Report - citionline-aouth86c0.query357.workers.dev/

Report Overview

Submitted URL
citionline-aouth86c0.query357.workers.dev/
IP
104.21.30.254
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-16 12:35:57
Access
public
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-17T09:53:07Z	328 B	964 B	104.18.32.68
api.ipify.org	3267	2014-10-06T14:38:43Z	2023-03-16T18:12:58Z	390 B	211 B	3.232.242.170
nexus.ensighten.com	2786	2012-05-23T20:34:00Z	2023-03-17T07:53:01Z	6.8 kB	87 kB	54.230.111.14
20766699p.rfihub.com	40171	2017-08-24T23:47:17Z	2023-03-17T01:05:18Z	1.3 kB	1.1 kB	193.0.160.129
udc-neb.kampyle.com	3039	2015-12-24T10:52:27Z	2023-03-16T20:47:43Z	2.0 kB	518 B	35.241.45.82
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-17T10:40:56Z	7.1 kB	6.8 kB	142.250.74.3
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-17T05:09:02Z	2.0 kB	5.3 kB	23.36.76.226
citionline-aouth86c0.query357.workers.dev	unknown	2022-09-14T11:54:57Z	2023-03-13T00:10:30Z	3.1 kB	598 kB	104.21.30.254
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-17T11:31:19Z	404 B	32 kB	216.58.207.234
www.citi.com	26692	2012-06-25T16:23:07Z	2023-03-16T18:22:29Z	425 B	2.7 kB	104.110.29.32
dl.dropboxusercontent.com	12831	2019-02-11T02:24:40Z	2019-03-28T09:18:21Z	4.4 kB	264 kB	162.125.71.15
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-17T05:09:15Z	2.1 kB	49 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-17T05:09:04Z	758 B	2.7 kB	143.204.55.36
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-17T05:10:36Z	401 B	5.8 kB	143.204.55.110
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-17T10:42:19Z	1.6 kB	3.7 kB	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-17T05:10:36Z	594 B	127 B	35.162.203.49
resources.digital-cloud-citi.medallia.com	25588	2019-02-05T03:36:49Z	2023-02-14T10:21:06Z	1.2 kB	3.4 kB	151.101.85.230
ocsps.ssl.com	14517	2018-11-21T11:22:19Z	2023-03-17T05:14:18Z	325 B	2.3 kB	34.237.184.165
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-17T05:09:22Z	4.6 kB	9.8 kB	142.250.74.3
c1.rfihub.net	6410	2012-05-22T11:58:31Z	2023-03-17T08:09:35Z	293 B	6.8 kB	54.230.111.57
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-17T08:44:25Z	3.0 kB	64 kB	142.250.74.72
www.google.com	7	2015-05-10T13:11:19Z	2023-03-17T10:46:21Z	389 B	16 kB	142.250.74.164
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-17T11:35:34Z	7.3 kB	18 kB	216.58.207.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.
2022-09-15	medium	citionline-aouth86c0.query357.workers.dev/	Citigroup Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-16	medium	citionline-aouth86c0.query357.workers.dev/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (38)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c	158 kB	2023-03-17	2023-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 1d4cbb45773c515ec8eef2251cb3701d e7195add06fb25da60b5c3cc543d286639c9c97d 18885fc266d882ef791e3b20d54eb6d06dfd1b9c14b46b553f1ffd40ebd29f4a Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 2d21e60e6c173aef655e55c2957121b6 e3a6969d3f71c710040877c08ce5d45972666d59 2ea258a84b91eab8df5a3bf2db34c68591c6b60e4f4d57cd367fa3cdb162efae Loading...

	api.ipify.org/?format=jsonp&callback=getIP	29 B	2023-03-07	2024-05-10
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 3.232.242.170 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2024-05-10 23:13:20 Times Seen16798 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js	515 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 31ab1facffb3500494bf6aca3d7e439d f06c23dba145d5aea0291e3e0a657c5f93e48ad9 cc1f329f34c5f9f4c759b787ccc409241a8ffe8d13863a87cc9214e628b43cff Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 8a77c4277d98ec3b8d2469dfe6350b57 d65fcb209b2b5727ff593d7fc92fe3c182b06d68 05d67486ec40d5afcd28c7fbe6c0efc9383bd8d8e01dd2f70132626647ff2002 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 5e25e6c69da7c1cca27dfd918ddf78be 6e706aa15d533fad82c4487aa9029b609da0edfb 515c975fcd6837b1c7ced572e7e4caf4f692368666f420aa9e26e07bdbd59eaf Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash f88bbfd2eed82c359e04ea53b72804b9 ca6b471021b5b4a1e7d462aebb66f73be84b21b5 d555c0c236eb913b71d786d07abc17cf30fad310fb35edfabcb5a2a64bfb9c0c Loading...

	www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c	118 kB	2023-03-17	2023-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 9b7f7fdf6ccac18c5abb574e9c46a16b 0a8dd2009ca315f4849d3bcf6c4b62159b5b068e 2a52b5091eec5986f4f45fb5d9630f8bd94464829b82c9c1f0fee500fae44001 Loading...

	www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c	118 kB	2023-03-17	2023-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 54d1921d3bd4f96b238827d97b68d07a 40c1cfd78649edc547183b88c3694b5ccafdbd56 0660a296db89153e314bb64621f453cc19f484d7a888ca7235ed615ac30e1b44 Loading...

	www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c	118 kB	2023-03-17	2023-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 047a3242c8fb257cf58bca15081a5dc1 5d7ac2d77f2319bf5a0d00bc1ba656690add4874 aa6ad5bccd53252e54505735ae32f7ee52ef6df4ac11b336a6f4a23cce09a3cc Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 82f30c8235f63163660af68c0787f04b 696a719ab0d06968acacb56c2d0f1fd1cda24a0b c0488f2753155fee0110e9f30cc7ebd00ffb262dfea1261119044240d7253a0d Loading...

	nexus.ensighten.com/citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F	1.3 kB	2023-03-17	2023-03-17
Pretty URL nexus.ensighten.com/citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 110e87c18f9659e7bb556662efc4096b 10c2f234788f80c33e5de20d7523da4e03685cd8 00a4264068b1a7c99c56783f311e5c86875f7201cfd0159240dafc4c19fff000 Loading...

	20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438	54 B	2023-03-07	2023-03-29
Pretty URL 20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438 IP 193.0.160.129 ASN #54312 ROCKETFUEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-03-29 22:08:24 Times Seen3 Hash b83d4eb61e10d05bb3a3ff3c84d78520 c36664ca67a5ff74cc7769baa4284e1967c305a4 4ad528ebef2558de7f30f5917a123f7fd844c6a4462b4609fffeb7a8d922eb35 Loading...

	www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c	118 kB	2023-03-17	2023-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 15a315ade0236b442cbbf3981fafe91f 7fbe82fb070712aabd2a7e536dbc805ae1375c33 6712c072f62c9af9f80c50da15c44b65f23de5b9c889a50616c8b32b68baa7f6 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash cbdd7557d4d369f2ec4969eae3fe4b36 284258012f28bfb58f8eb9a96c03a91e61bb2b7e 9e744c63ccbd85305a47941851d2850543624abd110f7974a190cbf210f73355 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 83922da975360ebaa26e4fe7d55f9220 a22c2cf8ed2017dfb80d1023acdf2976e8f200a8 f2fb8d0a42bdce9c6ec940eee7aad3c100eae19ab28f9070021e81507a63cf49 Loading...

	nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153	1.3 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:05 Times Seen57 Hash 4d37444c012a76a0557182615bf5cdd3 1ba1932dcc6dff6035c37a14de9852606de28329 bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650 Loading...

	resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js	1.1 kB	2023-03-07	2023-03-17
Pretty URL resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js IP 151.101.85.230 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2023-03-17 12:42:20 Times Seen1 Hash c1db4c234cf539e2bfab42c09c1ca05d 970f866c6f6acd458e94d3d6cbec3cddac256a0b 1c5391cd953f0795fdd58a4e26899f1952522101afc71b63de87f5f467c0d1a6 Loading...

	www.google.com/pagead/conversion_async.js	42 kB	2023-03-07	2023-03-17
Pretty URL www.google.com/pagead/conversion_async.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:28:40 Last Seen2023-03-17 12:55:48 Times Seen1 Hash cedb242a337140e0dedb365b50a20508 cf2420a336b9405dfc7d236ec57873fe3ef0f726 5a39699f592d82029c73d15d80e407d51367dd5cf2d49172c9ad4aa8176ce67b Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash e1453c914d483ed122fa17f52a798cc4 4a8df4bd16c11af00f9a0e5432dc52fef41894a5 2207b0a836e1093db4f4599cf4bbfe0674367a442be3ed179a5b5e0cfdefcdb7 Loading...

	citionline-aouth86c0.query357.workers.dev/	2.1 kB	2023-03-07	2024-05-04
Pretty URL citionline-aouth86c0.query357.workers.dev/ IP 104.21.30.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:55 Last Seen2024-05-04 07:38:09 Times Seen168 Hash f614f20afbf576b484daff8f1cd754e9 1638b3a4fd33b596e4f2c0b34fb4dfda7ea5b419 b706e7f259717a7f26145ad3877f817c14b281f2fb6698998dd967cfe45304ef Loading...

	citionline-aouth86c0.query357.workers.dev/	1.3 kB	2023-03-07	2023-03-17
Pretty URL citionline-aouth86c0.query357.workers.dev/ IP 104.21.30.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:27:46 Last Seen2023-03-17 12:42:20 Times Seen1 Hash efc9ebd7135412a0516e22026c1e7cf8 2aa6437b8eacedc3e92dea85295af3a9b0889ef2 49493b9bfab6589c635b4d6f93877696ec3ba71705642e3a1f0b074ecf8c1c59 Loading...

	nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963	989 B	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-09-15 03:24:05 Times Seen29 Hash a88ee16d6636b998b8a6bb0eedf3a3bb 84b7338657d33ace2048bf6b6e3b8b3fa649548a 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110 Loading...

	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 04:56:34 Times Seen37534860 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	citionline-aouth86c0.query357.workers.dev/	1.2 MB	2023-03-17	2023-03-17
Pretty URL citionline-aouth86c0.query357.workers.dev/ IP 104.21.30.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 0e7378bfe2a8cf2c9fc3ddfde8651bce fde9ffb8a32fa70587854fc3ee5c56b25e07ac0f 584f4ada4576b4cec385869e78d9da56b928db01c3d1f8d037642ba4b0967355 Loading...

	nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456	2.2 kB	2023-03-07	2023-09-15
Pretty URL nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2023-09-15 03:24:04 Times Seen29 Hash c12999fcad47ab9cba1967b8c736048d cd62dba28e44aceb5f26c5757f24f59f4f79dc95 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716 Loading...

	citionline-aouth86c0.query357.workers.dev/	84 B	2023-03-07	2023-04-03
Pretty URL citionline-aouth86c0.query357.workers.dev/ IP 104.21.30.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2023-04-03 23:57:57 Times Seen28 Hash 520412486dba0be8f6db00ab2199a5cc 8917078de42620486e711423f6bbb93de7a6e2f7 1530c97a0e87b9f70cc67a64306f6e9025698fb60a278af437f31b5ad7908621 Loading...

	nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099	7.5 kB	2023-03-07	2023-04-30
Pretty URL nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 IP 54.230.111.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:49 Last Seen2023-04-30 08:15:02 Times Seen42 Hash 412eb38d6a797c24fd5d7e30e1b9799d d2e692a369931cc5bda6418efcef831cbf115ac2 d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02 Loading...

	citionline-aouth86c0.query357.workers.dev/	1.0 kB	2023-03-07	2023-03-17
Pretty URL citionline-aouth86c0.query357.workers.dev/ IP 104.21.30.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:27:45 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 1b6bc9e9bf63ad6995ead9dcefa6364b ae1c91f79fcfc7cdbf962893c96f57e5743666b8 ec0d481955908000e6e9f2e96896c6d4977dbaec6ecc6b09d80eef919068dfeb Loading...

	c1.rfihub.net/js/tc.min.js	20 kB	2023-03-07	2023-09-15
Pretty URL c1.rfihub.net/js/tc.min.js IP 54.230.111.57 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2023-09-15 03:24:05 Times Seen185 Hash 83c2974d08241a92c3b2dcb8f441271f 424d72cd7dfe7371c647addd7145ab3444a6b121 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Loading...

	www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c	158 kB	2023-03-17	2023-03-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash d70ae1b0fb17853387c7bbe9bb17a556 3160eb94ae8d9bc49527701b6eb612f02c05a732 4219d90711f2c365973196595bc1b4790bb56d7f7a9d5b180fc595badadc04b8 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4	2.3 kB	2023-03-17	2023-03-17
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 IP 216.58.207.194 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 12:42:20 Last Seen2023-03-17 12:42:20 Times Seen1 Hash 809a88d6828cae2c09e8cca17d1f6908 87aca597c4b28e5191b962ff4eb2988086da5585 cf72bed262341443901849b0bdf8e50d68f48352ae4ea9b909f621bf1ca0daae Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-11 04:12:11 Times Seen270405 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js	286 kB	2023-03-07	2024-04-11
Pretty URL dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js IP 162.125.71.15 ASN #19679 DROPBOX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-11 02:39:48 Times Seen114 Hash 551a7fe0d5b6fdebb3d356a632e41f8e b2b4871d0eaf5125336e174160889a1c7dc309f5 c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d066c179a444118cb57f3c2c7bbc579f	12 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash d066c179a444118cb57f3c2c7bbc579f 2360e18b98d230ad8f2ffeb37fa09a2e9cd66262 bddcf25867435760b58937910118ebed74be4f123e0aefd1248383144032afa3 Loading...

	#2 Eval - a1e812d5f05d7cece0f88cbbd441cb0c	10 B	2023-03-07	2023-05-04
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2023-05-04 15:22:18 Times Seen104 Hash a1e812d5f05d7cece0f88cbbd441cb0c b3c0ae9c7de7985f174bfe604b81b6068d8acfbf 338eebe354feee40bdfe97326853bdc041f0478b9a764f2cde16abcd93dc9a86 Loading...

		Size	First Seen	Last Seen
	#1 Write - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-05-11
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 04:56:34 Times Seen37534860 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	#2 Write - f738856b38e06110ed37c45f21634c94	403 kB	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 14:27:46 Last Seen2023-03-17 12:42:20 Times Seen1 Hash f738856b38e06110ed37c45f21634c94 60175eb9e82072928e35edf5e82d4deecc66c73f 01b4b6681c7c9cb98587a998d0cc4e25b9965fdcdd8015d0e77b3e7d8d7ff024 Loading...

HTTP Transactions (101)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 12:10:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 04ynnuUKWJjBhiR3CF7hrjzMGoqm4ln9Ppu9fbRJfgIm6zjsm2B9JA==
Age: 1498

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3141
Expires: Fri, 16 Sep 2022 13:28:07 GMT
Date: Fri, 16 Sep 2022 12:35:46 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XKtQ7cRf93sXMxI0FpHPKJW7Pi_VNM0EYopN7gGZiHcYuU8Hyrjn0g==
age: 28831
X-Firefox-Spdy: h2

citionline-aouth86c0.query357.workers.dev/

104.21.30.254

200 OK

102 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size
102 kB (102041 bytes)
Hash
73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:46 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj9JvKUKYcPCYsJswEq7Dz06lXCAXo8NMd1TcVhqf21J1BWsC4xB8R%2FPdOFlJkWXUgaoi1eUsxuAbc4%2BF%2FlpZoECBeMvJlAhT07OKy20oehijQAzOBvH6XqGV7p3wFcqNQHbb50zmx%2BtBRE7pF%2FY4F5CZG%2F28iFbA5oNGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4d5fd3ab4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d1e220b0246043ac08d7b2d85be2850f
2e9c4183d08907e7bc306b1e57ccb5e12171b2ca
2dee1a76d84b053ce15f6d9906d3a45f3affca90250929c31bdf2d1cfba75516

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6518
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 10:47:08 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2e8e3b8dcfc70035468cee19fa0ce164
8abd549de54a56c4d8866642803817e1d411ad88
9f8702221570464be855f0cf42d77a90b745fbf6c60d5d437218d45f9603fd19

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d1e220b0246043ac08d7b2d85be2850f
2e9c4183d08907e7bc306b1e57ccb5e12171b2ca
2dee1a76d84b053ce15f6d9906d3a45f3affca90250929c31bdf2d1cfba75516

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5721
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 11:00:26 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
337a10694ea0596e698c8d077987b2ba
beeab26c0fedd9cb9b0fe47a48fa34598fb30187
5de7cab92adaffc46e6239b83ef789031674dd2075242f0e06cc4838929db7de

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 11:28:28 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d1e220b0246043ac08d7b2d85be2850f
2e9c4183d08907e7bc306b1e57ccb5e12171b2ca
2dee1a76d84b053ce15f6d9906d3a45f3affca90250929c31bdf2d1cfba75516

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6518
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 10:47:08 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

216.58.207.234

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 08:21:10 GMT
expires: Thu, 14 Sep 2023 08:21:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 188076
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

citionline-aouth86c0.query357.workers.dev/css/all.min.css

104.21.30.254

200 OK

102 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/all.min.css
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size
102 kB (102041 bytes)
Hash
73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/all.min.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:46 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6GUWQpsc8x1zBeQFYFWMtVUu8B8C2RWvnskWpYCYpVu%2FrjDZXrhXsbmKrd6L38SSiuM5l7jTaGc6XKZzq2J2R65QutgzJrq%2BbmjW1dip4919E5HJHFcJhJuClnBZTgT8OL4ARpny9XSCrBgYV3dXv9CtmrRZvdNqRrqfmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4d9aa2fb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2e8e3b8dcfc70035468cee19fa0ce164
8abd549de54a56c4d8866642803817e1d411ad88
9f8702221570464be855f0cf42d77a90b745fbf6c60d5d437218d45f9603fd19

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 16 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 12:48:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: st_NGOlgwF-jSh9ifzPLJWaaHcaPlfKPS9ry41uvSUsUKQc-Vy6JcA==
Age: 1945

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5535
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:47 GMT
Last-Modified: Fri, 16 Sep 2022 11:03:32 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

citionline-aouth86c0.query357.workers.dev/css/style.css

104.21.30.254

200 OK

102 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/style.css
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size
102 kB (102041 bytes)
Hash
73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/style.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wO%2Br6LTedph9w7sEeb653q913%2FkRlhUeyQSxweKqqon4BV5iHF737GCWe92nmU5Unw8D4Rb%2B4sug%2BKc9XaPb19%2FfWlfsMleJf2fZjSGmfqX5k98mn%2BKxwp0vdYmnIv8ehbRM1h50C8Z8jlipQaU5vyX9mdHB3PVJEUWaMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4d9badab52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png

104.110.29.32

200 OK

1.8 kB

URL HTTP/1.1
www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png
IP
104.110.29.32:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1799 bytes)
Hash
b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

HTTP Headers

GET /CBOL/IA/Angular/assets/citilogoredesign.png HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Tue, 30 Nov 2021 10:40:38 GMT
Accept-Ranges: bytes
Content-Length: 1799
X-Akamai-CITISITE: SWDC
Strict-Transport-Security: max-age=300
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
Content-Type: image/png
X-WebKit-CSP: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Date: Fri, 16 Sep 2022 12:35:47 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=1882CF67B6C93D0EFCCC2534569A6598; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
817ae2f84d770515905ee2e9857639f6
067cb1dc3cbded220443d51bd30bfb92bbd35ecd
7bb9ed5d0a8878fd885c47e5e914331e65d92d29323d352dde418a2da82ad08d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 21:46:09 GMT
Expires: Wed, 21 Sep 2022 21:46:08 GMT
Etag: "067cb1dc3cbded220443d51bd30bfb92bbd35ecd"
Cache-Control: max-age=464420,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b9a4db7870b505-OSL

api.ipify.org/?format=jsonp&callback=getIP

3.232.242.170

200 OK

29 B

URL HTTP/1.1
api.ipify.org/?format=jsonp&callback=getIP
IP
3.232.242.170:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: application/javascript
Vary: Origin
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Length: 29
Via: 1.1 vegur

push.services.mozilla.com/

35.162.203.49

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.203.49:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: F0kTEZXw4hFt6Upn+LOmHw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VBeJCm7bXw0BD6jmJUo498MbnrA=

citionline-aouth86c0.query357.workers.dev/css/all.min.css

104.21.30.254

200 OK

102 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/all.min.css
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size
102 kB (102041 bytes)
Hash
73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/all.min.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkNymOtRt2vbRP4lQdAkWHXo6BTUL6Vc%2FdSGrB5S21RVSzQsIcTxvo9xu3Z9C3D7mRJGanDlv47onukylMxI%2FnQNeXShP9Fd0z%2FkL0sPmzCrr0CZttJL%2FSNRT75%2BWG8JXL2kBX4RkXBeQPRdt0y7%2BlJSNm1Z%2F%2B%2Ft2Cel%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dfcb4c1c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png

162.125.71.15

200 OK

1.0 kB

URL HTTP/2
dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 5 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 kB (1001 bytes)
Hash
a673c51b56b022c5a190b93060e3368b
15ff8d5fa005554f2a5cf9d4c2440da5ebe8c8c0
8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc

HTTP Headers

GET /s/gd8h4cwovjh6a2u/progress-indicator-bg.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
Cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="progress-indicator-bg.png"; filename*=UTF-8''progress-indicator-bg.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968878381358n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 165
content-type: image/png
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1001
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 9a6eca5df11a4c628ff254e951584c08
X-Firefox-Spdy: h2

citionline-aouth86c0.query357.workers.dev/css/style.css

104.21.30.254

200 OK

102 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/style.css
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size
102 kB (102041 bytes)
Hash
73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/style.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZ8R94%2Fw4OTYgnZSQDcDQ7PR9knNHpX31GbX6I12fp26YSuY%2BPCcShBr2xUBohteAMtU5D8JPtMRfVcd02JQhgrZq8mwfkooRDLLNgkElTL%2Br75clV29kDQc9coJsS5bGaOa1DNw5Oz3vB6xoxCWAnGV818840iNLvlztg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dfce1efac4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff

162.125.71.15

200 OK

76 kB

URL HTTP/2
dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Size
76 kB (75538 bytes)
Hash
3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

HTTP Headers

GET /s/5pecxff6thpa7bk/Interstate-Light.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citionline-aouth86c0.query357.workers.dev
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Light.woff"; filename*=UTF-8''Interstate-Light.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968851764500n
pragma: public
set-cookie: uc_session=NhEbtqUEA8aStKP4EwpxluvdblxRxRAnERpCnfHixz2DmKoX2GisxvzKEOzlFIE8; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 276
content-type: application/octet-stream
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 75538
x-dropbox-response-origin: far_remote
x-dropbox-request-id: cef40f84a12c467c98dd3bb7fc05b3be
X-Firefox-Spdy: h2

citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png

104.21.30.254

200 OK

51 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
51 kB (51347 bytes)
Hash
a2c11ad4e246be8de2f7493c094d6a92
1708bd406bb5f8c9e26cb20887e0a68ec13e960e
8aedc844bbbea0392cc21f68206cfbcad928faa0f773acdad6119a3b822bb567

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/1440_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYS%2B0vMZUkhw9feuHTF3w1TZiG0%2BB%2BcxjKXeGbwa3sa%2FA1iCS3KrVn%2B5kUZ3jU08Xb1ZNi470WGl2aIlFVUcmAmP5BBn86J3I4FFGHwWgCrXpWqBo1Hx3vQG4Q%2BUaDeSNzCXHY%2F6pPTTzI14yX7VIlItqJe%2F%2Fx6dS%2BDHww%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4e22f84fac4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png

162.125.71.15

200 OK

1.2 kB

URL HTTP/2
dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1175 bytes)
Hash
3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

HTTP Headers

GET /s/d7sibblybve5blb/social-media_youtube%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_youtube@3x.png"; filename*=UTF-8''social-media_youtube%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968897745048n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 170
content-type: image/png
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1175
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 7fc84a3f50b54899b755ee20fe0d3ef2
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png

162.125.71.15

200 OK

445 B

URL HTTP/2
dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
445 B (445 bytes)
Hash
1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

HTTP Headers

GET /s/tx4dbqw0bze09il/social-media_facebook%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_facebook@3x.png"; filename*=UTF-8''social-media_facebook%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968884486105n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 176
content-type: image/png
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 445
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 32c3fd9a8e41491abd76c6fcc259dbe9
X-Firefox-Spdy: h2

citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png

104.21.30.254

200 OK

8.8 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
8.8 kB (8814 bytes)
Hash
95c56b28bd6c1ff936913e46e4012680
e03c34394aa792614e652cdd93cb884c28d6acdb
01f1af6b9f920e0c12ea23cd927610371dfafce41c6d256f20e1e9bce8d70db5

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/320_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBNaybF8hQyZ0%2FY07I4U9FFk82YoBnMMUW34WzezRob%2FkcVlClX8gxAqyRy%2F6mFZ9AZAIzUEEi9oXkhjh9VYwUntIIjGyKjyuhoLrvXV1Rqxga204ZYrtJOYLzzFnYy31PVLDIzv7G3OX%2BeOjENDI6Gyl%2Bk59jTwaCXPbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4e22e301c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js

162.125.71.15

200 OK

105 kB

URL HTTP/2
dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
data
Size
105 kB (104595 bytes)
Hash
5c8c012f5cdff26d18d83e5f07c6d1e9
2d5951f5551621d839512f13d2a4aad61300927a
9270821fe53914d0873de55647900afdcefc50ef79a06058032d04fd79b14e65

HTTP Headers

GET /s/z095l2wk45dt9ci/Bootstrap.js HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Bootstrap.js"; filename*=UTF-8''Bootstrap.js
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=aOS9ZMVmVRndyYzGKfEUT2qoLzmLjzh5Z80o5hVOrRk3I5OyiruJmfEMRsI6xnzT; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 377
content-type: application/javascript
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 31a720d506ad46f1b9239af1406c559c
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff

162.125.71.15

200 OK

72 kB

URL HTTP/2
dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Size
72 kB (71874 bytes)
Hash
9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

HTTP Headers

GET /s/onrn6uufd9w6dw9/Interstate-Bold.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citionline-aouth86c0.query357.workers.dev
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Bold.woff"; filename*=UTF-8''Interstate-Bold.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968844676205n
pragma: public
set-cookie: uc_session=YoKTeFBSBIzDYXV5zgvFB5wiiRIn0q9zDZDbvP5lX34JhTxXQwv9XMazhJngLXBY; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 726
content-type: application/octet-stream
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 71874
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4f0d0a8857b3441e853dd0794b828c0c
X-Firefox-Spdy: h2

nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError

54.230.111.14

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 16 Sep 2022 01:05:17 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Dj2GDWz6xWbFMVIYAPEuZ7QY-dFi060J0UWmZM8ZPnLj1_j6Sxgh8A==
Age: 41431

nexus.ensighten.com/citi/na_prod/perf.rnc?cid=1129&ns=1663331730031&ce=0&cs=0&dc=0&dclee=0&dcles=2009&di=2009&dl=306&dle=0&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=61&resps=216&respe=327&scs=0&ues=0&uee=0

54.230.111.14

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/perf.rnc?cid=1129&ns=1663331730031&ce=0&cs=0&dc=0&dclee=0&dcles=2009&di=2009&dl=306&dle=0&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=61&resps=216&respe=327&scs=0&ues=0&uee=0
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /citi/na_prod/perf.rnc?cid=1129&ns=1663331730031&ce=0&cs=0&dc=0&dclee=0&dcles=2009&di=2009&dl=306&dle=0&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=61&resps=216&respe=327&scs=0&ues=0&uee=0 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Thu, 15 Sep 2022 13:52:27 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RrmUav6lZmfMyW0OH7qPEf_JgN0kkTKyLPWLzRdoaMIwy240TNxMHg==
Age: 81801

nexus.ensighten.com/citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F

54.230.111.14

200 OK

556 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1253)
Size
556 B (556 bytes)
Hash
c10e91f460b2de9b475035d54bb0f088
a7a1933b45b44ba4adc6381673c706894639e0ae
65711d23bb13d8ffbc069dc8e8051d0027d91e15b567b46c563981711c3142d0

HTTP Headers

GET /citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 16 Sep 2022 12:35:48 GMT
Expires: Fri, 16 Sep 2022 12:35:47 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vk_uyYYrKJgXfuaSr-cYDUNgQawH8mcvzlguI35b8Gbp1FOl7efP6g==

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12425 bytes)
Hash
da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1Y5uBMPJvxTDKGnc5Q0lzKZXDv4lwTByGDO8eRIwgauut0yfJz-8Lg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
age: 53113
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757

54.230.111.14

200 OK

41 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (586)
Size
41 kB (40697 bytes)
Hash
f3425381a8f9ef05a3225c94a7926ddc
1352fc08d259ae7e45ff71f1cd4042df1c02da9c
f164290a18c4d4685c0d3022ad294436492fc01e34bcf9fa5f14cab474cda99c

HTTP Headers

GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vT2d5OJpBD40jn82noi6XISiHM2a8jN84Abie4VT2mHCadjMrFYK9A==
Age: 2645504

nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099

54.230.111.14

200 OK

2.2 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (542)
Size
2.2 kB (2184 bytes)
Hash
9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec

HTTP Headers

GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: a4o3x1dOvQ-Li2IMp-xzVUn40gjI__1K6270glqCvlPEsu3jcb0hRw==
Age: 2645504

nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963

54.230.111.14

200 OK

989 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
989 B (989 bytes)
Hash
a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

HTTP Headers

GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 989
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:14 GMT
ETag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LcIUkw5B8e-wbZvtsNUTQyJRB8OATeQ-z7gggp0fC2BsOM-ANOP0Cw==
Age: 4865143

nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456

54.230.111.14

200 OK

769 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1964)
Size
769 B (769 bytes)
Hash
17249d0565554fe08b1871324afc421e
3f04b7021d5204a639ea4992d06ce9e028ecfd4a
2c6ac82a36a6c93b63ad4796e81574660a24d9457dba3b883f16a32f99a81de9

HTTP Headers

GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:05:43 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:09 GMT
ETag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GvvBmI5Tfz_JS5mEUtyTob8LbbZrbs52L8wn_Wq9Xy7Soir4d40WzQ==
Age: 4865406

nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908

54.230.111.14

200 OK

36 kB

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (573)
Size
36 kB (35724 bytes)
Hash
0f125ff7e313ccd1741b15ad98235592
8fae24fd77c714aaa885346acdd90b7f1d6c80e7
9cfc68021626e24f09e4185187ce006f1badfa6d663ca2eaa97cfdea32d6746c

HTTP Headers

GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Sep 2022 17:24:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 13 Sep 2022 17:23:26 GMT
ETag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -05FuLQNcRKs-2q1XpbpRsgezdRva3bh1P4TGiv57PJcdPfTPt4E_g==
Age: 241850

nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

54.230.111.14

200 OK

655 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (524)
Size
655 B (655 bytes)
Hash
b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034

HTTP Headers

GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 14 Aug 2022 04:54:07 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2KjpK-NRkIF2phLbOPAnnVZAj86irEq0PS75X4EfQVE5lwpNfo5T8Q==
Age: 2878902

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9904 bytes)
Hash
e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RbKcO0CPRsex8VWdIVqctamGyJ7D1PHD04ry2wbrcDPDYL0Yy5vPPQ==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
age: 53113
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13536 bytes)
Hash
512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JAzbRqinDuqQuQoESEsL26c1Y1UTQ5tO1thL3ugE6LPQtNTWGaGTLg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 53236
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8435 bytes)
Hash
b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rgjwYJ-ZzVF3bv7pl1l8TN8EAoENIcaSAXJU_YhFOSNRCzrCuPuKbQ==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:44:10 GMT
age: 53498
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

c1.rfihub.net/js/tc.min.js

54.230.111.57

200 OK

6.2 kB

URL HTTP/1.1
c1.rfihub.net/js/tc.min.js
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (19497)
Size
6.2 kB (6162 bytes)
Hash
ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f

HTTP Headers

GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Fri, 16 Sep 2022 12:04:26 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 16 Sep 2022 13:04:26 GMT
Last-Modified: Fri, 16 Sep 2022 12:04:16 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Kl8Z8OdcQGHgVnckvdVhLe1shap-tXMaq_2_HQ8iMXC1RcHyR-jZpA==
Age: 1882

20766699p.rfihub.com/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438

193.0.160.129

302 Found

0 B

URL HTTP/1.1
20766699p.rfihub.com/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
IP
193.0.160.129:0
ASN
#54312 ROCKETFUEL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Fri, 16 Sep 2022 12:35:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
Content-Length: 0

20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438

193.0.160.129

200 OK

118 B

URL HTTP/1.1
20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
IP
193.0.160.129:0
ASN
#54312 ROCKETFUEL

File type
HTML document text\012- HTML document, ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

HTTP Headers

GET /sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citionline-aouth86c0.query357.workers.dev/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:50 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0NDM0sDAwMBPiM9QtDfL2DzQKyC5KdgsEAK1vAIQlAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 11 Oct 2023 12:35:50 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0NDM0sDAwMBPiM9QtDfL2DzQKyC5KdgsEAK1vAIQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.72

302 Found

253 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
253 B (253 bytes)
Hash
e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js

151.101.85.230

200 OK

531 B

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (592)
Size
531 B (531 bytes)
Hash
163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a

HTTP Headers

GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Vo5x77/FcGHnkLbfUTXVLDmJHHdrlz4aMWcNwMvtCbxicDSk8U9B1rL9IzlXQT4slGKV1Pr55/g=
x-amz-request-id: 4Y0T4GP9K3GT4QZ5
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Fri, 16 Sep 2022 12:35:50 GMT
via: 1.1 varnish
age: 1060307
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1663331750.182409,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js

151.101.85.230

301 Moved Permanently

0 B

URL HTTP/1.1
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 301 Moved Permanently
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
Content-Length: 0
Accept-Ranges: bytes
Date: Fri, 16 Sep 2022 12:35:50 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-bma1635-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1663331750.206378,VS0,VE1
Strict-Transport-Security: max-age=31557600

www.googletagmanager.com/gtag/js?id=AW-916451471

142.250.74.72

200 OK

59 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-916451471
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1825)
Size
59 kB (59205 bytes)
Hash
02b61a198ed14a300a1a7cc49e96a239
63c2a019c23f637564292cff2d44b00b1397f053
e03df9f780b212e2f2a07509d020654c35172d619ae1874c7fe7b6292e053b3a

HTTP Headers

GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citionline-aouth86c0.query357.workers.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 12:35:50 GMT
expires: Fri, 16 Sep 2022 12:35:50 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59205
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js

151.101.85.230

200 OK

986 B

URL HTTP/2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP
151.101.85.230:0
ASN
#54113 FASTLY

File type
data
Size
986 B (986 bytes)
Hash
7a76162950d46db9f3a4c1f1b604b0b5
808e2131d5d6175efcf9c0a1483b7d1da7a9fd67
689db5f4162f7bf30c5a49d6e919765ee658e2c85db19e8c40e9c1570334f956

HTTP Headers

GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citionline-aouth86c0.query357.workers.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Fri, 16 Sep 2022 12:35:50 GMT
via: 1.1 varnish
age: 222835
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 10
x-timer: S1663331750.223426,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62

HTTP Headers

GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb

HTTP Headers

GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e

HTTP Headers

GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce

HTTP Headers

GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c

HTTP Headers

GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png

104.21.30.254

200 OK

22 kB

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
22 kB (21500 bytes)
Hash
ddf54b6d528bcc14bdbf833469c3fdf4
c5c6c54d1a1f398c5e490abbb60c7e00dd018267
cfef4cfef78c3780815d12c500a25c001224e45808f686abdb5f4d7ace7204db

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/1440_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJ2f99RzbOMoTiJymXnfkuwWsS6fgeZyck%2FwyDe46L6DuD3tI%2FVhSrd8gkM4M22rSzzeZMnh%2Fu96jbtVkIFLWxTap9PtUJt%2FbhKUQIS%2Bap5b%2FJkcz0bqYrTVxzo6d9uAUV6LaeTG0a2x4X2VdREzecPSI9VIeNqCA4bgrw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dbdd02b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

142.250.74.72

302 Found

278 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
278 B (278 bytes)
Hash
16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64

HTTP Headers

GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

142.250.74.72

302 Found

280 B

URL HTTP/1.1
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
280 B (280 bytes)
Hash
a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd

HTTP Headers

GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0

www.google.com/pagead/conversion_async.js

142.250.74.164

200 OK

16 kB

URL HTTP/2
www.google.com/pagead/conversion_async.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
16 kB (15693 bytes)
Hash
890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 16 Sep 2022 12:35:50 GMT
expires: Fri, 16 Sep 2022 12:35:50 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8ff1c0d8a380ce4a561609526d995bf5
135ecd7e71ea2823d39f8c1efcb2121618ed8167
f7228281af8d6de222aa47b3a78a627f85315244e65a8956fa2c0c7dff1bb7ad

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsps.ssl.com/

34.237.184.165

200 OK

1.9 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
34.237.184.165:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.9 kB (1883 bytes)
Hash
49b4d0a6a6a3918277ab383ec1995664
ccedc13a057838adfaf8157294f8cd499841881c
cf46b71730936996b0baaa74328caa731aecb01f06452e27c46bac14e977b92d

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Thu, 22 Sep 2022 15:24:01 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "ccedc13a057838adfaf8157294f8cd499841881c"
Last-Modified: Thu, 15 Sep 2022 15:24:02 GMT
X-Proxy-Cache: HIT

udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMzMxNzM0MTk2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM0NjRjMTJhMDc3Zi0wY2M2OTYxZWI3MWNkNi0zMDZkNDY0YS0xNDAwMDAtMTgzNDY0YzEyYTIzOGQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MmQ2LWE1MzMtNzdmYy1hZDc2LWEwZDAtOGQwMy00NzVhLWMxMzMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzMzMTczNDE5MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMzMzE3MzQxOTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=

35.241.45.82

200 OK

0 B

URL HTTP/2
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMzMxNzM0MTk2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM0NjRjMTJhMDc3Zi0wY2M2OTYxZWI3MWNkNi0zMDZkNDY0YS0xNDAwMDAtMTgzNDY0YzEyYTIzOGQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MmQ2LWE1MzMtNzdmYy1hZDc2LWEwZDAtOGQwMy00NzVhLWMxMzMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzMzMTczNDE5MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMzMzE3MzQxOTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
IP
35.241.45.82:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMzMxNzM0MTk2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM0NjRjMTJhMDc3Zi0wY2M2OTYxZWI3MWNkNi0zMDZkNDY0YS0xNDAwMDAtMTgzNDY0YzEyYTIzOGQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MmQ2LWE1MzMtNzdmYy1hZDc2LWEwZDAtOGQwMy00NzVhLWMxMzMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzMzMTczNDE5MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMzMzE3MzQxOTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 16 Sep 2022 12:35:50 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-csxq
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.1 kB (1051 bytes)
Hash
f7ce5bf30eef0a388db0431b905b8112
22aba5fcb412647684ac5a8a1eae0d6e6fa199a9
1520b6436ea8248bee583e3adf4665279c10e69091accb81026623128d9f6aa4

HTTP Headers

GET /pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1051
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
54986a9e0190641ff1601f0401083fdd
493df694c865c91c1bd4b148c7b971f8e1751fac
beffc9bf25700203f82e5b71817026d7ba4a70db6f9e4990ab8159c0ba0cb05d

HTTP Headers

GET /pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1050
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
1479343378f52e2a20a6a5ead0b329f4
ded18408d887bcca647871dbbde456a1d5a6367c
4b188116bcb211f7d5e8433e779d56bf77c477f86405eec7d1f18ee988e755dd

HTTP Headers

GET /pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1050
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.0 kB (1047 bytes)
Hash
40ace23d6e3d90ccb17809ba617cffc0
7e44e3c269b67f00a6e0ead37bb0cf84d2f0cd56
61f18cfb31f3796b99e514761aa9bdc8e999d0294af540dd258803a7edc61197

HTTP Headers

GET /pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1047
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2284), with no line terminators
Size
1.1 kB (1052 bytes)
Hash
9ae485cd31a4caebbacf2241ca9e3251
2b6573835cc3fd4a4524f29a7f2a8a939c6cd58f
eef17b44951425c96f3d57e06ce9b428985c93259b8d152cc8a31b5fbee57c0d

HTTP Headers

GET /pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1052
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.0 kB (1049 bytes)
Hash
19f7e72efa76ed1b8bfffa8f1d734a5a
00b20fe11a68897f57a871cb60a0cfeee0f90663
a22a4d551ab3b70305b8ebd04496a4abf5bb887281d8a5a683ec35b2d9c50620

HTTP Headers

GET /pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1049
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.0 kB (1049 bytes)
Hash
06a6c7e7fd8811309fc5ae1ec078b8cd
7326a1839400202be9367b00bc85c85b024b73e1
9c6bd3cf6107b0beedf4ff610a00e12ff5ffe8754f74cb6028e33e37e0998a8f

HTTP Headers

GET /pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1049
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.1 kB (1051 bytes)
Hash
7252fb52b9bdc1506510861b4bebd468
6f1ad9821605ee63891f99ecbeb89699950dfd6e
fbbbfdb25ae9c918037ceb862ff9be934e8a9a70ea073ec998205c48c70c7b25

HTTP Headers

GET /pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1051
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4

216.58.207.194

200 OK

1.0 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2280), with no line terminators
Size
1.0 kB (1048 bytes)
Hash
24cd1b34805e6e73f1c270c955c7d43c
f256a69bbb41178767d7a31c6618e734f95473aa
017f2e43c38b038c11ea9cd65cb05053fb3f0976960b7fde1a23163b1a786ab0

HTTP Headers

GET /pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1048
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nexus.ensighten.com/citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|1;494437|3724319|1;565689|3580754|1;652314|3352749|1;662152|3754713|1;606935|2975859|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3716549|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;706463|3705954|1;-1|-1|1;-1|-1|1;704091|3709544|1;-1|-1|1;-1|-1|1;599415|3672881|1;629918|3729072|1;600937|2897286|1;607856|3729067|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632249|3648773|1;593700|2834829|1;-1|-1|1;510670|2923227|0;707461|3709547|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;725679|3770216|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|1;-1|-1|1;-1|-1|1;578262|3628390|0;718497|3754719|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3728776|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;695962|3608094|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692686|3758674|1;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718270|3758481|1;-1|-1|1;-1|-1|1;495375|2108796|1;692917|3758635|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;692801|3758675|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718496|3743101|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|1;692919|3758634|1;719654|3754724|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;696250|3709548|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;719651|3754723|1]&idx=0&r=975665091.1433402

54.230.111.14

204 No Content

0 B

URL HTTP/1.1
nexus.ensighten.com/citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|1;494437|3724319|1;565689|3580754|1;652314|3352749|1;662152|3754713|1;606935|2975859|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3716549|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;706463|3705954|1;-1|-1|1;-1|-1|1;704091|3709544|1;-1|-1|1;-1|-1|1;599415|3672881|1;629918|3729072|1;600937|2897286|1;607856|3729067|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632249|3648773|1;593700|2834829|1;-1|-1|1;510670|2923227|0;707461|3709547|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;725679|3770216|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|1;-1|-1|1;-1|-1|1;578262|3628390|0;718497|3754719|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3728776|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;695962|3608094|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692686|3758674|1;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718270|3758481|1;-1|-1|1;-1|-1|1;495375|2108796|1;692917|3758635|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;692801|3758675|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718496|3743101|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|1;692919|3758634|1;719654|3754724|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;696250|3709548|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;719651|3754723|1]&idx=0&r=975665091.1433402
IP
54.230.111.14:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|1;494437|3724319|1;565689|3580754|1;652314|3352749|1;662152|3754713|1;606935|2975859|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3716549|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;706463|3705954|1;-1|-1|1;-1|-1|1;704091|3709544|1;-1|-1|1;-1|-1|1;599415|3672881|1;629918|3729072|1;600937|2897286|1;607856|3729067|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632249|3648773|1;593700|2834829|1;-1|-1|1;510670|2923227|0;707461|3709547|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;725679|3770216|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|1;-1|-1|1;-1|-1|1;578262|3628390|0;718497|3754719|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3728776|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;695962|3608094|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692686|3758674|1;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718270|3758481|1;-1|-1|1;-1|-1|1;495375|2108796|1;692917|3758635|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;692801|3758675|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718496|3743101|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|1;692919|3758634|1;719654|3754724|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;696250|3709548|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;719651|3754723|1]&idx=0&r=975665091.1433402 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 16 Sep 2022 08:13:25 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sFXovnOJh5KYksXv_2TiFhadZTiQUHxoV5A-y0rTZZ6lwcn1-3N7Gw==
Age: 15745

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/960621875/?random=1663331734580&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1495980683&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/960621875/?random=1663331734580&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1495980683&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/960621875/?random=1663331734580&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1495980683&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/695231162/?random=1663331734596&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3798162300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/695231162/?random=1663331734596&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3798162300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/695231162/?random=1663331734596&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3798162300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/10955006959/?random=1663331734603&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2163288722&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10955006959/?random=1663331734603&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2163288722&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10955006959/?random=1663331734603&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2163288722&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/975701947/?random=1663331734598&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2525532527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/975701947/?random=1663331734598&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2525532527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/975701947/?random=1663331734598&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2525532527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/959299794/?random=1663331734585&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1466817845&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/959299794/?random=1663331734585&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1466817845&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/959299794/?random=1663331734585&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1466817845&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/644574043/?random=1663331734606&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2981327969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/644574043/?random=1663331734606&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2981327969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/644574043/?random=1663331734606&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2981327969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/916451471/?random=1663331734262&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2524969599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/916451471/?random=1663331734262&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2524969599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/916451471/?random=1663331734262&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2524969599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/830907969/?random=1663331734592&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2996495405&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/830907969/?random=1663331734592&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2996495405&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/830907969/?random=1663331734592&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2996495405&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/819500023/?random=1663331734600&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1442345661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/819500023/?random=1663331734600&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1442345661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/819500023/?random=1663331734600&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1442345661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/ttemfbjw200ljgk/050-location%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=050-location%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=ygEvPBs5O4rhxvBZK8UKtIJFJNQT6BzWCmrjQCl6QkSMlGRO94iZouUHzrn0T30c; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 182
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 3cc9ac1c960a432dab1e728226bbb3a9
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/esn6641krlordqt/styles.css?dl=0 HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 411
content-type: text/css; charset=utf-8
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: f95a668d882047bcacea2519e9ada075
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg

162.125.71.15

200 OK

0 B

URL HTTP/2
dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=icon_globe_med-grey%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=6VGfQOWcjT38p2FUp2qqkFYlBf1NdXcmnvsgYkmloxCHX74tXqT1gobOQqH1KBST; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 178
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Fri, 16 Sep 2022 12:35:46 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 0131fe9137d0490d96e0d1fcdcaedf79
X-Firefox-Spdy: h2

citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png

104.21.30.254

200 OK

0 B

URL HTTP/1.1
citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png
IP
104.21.30.254:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Citigroup Inc.

HTTP Headers

GET /css/320_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/

HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVIaWME3tAWYDVNkWyIfqs8dGt6arPDfJNwOW6SKMFiP8nt2n1GWDdYv0qbkpPTj%2BnJEGvP50eeMKJ2c9IlYPpTmP9cPAfuCxuUaSDqZR89np4HFMnij%2BisfocRxJbQD6RPK9%2Fo%2FhiFjIBjfUQYzuvagbpMbEfOjOehU2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dbdcb7b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations