e2
d2b5a51e39a4890ba56e819d4d5d1d57d4d3cfc50dde42efdf23b8e9be17d1c7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9400
x-amzn-requestid: 8cf35176-18a1-427b-870c-bdae465060c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYM18E-iIAMFcmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ff4f2-427bc0ff6593e71e25b91589;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 03:11:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0nTpbTo79RT78Sin1pTWaq4pRKWZyqnBkZCT2p66wWoW-A1OScJmIg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:09 GMT
age: 50400
etag: "96ab8cd8e14350f730d26731f3445710324e24e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d547c90-3ccc-4c25-a8e5-de1d932a8cfb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3951 bytes)
Hash
aaf675adec05212317877a5f479d11a7
cab4d850cd2bc5b3e1570ae837a58382e6eae5ec
cb4eb5b406f1ec01e3094d0519d8e4e7a469056bb898e2c47d48378e4b2b261d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d547c90-3ccc-4c25-a8e5-de1d932a8cfb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3951
x-amzn-requestid: 65c15365-1bff-4dd2-a651-33683a033e05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE9_oHP_oAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184397-148253910e5cd21b0e436b09;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:09:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wzHSKob2n4WsbIoi6eJdCptVrefJxBEVANMp-WZSm6HsOI7bPUwaDA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:19:28 GMT
age: 43301
etag: "cab4d850cd2bc5b3e1570ae837a58382e6eae5ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsps.ssl.com/

52.6.97.148

200 OK

1.9 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.9 kB (1883 bytes)
Hash
e939f76bab72754c3b732ad770a2092a
aeaba5c8577530c25214b92de6d348d9cad0d005
a9510dbf693596bea89822d423c8cf9dc33ebd29e6910f13da915c2ec9b97352

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 10:21:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Wed, 21 Sep 2022 16:46:21 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "aeaba5c8577530c25214b92de6d348d9cad0d005"
Last-Modified: Wed, 14 Sep 2022 16:46:22 GMT
X-Proxy-Cache: HIT

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f370e89-6cc5-4da8-83dc-68d5a685ce0f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9340 bytes)
Hash
a05eafb022d09a0c88432fe018f2c325
b8ae9f4346fe63c5aa7a3b07ef84eac8fc63ca94
91b3994632d954d1c93ee53a46d2d8850ebe387af40962aad787d341b742e9f0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f370e89-6cc5-4da8-83dc-68d5a685ce0f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: 23ab295a-91a0-4a91-ba26-8302088a50c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNxvmEPIIAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bc996-10ccfaf45b93ef066901573d;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 23:17:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rM-kSnE6-SpiiNFAEsMmAUgxlgMDYun5zKMwTqvnM1BQcryism74gA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:42:18 GMT
age: 45531
etag: "b8ae9f4346fe63c5aa7a3b07ef84eac8fc63ca94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5754e945-dac1-48d0-8300-12286ffe02b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10188 bytes)
Hash
d62d6861a80946a4cf3ba7e2a1cb0638
c096bfad52996315c174183644db3cc2c77d5f2c
693968cf7b76de9afb3440fe18800c02832daf3dd8a5de547e6dd9b6e4096b53

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5754e945-dac1-48d0-8300-12286ffe02b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10188
x-amzn-requestid: 48b5c3c4-d155-4e66-949e-ed631bf43890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeB3VFE7IAMFcnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632249c8-2c5c452071eddd8e23dd6393;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 21:38:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BQD-kPbiOni5_NkEcw9gLZ1mlUZ2F8BjR7sfP2VJVQnpzae1GqdkNA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:43:57 GMT
age: 45432
etag: "c096bfad52996315c174183644db3cc2c77d5f2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9jaXRpb25saW5lLW9hdXRoYmVlYy5xdWVyeTA2OC53b3JrZXJzLmRldi8iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzIzNzI1NDA5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNDBhYTZiYzAxMTYtMDM0YmM3YzBhMGY0ODc4LTMwNmQ0NjRhLTE0MDAwMC0xODM0MGFhNmJjMTNiNSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL2NpdGlvbmxpbmUtb2F1dGhiZWVjLnF1ZXJ5MDY4LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI2OTljLWEzZTctOTY4Zi02OWEwLTZiMjYtZjhmMS1hZGY1LWUzMTQiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzIzNzI1NDA5NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMyMzcyNTQwOTksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9jaXRpb25saW5lLW9hdXRoYmVlYy5xdWVyeTA2OC53b3JrZXJzLmRldi8iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzIzNzI1NDA5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNDBhYTZiYzAxMTYtMDM0YmM3YzBhMGY0ODc4LTMwNmQ0NjRhLTE0MDAwMC0xODM0MGFhNmJjMTNiNSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL2NpdGlvbmxpbmUtb2F1dGhiZWVjLnF1ZXJ5MDY4LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI2OTljLWEzZTctOTY4Zi02OWEwLTZiMjYtZjhmMS1hZGY1LWUzMTQiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzIzNzI1NDA5NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMyMzcyNTQwOTksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9jaXRpb25saW5lLW9hdXRoYmVlYy5xdWVyeTA2OC53b3JrZXJzLmRldi8iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY2MzIzNzI1NDA5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTgzNDBhYTZiYzAxMTYtMDM0YmM3YzBhMGY0ODc4LTMwNmQ0NjRhLTE0MDAwMC0xODM0MGFhNmJjMTNiNSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL2NpdGlvbmxpbmUtb2F1dGhiZWVjLnF1ZXJ5MDY4LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI2OTljLWEzZTctOTY4Zi02OWEwLTZiMjYtZjhmMS1hZGY1LWUzMTQiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzIzNzI1NDA5NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMyMzcyNTQwOTksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 15 Sep 2022 10:21:09 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-3g4z
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663237254451&cv=9&fst=1663237254451&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663237254451&cv=9&fst=1663237254451&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2352), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
2be3cadb4d5521fff1e2d3b2ae6ee9f5
0b9486669ff1dd4ca713b6d21e53ab0e8cf514e1
a45fcd7939908e139f1b4c0a337e6048dce5754f0246f973c37b08a8070458cc

HTTP Headers

GET /pagead/viewthroughconversion/830907969/?random=1663237254451&cv=9&fst=1663237254451&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1071
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663237254461&cv=9&fst=1663237254461&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663237254461&cv=9&fst=1663237254461&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
8e79241808d17cef020bcda27cb426ed
d108d0648f8e1ee268f24d37cd8b9106a0a5dd5b
f5f30b5dabed307847cdb218222c0ca29e45601c89b2c141afe70224f6dc243e

HTTP Headers

GET /pagead/viewthroughconversion/975701947/?random=1663237254461&cv=9&fst=1663237254461&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1071
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663237254446&cv=9&fst=1663237254446&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663237254446&cv=9&fst=1663237254446&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
25eb77fc794f766f06b99cbcfc603909
16de1b9ac352266f98cfcf05c18ad56c1cf4f495
a78e6b2e37161b8043caad47b40a7551e0b2406e51e127bc1750a7a92134ec97

HTTP Headers

GET /pagead/viewthroughconversion/644574043/?random=1663237254446&cv=9&fst=1663237254446&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1071
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663237254271&cv=9&fst=1663237254271&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663237254271&cv=9&fst=1663237254271&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
3e988e57036c145cbab5518167e4ed25
19c3070d62f33c08783607b18d829fcf08f36c9a
cfd2719e4bcbfa117b1225549cdeffbfe21f3c4d1383646e78196a531740f722

HTTP Headers

GET /pagead/viewthroughconversion/916451471/?random=1663237254271&cv=9&fst=1663237254271&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1071
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663237254465&cv=9&fst=1663237254465&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663237254465&cv=9&fst=1663237254465&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
242ef6413061336a21166140fad6072c
c50494ad68b712947283474834ead83ac9d05588
2e08d798fa01caf5c1d621f9631ec8f69dac6e8221f9a37592f6a48a08ac6b85

HTTP Headers

GET /pagead/viewthroughconversion/960621875/?random=1663237254465&cv=9&fst=1663237254465&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1071
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663237254468&cv=9&fst=1663237254468&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663237254468&cv=9&fst=1663237254468&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1072 bytes)
Hash
18dae6b42d4a44647f38d9c69060239e
dd5d7f243a5e955a079580bf1f40f64d8a296761
0f04ea8c72d1c45ef847b3982dc4ebebfefb66da81249703183895e35d81c6c2

HTTP Headers

GET /pagead/viewthroughconversion/959299794/?random=1663237254468&cv=9&fst=1663237254468&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1072
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663237254475&cv=9&fst=1663237254475&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663237254475&cv=9&fst=1663237254475&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1070 bytes)
Hash
d60b940172e4860319c08d2bd71470dc
e84be4e5b25706da4f37b5d87b64b41b658ad2f6
5cc8e9762ac530038d9567e6fdb7486def78d0f1ff3c36bfc6ca818ed35c8fbc

HTTP Headers

GET /pagead/viewthroughconversion/695231162/?random=1663237254475&cv=9&fst=1663237254475&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1070
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663237254479&cv=9&fst=1663237254479&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663237254479&cv=9&fst=1663237254479&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2358), with no line terminators
Size
1.1 kB (1071 bytes)
Hash
31560e298761185213a2dc09a58e0011
2c5e84212e61c07d6e330b73e43e7b4ecdd4a068
3432704c274daef508813e679b6d1e7dac614bdb1a1a3b823d07af6f55a2f133

HTTP Headers

GET /pagead/viewthroughconversion/10955006959/?random=1663237254479&cv=9&fst=1663237254479&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1071
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663237254472&cv=9&fst=1663237254472&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663237254472&cv=9&fst=1663237254472&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2354), with no line terminators
Size
1.1 kB (1069 bytes)
Hash
fae303959bac4e4ad2b4686412620f32
0aac5e3a8beb9ad522baf8adc0715d95f8e20d30
c572beb59c6a08363ba1c79d1496bfe7c4ba2d1c8bc7600296c081cd00f3e464

HTTP Headers

GET /pagead/viewthroughconversion/819500023/?random=1663237254472&cv=9&fst=1663237254472&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&auid=1687395116.1663237254&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1069
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 10:36:09 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a8b2bb270d78a6dddeb5b7fa01bd896c
eee28c4dd10c090f100c6ed383392b67d9fb9200
5c929c1a5e85ed508916eda62cccedb3ef1a5f407468596fa2726c476e2a9340

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8fd5ce3a74485c8774afee718e5d3abf
621807bbe40c3076dc9cba86b4b4cb4f230814f0
1877c0087003a63bf8187cd4e39dc8d35e8f7dcdc80dc9ae3928c7238c084df6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 10:21:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 13:42:54 GMT
Expires: Wed, 21 Sep 2022 13:42:53 GMT
Etag: "621807bbe40c3076dc9cba86b4b4cb4f230814f0"
Cache-Control: max-age=529903,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b0a243f838b4fd-OSL

www.google.no/pagead/1p-user-list/10955006959/?random=1663237254479&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3725679333&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10955006959/?random=1663237254479&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3725679333&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10955006959/?random=1663237254479&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3725679333&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/695231162/?random=1663237254475&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1236636064&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/695231162/?random=1663237254475&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1236636064&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/695231162/?random=1663237254475&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1236636064&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/959299794/?random=1663237254468&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3804170212&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/959299794/?random=1663237254468&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3804170212&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/959299794/?random=1663237254468&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3804170212&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/830907969/?random=1663237254451&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=840191570&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/830907969/?random=1663237254451&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=840191570&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/830907969/?random=1663237254451&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=840191570&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/975701947/?random=1663237254461&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2195727105&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975701947/?random=1663237254461&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2195727105&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975701947/?random=1663237254461&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2195727105&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/819500023/?random=1663237254472&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2058196272&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/819500023/?random=1663237254472&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2058196272&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/819500023/?random=1663237254472&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2058196272&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/916451471/?random=1663237254271&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4131784447&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/916451471/?random=1663237254271&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4131784447&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/916451471/?random=1663237254271&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4131784447&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/644574043/?random=1663237254446&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1819032079&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/644574043/?random=1663237254446&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1819032079&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/644574043/?random=1663237254446&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1819032079&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/960621875/?random=1663237254465&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2058245141&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/960621875/?random=1663237254465&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2058245141&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1663237254465&cv=9&fst=1663236000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2058245141&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 10:21:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a8b2bb270d78a6dddeb5b7fa01bd896c
eee28c4dd10c090f100c6ed383392b67d9fb9200
5c929c1a5e85ed508916eda62cccedb3ef1a5f407468596fa2726c476e2a9340

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 10:21:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881

54.230.111.14

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 04:43:02 GMT
x-amz-replication-status: COMPLETED
last-modified: Thu, 14 Jul 2022 20:16:36 GMT
etag: W/"43372887591ae43fb66862c6ae6d2c9b"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: RvpSCqGYAfuhljj0NjnAsdqP.N32uojg
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U33az-YD0D6nFtcI-jl5x3BTMJawQLjG0Pypw1vAoXl80ZMtIaq-xA==
age: 4772287
X-Firefox-Spdy: h2

citionline-oauthbeec.query068.workers.dev/

104.21.55.244

200 OK

0 B

URL HTTP/2
citionline-oauthbeec.query068.workers.dev/
IP
104.21.55.244:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: citionline-oauthbeec.query068.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Thu, 15 Sep 2022 10:21:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEdXcoMspc8d5uk7K5d0q7SV2%2BwSeJ73zKzyZQCWpjShvQiQm%2BmDVW4gIiM0gh17roiXhs39avPrLcq51W07vt4cXl8xYrG%2F1b6EJA1AvQadnhtN24uTSKommGGk3XLzLI0e21BwJ8iJEzCduvRJHJjhbOhX8SbCh%2FhpSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b0a2340dc4b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/serverComponent.php?r=20.515975917261077&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F

54.230.111.14

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=20.515975917261077&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/serverComponent.php?r=20.515975917261077&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fcitionline-oauthbeec.query068.workers.dev%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
server: nginx
date: Thu, 15 Sep 2022 10:21:08 GMT
expires: Thu, 15 Sep 2022 10:21:07 GMT
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oGVq1FsDYgJFaBIVC67CItuhxw298vUsXg2VkdoA3ITfNruzaF3HLQ==
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/ttemfbjw200ljgk/050-location%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=050-location%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=KpISrc0wDMfqFNN3LZ5CA8B1alLz1vt3V6x8MwHofoWkkXalz6ROBqyJPXQqkJLe; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 257
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 78fcc2a6ccec4f64a65782893828531a
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/esn6641krlordqt/styles.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=WPCuGmUUulMU3uEJ4BadP2oissS9QJUe8TUroai1SpWXIaIaqNxWxWIP1ZLDPbaS; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 348
content-type: text/css; charset=utf-8
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 0d28da259e1441ad89dfe117426a6a16
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099

54.230.111.14

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 16 Aug 2022 21:43:10 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
etag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eTC-w9BXB0b8YW_QDB6rRUnr6Bnewphr_Vx49BDteYLqKVRKMElvtQ==
age: 2551079
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/z095l2wk45dt9ci/Bootstrap.js HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Bootstrap.js"; filename*=UTF-8''Bootstrap.js
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=lTN3madJJVXllLVBgLVPJsVJPyUotaS4mu90yKw98RDoPOqm4l4Xp96ottJh5eKb; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 180
content-type: application/javascript
date: Thu, 15 Sep 2022 10:21:07 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 760980f011a94c94b6b94fa29c9d2599
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757

54.230.111.14

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://citionline-oauthbeec.query068.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Tue, 16 Aug 2022 21:43:10 GMT
x-amz-replication-status: PENDING
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
etag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: saZsye0sBWZscCqIqdUFV5fwYcTTlqCbQkFtxxmDivg3OgLcmlg68Q==
age: 2551079
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (48)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations