firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 12:10:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 04ynnuUKWJjBhiR3CF7hrjzMGoqm4ln9Ppu9fbRJfgIm6zjsm2B9JA==
Age: 1498
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3141
Expires: Fri, 16 Sep 2022 13:28:07 GMT
Date: Fri, 16 Sep 2022 12:35:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XKtQ7cRf93sXMxI0FpHPKJW7Pi_VNM0EYopN7gGZiHcYuU8Hyrjn0g==
age: 28831
X-Firefox-Spdy: h2
citionline-aouth86c0.query357.workers.dev/
104.21.30.254200 OK 102 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/
IP 104.21.30.254:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size 102 kB (102041 bytes)
Hash 73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac
Analyzer Verdict Alert openphish Citigroup Inc.
fortinet Phishing
GET / HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:46 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj9JvKUKYcPCYsJswEq7Dz06lXCAXo8NMd1TcVhqf21J1BWsC4xB8R%2FPdOFlJkWXUgaoi1eUsxuAbc4%2BF%2FlpZoECBeMvJlAhT07OKy20oehijQAzOBvH6XqGV7p3wFcqNQHbb50zmx%2BtBRE7pF%2FY4F5CZG%2F28iFbA5oNGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4d5fd3ab4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d1e220b0246043ac08d7b2d85be2850f
2e9c4183d08907e7bc306b1e57ccb5e12171b2ca
2dee1a76d84b053ce15f6d9906d3a45f3affca90250929c31bdf2d1cfba75516
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6518
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 10:47:08 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2e8e3b8dcfc70035468cee19fa0ce164
8abd549de54a56c4d8866642803817e1d411ad88
9f8702221570464be855f0cf42d77a90b745fbf6c60d5d437218d45f9603fd19
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d1e220b0246043ac08d7b2d85be2850f
2e9c4183d08907e7bc306b1e57ccb5e12171b2ca
2dee1a76d84b053ce15f6d9906d3a45f3affca90250929c31bdf2d1cfba75516
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5721
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 11:00:26 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 337a10694ea0596e698c8d077987b2ba
beeab26c0fedd9cb9b0fe47a48fa34598fb30187
5de7cab92adaffc46e6239b83ef789031674dd2075242f0e06cc4838929db7de
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 11:28:28 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d1e220b0246043ac08d7b2d85be2850f
2e9c4183d08907e7bc306b1e57ccb5e12171b2ca
2dee1a76d84b053ce15f6d9906d3a45f3affca90250929c31bdf2d1cfba75516
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6518
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Last-Modified: Fri, 16 Sep 2022 10:47:08 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
216.58.207.234200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (65447)
Hash 7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 08:21:10 GMT
expires: Thu, 14 Sep 2023 08:21:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 188076
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
citionline-aouth86c0.query357.workers.dev/css/all.min.css
104.21.30.254200 OK 102 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/all.min.css
IP 104.21.30.254:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size 102 kB (102041 bytes)
Hash 73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/all.min.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:46 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6GUWQpsc8x1zBeQFYFWMtVUu8B8C2RWvnskWpYCYpVu%2FrjDZXrhXsbmKrd6L38SSiuM5l7jTaGc6XKZzq2J2R65QutgzJrq%2BbmjW1dip4919E5HJHFcJhJuClnBZTgT8OL4ARpny9XSCrBgYV3dXv9CtmrRZvdNqRrqfmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4d9aa2fb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2e8e3b8dcfc70035468cee19fa0ce164
8abd549de54a56c4d8866642803817e1d411ad88
9f8702221570464be855f0cf42d77a90b745fbf6c60d5d437218d45f9603fd19
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 16 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 12:48:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: st_NGOlgwF-jSh9ifzPLJWaaHcaPlfKPS9ry41uvSUsUKQc-Vy6JcA==
Age: 1945
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5535
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:47 GMT
Last-Modified: Fri, 16 Sep 2022 11:03:32 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
citionline-aouth86c0.query357.workers.dev/css/style.css
104.21.30.254200 OK 102 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/style.css
IP 104.21.30.254:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size 102 kB (102041 bytes)
Hash 73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/style.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wO%2Br6LTedph9w7sEeb653q913%2FkRlhUeyQSxweKqqon4BV5iHF737GCWe92nmU5Unw8D4Rb%2B4sug%2BKc9XaPb19%2FfWlfsMleJf2fZjSGmfqX5k98mn%2BKxwp0vdYmnIv8ehbRM1h50C8Z8jlipQaU5vyX9mdHB3PVJEUWaMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4d9badab52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png
104.110.29.32200 OK 1.8 kB URL HTTP/1.1 www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png
IP 104.110.29.32:0
File type PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash b8c9db53b866a0120618cd396e1513f1
5cfe9732c78e4eb7365681834cdd682b977a0232
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
GET /CBOL/IA/Angular/assets/citilogoredesign.png HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 30 Nov 2021 10:40:38 GMT
Accept-Ranges: bytes
Content-Length: 1799
X-Akamai-CITISITE: SWDC
Strict-Transport-Security: max-age=300
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
Content-Type: image/png
X-WebKit-CSP: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
X-Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Content-Security-Policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
Date: Fri, 16 Sep 2022 12:35:47 GMT
Connection: keep-alive
Set-Cookie: AKMTLTSID=1882CF67B6C93D0EFCCC2534569A6598; path=/; domain=citi.com; secure
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 817ae2f84d770515905ee2e9857639f6
067cb1dc3cbded220443d51bd30bfb92bbd35ecd
7bb9ed5d0a8878fd885c47e5e914331e65d92d29323d352dde418a2da82ad08d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 21:46:09 GMT
Expires: Wed, 21 Sep 2022 21:46:08 GMT
Etag: "067cb1dc3cbded220443d51bd30bfb92bbd35ecd"
Cache-Control: max-age=464420,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b9a4db7870b505-OSL
api.ipify.org/?format=jsonp&callback=getIP
3.232.242.170200 OK 29 B URL HTTP/1.1 api.ipify.org/?format=jsonp&callback=getIP
IP 3.232.242.170:0
File type ASCII text, with no line terminators
Hash 90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69
GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Content-Type: application/javascript
Vary: Origin
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Length: 29
Via: 1.1 vegur
push.services.mozilla.com/
35.162.203.49101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.203.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: F0kTEZXw4hFt6Upn+LOmHw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VBeJCm7bXw0BD6jmJUo498MbnrA=
citionline-aouth86c0.query357.workers.dev/css/all.min.css
104.21.30.254200 OK 102 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/all.min.css
IP 104.21.30.254:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size 102 kB (102041 bytes)
Hash 73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/all.min.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkNymOtRt2vbRP4lQdAkWHXo6BTUL6Vc%2FdSGrB5S21RVSzQsIcTxvo9xu3Z9C3D7mRJGanDlv47onukylMxI%2FnQNeXShP9Fd0z%2FkL0sPmzCrr0CZttJL%2FSNRT75%2BWG8JXL2kBX4RkXBeQPRdt0y7%2BlJSNm1Z%2F%2B%2Ft2Cel%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dfcb4c1c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png
162.125.71.15200 OK 1.0 kB URL HTTP/2 dl.dropboxusercontent.com/s/gd8h4cwovjh6a2u/progress-indicator-bg.png
IP 162.125.71.15:0
File type PNG image data, 5 x 1, 8-bit/color RGB, non-interlaced\012- data
Hash a673c51b56b022c5a190b93060e3368b
15ff8d5fa005554f2a5cf9d4c2440da5ebe8c8c0
8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc
GET /s/gd8h4cwovjh6a2u/progress-indicator-bg.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
Cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="progress-indicator-bg.png"; filename*=UTF-8''progress-indicator-bg.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968878381358n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 165
content-type: image/png
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1001
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 9a6eca5df11a4c628ff254e951584c08
X-Firefox-Spdy: h2
citionline-aouth86c0.query357.workers.dev/css/style.css
104.21.30.254200 OK 102 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/style.css
IP 104.21.30.254:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size 102 kB (102041 bytes)
Hash 73072b0fce1689459d9f85dad84032d1
959abe44ee4694b41841b1067dfa6bbb6f6adeca
f4b863692be31914b7d0b5f33e4e0f335295fdec4f3ccfec652d770b5e098aac
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/style.css HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZ8R94%2Fw4OTYgnZSQDcDQ7PR9knNHpX31GbX6I12fp26YSuY%2BPCcShBr2xUBohteAMtU5D8JPtMRfVcd02JQhgrZq8mwfkooRDLLNgkElTL%2Br75clV29kDQc9coJsS5bGaOa1DNw5Oz3vB6xoxCWAnGV818840iNLvlztg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dfce1efac4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff
162.125.71.15200 OK 76 kB URL HTTP/2 dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff
IP 162.125.71.15:0
File type Web Open Font Format, TrueType, length 75538, version 1.197\012- data
Hash 3d1d3153b04b6ce8a33a20f60df9d723
60e91c7766bdc415134c1111a283ffed3749dbae
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
GET /s/5pecxff6thpa7bk/Interstate-Light.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citionline-aouth86c0.query357.workers.dev
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Light.woff"; filename*=UTF-8''Interstate-Light.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968851764500n
pragma: public
set-cookie: uc_session=NhEbtqUEA8aStKP4EwpxluvdblxRxRAnERpCnfHixz2DmKoX2GisxvzKEOzlFIE8; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 276
content-type: application/octet-stream
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 75538
x-dropbox-response-origin: far_remote
x-dropbox-request-id: cef40f84a12c467c98dd3bb7fc05b3be
X-Firefox-Spdy: h2
citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png
104.21.30.254200 OK 51 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png
IP 104.21.30.254:0
Hash a2c11ad4e246be8de2f7493c094d6a92
1708bd406bb5f8c9e26cb20887e0a68ec13e960e
8aedc844bbbea0392cc21f68206cfbcad928faa0f773acdad6119a3b822bb567
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/1440_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYS%2B0vMZUkhw9feuHTF3w1TZiG0%2BB%2BcxjKXeGbwa3sa%2FA1iCS3KrVn%2B5kUZ3jU08Xb1ZNi470WGl2aIlFVUcmAmP5BBn86J3I4FFGHwWgCrXpWqBo1Hx3vQG4Q%2BUaDeSNzCXHY%2F6pPTTzI14yX7VIlItqJe%2F%2Fx6dS%2BDHww%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4e22f84fac4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png
162.125.71.15200 OK 1.2 kB URL HTTP/2 dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png
IP 162.125.71.15:0
File type PNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3541c5442b1b90b4efe20ab4b2802323
ad778d35efc7b9950d2158d800b61966204b75d8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
GET /s/d7sibblybve5blb/social-media_youtube%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_youtube@3x.png"; filename*=UTF-8''social-media_youtube%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968897745048n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 170
content-type: image/png
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1175
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 7fc84a3f50b54899b755ee20fe0d3ef2
X-Firefox-Spdy: h2
dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png
162.125.71.15200 OK 445 B URL HTTP/2 dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png
IP 162.125.71.15:0
File type PNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f627e41e84a3b87f57c9de2e3a722d0
a7d350d9d267149f60b46a454f021920f89df877
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
GET /s/tx4dbqw0bze09il/social-media_facebook%403x.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="social-media_facebook@3x.png"; filename*=UTF-8''social-media_facebook%403x.png
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968884486105n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 176
content-type: image/png
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 445
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 32c3fd9a8e41491abd76c6fcc259dbe9
X-Firefox-Spdy: h2
citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png
104.21.30.254200 OK 8.8 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png
IP 104.21.30.254:0
Hash 95c56b28bd6c1ff936913e46e4012680
e03c34394aa792614e652cdd93cb884c28d6acdb
01f1af6b9f920e0c12ea23cd927610371dfafce41c6d256f20e1e9bce8d70db5
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/320_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:48 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBNaybF8hQyZ0%2FY07I4U9FFk82YoBnMMUW34WzezRob%2FkcVlClX8gxAqyRy%2F6mFZ9AZAIzUEEi9oXkhjh9VYwUntIIjGyKjyuhoLrvXV1Rqxga204ZYrtJOYLzzFnYy31PVLDIzv7G3OX%2BeOjENDI6Gyl%2Bk59jTwaCXPbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4e22e301c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
162.125.71.15200 OK 105 kB URL HTTP/2 dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
IP 162.125.71.15:0
Size 105 kB (104595 bytes)
Hash 5c8c012f5cdff26d18d83e5f07c6d1e9
2d5951f5551621d839512f13d2a4aad61300927a
9270821fe53914d0873de55647900afdcefc50ef79a06058032d04fd79b14e65
GET /s/z095l2wk45dt9ci/Bootstrap.js HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="Bootstrap.js"; filename*=UTF-8''Bootstrap.js
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=aOS9ZMVmVRndyYzGKfEUT2qoLzmLjzh5Z80o5hVOrRk3I5OyiruJmfEMRsI6xnzT; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 377
content-type: application/javascript
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 31a720d506ad46f1b9239af1406c559c
X-Firefox-Spdy: h2
dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff
162.125.71.15200 OK 72 kB URL HTTP/2 dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff
IP 162.125.71.15:0
File type Web Open Font Format, TrueType, length 71874, version 1.197\012- data
Hash 9fd45584370dd1c58e1ed9050efb925f
7b41085678166c62e23e8cf3c8c9ab13e13c356d
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
GET /s/onrn6uufd9w6dw9/Interstate-Bold.woff HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://citionline-aouth86c0.query357.workers.dev
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
content-disposition: inline; filename="Interstate-Bold.woff"; filename*=UTF-8''Interstate-Bold.woff
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1661968844676205n
pragma: public
set-cookie: uc_session=YoKTeFBSBIzDYXV5zgvFB5wiiRIn0q9zDZDbvP5lX34JhTxXQwv9XMazhJngLXBY; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 726
content-type: application/octet-stream
date: Fri, 16 Sep 2022 12:35:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 71874
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4f0d0a8857b3441e853dd0794b828c0c
X-Firefox-Spdy: h2
nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
54.230.111.14204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
IP 54.230.111.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=_dl%20is%20not%20defined&lnn=401&fn=https%3A%2F%2Fdl.dropboxusercontent.com%2Fs%2Fz095l2wk45dt9ci%2FBootstrap.js&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 16 Sep 2022 01:05:17 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Dj2GDWz6xWbFMVIYAPEuZ7QY-dFi060J0UWmZM8ZPnLj1_j6Sxgh8A==
Age: 41431
nexus.ensighten.com/citi/na_prod/perf.rnc?cid=1129&ns=1663331730031&ce=0&cs=0&dc=0&dclee=0&dcles=2009&di=2009&dl=306&dle=0&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=61&resps=216&respe=327&scs=0&ues=0&uee=0
54.230.111.14204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/perf.rnc?cid=1129&ns=1663331730031&ce=0&cs=0&dc=0&dclee=0&dcles=2009&di=2009&dl=306&dle=0&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=61&resps=216&respe=327&scs=0&ues=0&uee=0
IP 54.230.111.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /citi/na_prod/perf.rnc?cid=1129&ns=1663331730031&ce=0&cs=0&dc=0&dclee=0&dcles=2009&di=2009&dl=306&dle=0&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=61&resps=216&respe=327&scs=0&ues=0&uee=0 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Thu, 15 Sep 2022 13:52:27 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RrmUav6lZmfMyW0OH7qPEf_JgN0kkTKyLPWLzRdoaMIwy240TNxMHg==
Age: 81801
nexus.ensighten.com/citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F
54.230.111.14200 OK 556 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F
IP 54.230.111.14:0
File type ASCII text, with very long lines (1253)
Hash c10e91f460b2de9b475035d54bb0f088
a7a1933b45b44ba4adc6381673c706894639e0ae
65711d23bb13d8ffbc069dc8e8051d0027d91e15b567b46c563981711c3142d0
GET /citi/na_prod/serverComponent.php?r=975665091.1433402&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Fri, 16 Sep 2022 12:35:48 GMT
Expires: Fri, 16 Sep 2022 12:35:47 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vk_uyYYrKJgXfuaSr-cYDUNgQawH8mcvzlguI35b8Gbp1FOl7efP6g==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8530
Expires: Fri, 16 Sep 2022 14:57:58 GMT
Date: Fri, 16 Sep 2022 12:35:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1Y5uBMPJvxTDKGnc5Q0lzKZXDv4lwTByGDO8eRIwgauut0yfJz-8Lg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
age: 53113
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
54.230.111.14200 OK 41 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757
IP 54.230.111.14:0
File type ASCII text, with very long lines (586)
Hash f3425381a8f9ef05a3225c94a7926ddc
1352fc08d259ae7e45ff71f1cd4042df1c02da9c
f164290a18c4d4685c0d3022ad294436492fc01e34bcf9fa5f14cab474cda99c
GET /citi/na_prod/code/8641057b9716149f761014486e77c4c0.js?conditionId0=486757 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"6c0ec1ecef630bef7b1fb87b13b4f2cb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: JA70f_WGNG7H1tnE4i_sKuxvYaFEwzMJ
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vT2d5OJpBD40jn82noi6XISiHM2a8jN84Abie4VT2mHCadjMrFYK9A==
Age: 2645504
nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
54.230.111.14200 OK 2.2 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
IP 54.230.111.14:0
File type ASCII text, with very long lines (542)
Hash 9d386182dee76bbeb1ac0e9a82925cf3
bfcc4073c4cf16fdda856cedce3cd2f426ef9111
f101e196596d8661d1818dc1ee55ec446a91fa7e76ad9bca2dd34a6caf33a4ec
GET /citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 16 Aug 2022 21:44:05 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 16 Aug 2022 21:43:05 GMT
ETag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: a4o3x1dOvQ-Li2IMp-xzVUn40gjI__1K6270glqCvlPEsu3jcb0hRw==
Age: 2645504
nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
54.230.111.14200 OK 989 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
IP 54.230.111.14:0
File type ASCII text, with very long lines (524)
Hash a88ee16d6636b998b8a6bb0eedf3a3bb
84b7338657d33ace2048bf6b6e3b8b3fa649548a
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
GET /citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 989
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:10:06 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:14 GMT
ETag: "a88ee16d6636b998b8a6bb0eedf3a3bb"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: .wEMJ82rme0Ajy8MXYWYMqCLOS4zdOlx
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LcIUkw5B8e-wbZvtsNUTQyJRB8OATeQ-z7gggp0fC2BsOM-ANOP0Cw==
Age: 4865143
nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
54.230.111.14200 OK 769 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
IP 54.230.111.14:0
File type ASCII text, with very long lines (1964)
Hash 17249d0565554fe08b1871324afc421e
3f04b7021d5204a639ea4992d06ce9e028ecfd4a
2c6ac82a36a6c93b63ad4796e81574660a24d9457dba3b883f16a32f99a81de9
GET /citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 22 Jul 2022 05:05:43 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 20 Jul 2021 20:01:09 GMT
ETag: W/"c12999fcad47ab9cba1967b8c736048d"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: nE2jchQRxt_gtDKDOvHRLQGyp_MKp2PL
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GvvBmI5Tfz_JS5mEUtyTob8LbbZrbs52L8wn_Wq9Xy7Soir4d40WzQ==
Age: 4865406
nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
54.230.111.14200 OK 36 kB URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908
IP 54.230.111.14:0
File type ASCII text, with very long lines (573)
Hash 0f125ff7e313ccd1741b15ad98235592
8fae24fd77c714aaa885346acdd90b7f1d6c80e7
9cfc68021626e24f09e4185187ce006f1badfa6d663ca2eaa97cfdea32d6746c
GET /citi/na_prod/code/5b5636c16f494d5fcc948f4554300f79.js?conditionId0=421908 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 13 Sep 2022 17:24:59 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 13 Sep 2022 17:23:26 GMT
ETag: W/"de2e8ecdb9334e6565ea8d4feb369116"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: CZbhUaMVGcELu7Tp.vnFWThm1Iz7u.mg
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -05FuLQNcRKs-2q1XpbpRsgezdRva3bh1P4TGiv57PJcdPfTPt4E_g==
Age: 241850
nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
54.230.111.14200 OK 655 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
IP 54.230.111.14:0
File type ASCII text, with very long lines (524)
Hash b7502c8f355586be76d0ab4936375bfe
e4014d3e5120ec3bb5be0f649652479d2d16129d
0824bcd7ee969ebbb74439cf598b21f89eebd4724b12ccbbe2d1f34f89227034
GET /citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 14 Aug 2022 04:54:07 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 31 Aug 2021 17:19:04 GMT
ETag: W/"4d37444c012a76a0557182615bf5cdd3"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2KjpK-NRkIF2phLbOPAnnVZAj86irEq0PS75X4EfQVE5lwpNfo5T8Q==
Age: 2878902
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RbKcO0CPRsex8VWdIVqctamGyJ7D1PHD04ry2wbrcDPDYL0Yy5vPPQ==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:35 GMT
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
age: 53113
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JAzbRqinDuqQuQoESEsL26c1Y1UTQ5tO1thL3ugE6LPQtNTWGaGTLg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:48:32 GMT
age: 53236
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rgjwYJ-ZzVF3bv7pl1l8TN8EAoENIcaSAXJU_YhFOSNRCzrCuPuKbQ==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:44:10 GMT
age: 53498
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c1.rfihub.net/js/tc.min.js
54.230.111.57200 OK 6.2 kB URL HTTP/1.1 c1.rfihub.net/js/tc.min.js
IP 54.230.111.57:0
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 6162
Connection: keep-alive
Date: Fri, 16 Sep 2022 12:04:26 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Expires: Fri, 16 Sep 2022 13:04:26 GMT
Last-Modified: Fri, 16 Sep 2022 12:04:16 GMT
Content-Encoding: gzip
Server: Jetty(9.3.29.v20201019)
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Kl8Z8OdcQGHgVnckvdVhLe1shap-tXMaq_2_HQ8iMXC1RcHyR-jZpA==
Age: 1882
20766699p.rfihub.com/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
193.0.160.129302 Found 0 B URL HTTP/1.1 20766699p.rfihub.com/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
IP 193.0.160.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 16 Sep 2022 12:35:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
Content-Length: 0
20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
193.0.160.129200 OK 118 B URL HTTP/1.1 20766699p.rfihub.com/sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438
IP 193.0.160.129:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 372d494a4cb82acdc6b44d6941392ec4
3c777c56cb89b34f2e15159282dca81dcdfe33d7
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
GET /sr/ca.html?ver=9&ra=1846&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&pf=&ra=9010493901046438 HTTP/1.1
Host: 20766699p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citionline-aouth86c0.query357.workers.dev/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:50 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0NDM0sDAwMBPiM9QtDfL2DzQKyC5KdgsEAK1vAIQlAAAA; Path=/; Domain=.rfihub.com; Expires=Wed, 11 Oct 2023 12:35:50 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0NDM0sDAwMBPiM9QtDfL2DzQKyC5KdgsEAK1vAIQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.72302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e789be587e31a97443893e23f9ba9666
4ed47d40af4fa861cb2bbcf556aa608d5a8f2a85
541f9cb1e731f1d53dd0232ad1574a3ee000a83f52cea3c134edb2a9ae5a9fe7
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
151.101.85.230200 OK 531 B URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
IP 151.101.85.230:0
File type ASCII text, with very long lines (592)
Hash 163d0bd34ff8cd5d5d8c376ff4fa5448
49290a53b47fe11dd527ed41db0876da97afc365
6b05ff7c0159529870ef88073983b50eee80d938ffbd55d5c9aebb0dab4d772a
GET /wdcusciti/50/onsite/embed.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Vo5x77/FcGHnkLbfUTXVLDmJHHdrlz4aMWcNwMvtCbxicDSk8U9B1rL9IzlXQT4slGKV1Pr55/g=
x-amz-request-id: 4Y0T4GP9K3GT4QZ5
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "c1db4c234cf539e2bfab42c09c1ca05d"
x-amz-version-id: eKMfkf17jnOEK1NZY3.0vSO_D.gj7xc9
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Fri, 16 Sep 2022 12:35:50 GMT
via: 1.1 varnish
age: 1060307
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1663331750.182409,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 531
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
151.101.85.230301 Moved Permanently 0 B URL HTTP/1.1 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP 151.101.85.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 301 Moved Permanently
Server: Varnish
Retry-After: 0
Location: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
Content-Length: 0
Accept-Ranges: bytes
Date: Fri, 16 Sep 2022 12:35:50 GMT
Via: 1.1 varnish
Connection: close
X-Served-By: cache-bma1635-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1663331750.206378,VS0,VE1
Strict-Transport-Security: max-age=31557600
www.googletagmanager.com/gtag/js?id=AW-916451471
142.250.74.72200 OK 59 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-916451471
IP 142.250.74.72:0
File type ASCII text, with very long lines (1825)
Hash 02b61a198ed14a300a1a7cc49e96a239
63c2a019c23f637564292cff2d44b00b1397f053
e03df9f780b212e2f2a07509d020654c35172d619ae1874c7fe7b6292e053b3a
GET /gtag/js?id=AW-916451471 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citionline-aouth86c0.query357.workers.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 12:35:50 GMT
expires: Fri, 16 Sep 2022 12:35:50 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59205
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
151.101.85.230200 OK 986 B URL HTTP/2 resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1661759384239.js
IP 151.101.85.230:0
Hash 7a76162950d46db9f3a4c1f1b604b0b5
808e2131d5d6175efcf9c0a1483b7d1da7a9fd67
689db5f4162f7bf30c5a49d6e919765ee658e2c85db19e8c40e9c1570334f956
GET /wdcusciti/50/onsite/generic1661759384239.js HTTP/1.1
Host: resources.digital-cloud-citi.medallia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://citionline-aouth86c0.query357.workers.dev/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 3Af09pvrnUu3BfieRI6BJawVHGR7/WZJagF97DjZX+T9QgtJZ6ly1iXtPnN1BENOpf4nehKIEnI=
x-amz-request-id: NVJCAPRZB8SGRPE0
last-modified: Mon, 29 Aug 2022 07:49:45 GMT
etag: "31ab1facffb3500494bf6aca3d7e439d"
x-amz-version-id: cbf3VAh2wvqiC_RNSd9Tltn6dOvsrine
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
content-encoding: gzip
accept-ranges: bytes
date: Fri, 16 Sep 2022 12:35:50 GMT
via: 1.1 varnish
age: 222835
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 10
x-timer: S1663331750.223426,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 85764
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba8206089b7af80ec9bb4fe0c07977b4
4b0c036a5124f06026772a92168d3799e37c8ed3
64a3447f03ef43acc94b9bb1cdc44bffee396a1b3ab6c839a6bcc4d498f86f62
GET /gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash da059e66474ac8e0fcb7e70b7ed4be44
7ef754dde242d41e1ceae88f3cf3ef36fc94fd6b
904c2ee1c18ede7911199f83d02b25ef37c9974e3872662abc7c50e666f1c9eb
GET /gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6d8c6cf61840045919f4789eac2d3d9c
ef5e66f528ab1701f99e467593020d263d6220f0
ac4fc3a6c6038531534ab22894bcc3a43eaea3a8f0f4fa2de9e6dafadd16eb6e
GET /gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d7c2cd80c8899405c8ead9dcd82aa484
8d0248ffaaf1594d89e077cb3904f0ad42ec474e
2713f4450768c9e167bb579902498016cfcedef0583300aff6754a4c50863fce
GET /gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f20987509aaa3b3f9e52f7581afd6a4d
7147419bbeb1605a89733067d195356fc73c3cd3
5f515e275abf4e06842ad3774fbb0a07bc2d8f40a4d8ac91a4d606395a39254c
GET /gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png
104.21.30.254200 OK 22 kB URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/1440_Citi-PLT@3x.png
IP 104.21.30.254:0
Hash ddf54b6d528bcc14bdbf833469c3fdf4
c5c6c54d1a1f398c5e490abbb60c7e00dd018267
cfef4cfef78c3780815d12c500a25c001224e45808f686abdb5f4d7ace7204db
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/1440_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJ2f99RzbOMoTiJymXnfkuwWsS6fgeZyck%2FwyDe46L6DuD3tI%2FVhSrd8gkM4M22rSzzeZMnh%2Fu96jbtVkIFLWxTap9PtUJt%2FbhKUQIS%2Bap5b%2FJkcz0bqYrTVxzo6d9uAUV6LaeTG0a2x4X2VdREzecPSI9VIeNqCA4bgrw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dbdd02b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
142.250.74.72302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16d7ad56818dde4bc80864654bfbd12e
c95b93882c98641b7f1b648c122194a9fb2534c7
5981f369e21dcc6f0bbfcc0f8c51a2536ee1ba2cb5332f353c41518a3a3dad64
GET /gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
142.250.74.72302 Found 280 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
IP 142.250.74.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a262f0126f939827df765f078136498b
5843ee0c458442b5031e9e4aa26ff2d6205b3dc4
7143489cfbb6ba5e39ffbda796042f3b25d54d3d8aa9c9a40d7be4d646375ecd
GET /gtag/js?id=AW-10955006959&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 280
X-XSS-Protection: 0
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 16 Sep 2022 12:35:50 GMT
expires: Fri, 16 Sep 2022 12:35:50 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8ff1c0d8a380ce4a561609526d995bf5
135ecd7e71ea2823d39f8c1efcb2121618ed8167
f7228281af8d6de222aa47b3a78a627f85315244e65a8956fa2c0c7dff1bb7ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsps.ssl.com/
34.237.184.165200 OK 1.9 kB IP 34.237.184.165:0
Hash 49b4d0a6a6a3918277ab383ec1995664
ccedc13a057838adfaf8157294f8cd499841881c
cf46b71730936996b0baaa74328caa731aecb01f06452e27c46bac14e977b92d
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Sep 2022 12:35:50 GMT
Content-Type: application/ocsp-response
Content-Length: 1883
Connection: keep-alive
Expires: Thu, 22 Sep 2022 15:24:01 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "ccedc13a057838adfaf8157294f8cd499841881c"
Last-Modified: Thu, 15 Sep 2022 15:24:02 GMT
X-Proxy-Cache: HIT
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMzMxNzM0MTk2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM0NjRjMTJhMDc3Zi0wY2M2OTYxZWI3MWNkNi0zMDZkNDY0YS0xNDAwMDAtMTgzNDY0YzEyYTIzOGQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MmQ2LWE1MzMtNzdmYy1hZDc2LWEwZDAtOGQwMy00NzVhLWMxMzMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzMzMTczNDE5MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMzMzE3MzQxOTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
35.241.45.82200 OK 0 B URL HTTP/2 udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMzMxNzM0MTk2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM0NjRjMTJhMDc3Zi0wY2M2OTYxZWI3MWNkNi0zMDZkNDY0YS0xNDAwMDAtMTgzNDY0YzEyYTIzOGQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MmQ2LWE1MzMtNzdmYy1hZDc2LWEwZDAtOGQwMy00NzVhLWMxMzMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzMzMTczNDE5MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMzMzE3MzQxOTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
IP 35.241.45.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTI4MHgxMDI0Iiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiQ2l0aWJhbmsgT25saW5lIiwicGFnZV91cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjYzMzMxNzM0MTk2IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODM0NjRjMTJhMDc3Zi0wY2M2OTYxZWI3MWNkNi0zMDZkNDY0YS0xNDAwMDAtMTgzNDY0YzEyYTIzOGQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NpdGlvbmxpbmUtYW91dGg4NmMwLnF1ZXJ5MzU3LndvcmtlcnMuZGV2LyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MmQ2LWE1MzMtNzdmYy1hZDc2LWEwZDAtOGQwMy00NzVhLWMxMzMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY2MzMzMTczNDE5MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyOTAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ3LjMiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NjMzMzE3MzQxOTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0= HTTP/1.1
Host: udc-neb.kampyle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 12:35:50 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
x-me: prod-instance-gatewayservice-blue-csxq
x-application-context: application:9090
content-type: image/gif; charset=UTF-8
content-length: 0
server: Jetty(9.2.11.v20150529)
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash f7ce5bf30eef0a388db0431b905b8112
22aba5fcb412647684ac5a8a1eae0d6e6fa199a9
1520b6436ea8248bee583e3adf4665279c10e69091accb81026623128d9f6aa4
GET /pagead/viewthroughconversion/644574043/?random=1663331734606&cv=9&fst=1663331734606&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1051
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 54986a9e0190641ff1601f0401083fdd
493df694c865c91c1bd4b148c7b971f8e1751fac
beffc9bf25700203f82e5b71817026d7ba4a70db6f9e4990ab8159c0ba0cb05d
GET /pagead/viewthroughconversion/830907969/?random=1663331734592&cv=9&fst=1663331734592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1050
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 1479343378f52e2a20a6a5ead0b329f4
ded18408d887bcca647871dbbde456a1d5a6367c
4b188116bcb211f7d5e8433e779d56bf77c477f86405eec7d1f18ee988e755dd
GET /pagead/viewthroughconversion/916451471/?random=1663331734262&cv=9&fst=1663331734262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1050
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 40ace23d6e3d90ccb17809ba617cffc0
7e44e3c269b67f00a6e0ead37bb0cf84d2f0cd56
61f18cfb31f3796b99e514761aa9bdc8e999d0294af540dd258803a7edc61197
GET /pagead/viewthroughconversion/819500023/?random=1663331734600&cv=9&fst=1663331734600&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1047
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2284), with no line terminators
Hash 9ae485cd31a4caebbacf2241ca9e3251
2b6573835cc3fd4a4524f29a7f2a8a939c6cd58f
eef17b44951425c96f3d57e06ce9b428985c93259b8d152cc8a31b5fbee57c0d
GET /pagead/viewthroughconversion/10955006959/?random=1663331734603&cv=9&fst=1663331734603&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1052
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 19f7e72efa76ed1b8bfffa8f1d734a5a
00b20fe11a68897f57a871cb60a0cfeee0f90663
a22a4d551ab3b70305b8ebd04496a4abf5bb887281d8a5a683ec35b2d9c50620
GET /pagead/viewthroughconversion/960621875/?random=1663331734580&cv=9&fst=1663331734580&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1049
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 06a6c7e7fd8811309fc5ae1ec078b8cd
7326a1839400202be9367b00bc85c85b024b73e1
9c6bd3cf6107b0beedf4ff610a00e12ff5ffe8754f74cb6028e33e37e0998a8f
GET /pagead/viewthroughconversion/975701947/?random=1663331734598&cv=9&fst=1663331734598&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1049
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 7252fb52b9bdc1506510861b4bebd468
6f1ad9821605ee63891f99ecbeb89699950dfd6e
fbbbfdb25ae9c918037ceb862ff9be934e8a9a70ea073ec998205c48c70c7b25
GET /pagead/viewthroughconversion/959299794/?random=1663331734585&cv=9&fst=1663331734585&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1051
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2280), with no line terminators
Hash 24cd1b34805e6e73f1c270c955c7d43c
f256a69bbb41178767d7a31c6618e734f95473aa
017f2e43c38b038c11ea9cd65cb05053fb3f0976960b7fde1a23163b1a786ab0
GET /pagead/viewthroughconversion/695231162/?random=1663331734596&cv=9&fst=1663331734596&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&auid=1811959556.1663331734&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1048
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 16-Sep-2022 12:50:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nexus.ensighten.com/citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|1;494437|3724319|1;565689|3580754|1;652314|3352749|1;662152|3754713|1;606935|2975859|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3716549|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;706463|3705954|1;-1|-1|1;-1|-1|1;704091|3709544|1;-1|-1|1;-1|-1|1;599415|3672881|1;629918|3729072|1;600937|2897286|1;607856|3729067|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632249|3648773|1;593700|2834829|1;-1|-1|1;510670|2923227|0;707461|3709547|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;725679|3770216|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|1;-1|-1|1;-1|-1|1;578262|3628390|0;718497|3754719|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3728776|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;695962|3608094|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692686|3758674|1;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718270|3758481|1;-1|-1|1;-1|-1|1;495375|2108796|1;692917|3758635|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;692801|3758675|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718496|3743101|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|1;692919|3758634|1;719654|3754724|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;696250|3709548|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;719651|3754723|1]&idx=0&r=975665091.1433402
54.230.111.14204 No Content 0 B URL HTTP/1.1 nexus.ensighten.com/citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|1;494437|3724319|1;565689|3580754|1;652314|3352749|1;662152|3754713|1;606935|2975859|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3716549|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;706463|3705954|1;-1|-1|1;-1|-1|1;704091|3709544|1;-1|-1|1;-1|-1|1;599415|3672881|1;629918|3729072|1;600937|2897286|1;607856|3729067|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632249|3648773|1;593700|2834829|1;-1|-1|1;510670|2923227|0;707461|3709547|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;725679|3770216|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|1;-1|-1|1;-1|-1|1;578262|3628390|0;718497|3754719|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3728776|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;695962|3608094|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692686|3758674|1;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718270|3758481|1;-1|-1|1;-1|-1|1;495375|2108796|1;692917|3758635|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;692801|3758675|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718496|3743101|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|1;692919|3758634|1;719654|3754724|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;696250|3709548|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;719651|3754723|1]&idx=0&r=975665091.1433402
IP 54.230.111.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|1;494437|3724319|1;565689|3580754|1;652314|3352749|1;662152|3754713|1;606935|2975859|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3716549|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;706463|3705954|1;-1|-1|1;-1|-1|1;704091|3709544|1;-1|-1|1;-1|-1|1;599415|3672881|1;629918|3729072|1;600937|2897286|1;607856|3729067|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632249|3648773|1;593700|2834829|1;-1|-1|1;510670|2923227|0;707461|3709547|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;725679|3770216|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|1;-1|-1|1;-1|-1|1;578262|3628390|0;718497|3754719|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3728776|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;695962|3608094|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692686|3758674|1;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718270|3758481|1;-1|-1|1;-1|-1|1;495375|2108796|1;692917|3758635|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;692801|3758675|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;718496|3743101|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|1;692919|3758634|1;719654|3754724|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;696250|3709548|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;719651|3754723|1]&idx=0&r=975665091.1433402 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 204 No Content
Content-Length: 0
Connection: keep-alive
Server: CloudFront
Date: Fri, 16 Sep 2022 08:13:25 GMT
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sFXovnOJh5KYksXv_2TiFhadZTiQUHxoV5A-y0rTZZ6lwcn1-3N7Gw==
Age: 15745
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/960621875/?random=1663331734580&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1495980683&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/960621875/?random=1663331734580&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1495980683&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/960621875/?random=1663331734580&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1495980683&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/695231162/?random=1663331734596&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3798162300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/695231162/?random=1663331734596&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3798162300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/695231162/?random=1663331734596&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3798162300&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10955006959/?random=1663331734603&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2163288722&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10955006959/?random=1663331734603&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2163288722&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10955006959/?random=1663331734603&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2163288722&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/975701947/?random=1663331734598&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2525532527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/975701947/?random=1663331734598&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2525532527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/975701947/?random=1663331734598&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2525532527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/959299794/?random=1663331734585&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1466817845&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/959299794/?random=1663331734585&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1466817845&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959299794/?random=1663331734585&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1466817845&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/644574043/?random=1663331734606&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2981327969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/644574043/?random=1663331734606&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2981327969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/644574043/?random=1663331734606&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2981327969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/916451471/?random=1663331734262&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2524969599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/916451471/?random=1663331734262&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2524969599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/916451471/?random=1663331734262&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2524969599&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/830907969/?random=1663331734592&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2996495405&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/830907969/?random=1663331734592&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2996495405&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/830907969/?random=1663331734592&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2996495405&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/819500023/?random=1663331734600&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1442345661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/819500023/?random=1663331734600&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1442345661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/819500023/?random=1663331734600&cv=9&fst=1663329600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Fcitionline-aouth86c0.query357.workers.dev%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1442345661&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Sep 2022 12:35:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 12:35:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg
162.125.71.15200 OK 0 B URL HTTP/2 dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg
IP 162.125.71.15:0
GET /s/ttemfbjw200ljgk/050-location%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=050-location%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=ygEvPBs5O4rhxvBZK8UKtIJFJNQT6BzWCmrjQCl6QkSMlGRO94iZouUHzrn0T30c; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 182
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 3cc9ac1c960a432dab1e728226bbb3a9
X-Firefox-Spdy: h2
dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
162.125.71.15200 OK 0 B URL HTTP/2 dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css?dl=0
IP 162.125.71.15:0
GET /s/esn6641krlordqt/styles.css?dl=0 HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=Ut3VEGpNsJOtFPmXxhTyA8LZFfzoeLtWdCSuVsIf2uzEIcFKjAP5bmCqZ0XeptN2; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 411
content-type: text/css; charset=utf-8
date: Fri, 16 Sep 2022 12:35:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: f95a668d882047bcacea2519e9ada075
X-Firefox-Spdy: h2
dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg
162.125.71.15200 OK 0 B URL HTTP/2 dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg
IP 162.125.71.15:0
GET /s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename=icon_globe_med-grey%402x.svg
content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=6VGfQOWcjT38p2FUp2qqkFYlBf1NdXcmnvsgYkmloxCHX74tXqT1gobOQqH1KBST; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-server-response-time: 178
x-webkit-csp: sandbox
content-type: image/svg+xml
date: Fri, 16 Sep 2022 12:35:46 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 0131fe9137d0490d96e0d1fcdcaedf79
X-Firefox-Spdy: h2
citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png
104.21.30.254200 OK 0 B URL HTTP/1.1 citionline-aouth86c0.query357.workers.dev/css/320_Citi-PLT@3x.png
IP 104.21.30.254:0
Analyzer Verdict Alert openphish Citigroup Inc.
GET /css/320_Citi-PLT@3x.png HTTP/1.1
Host: citionline-aouth86c0.query357.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://citionline-aouth86c0.query357.workers.dev/
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 12:35:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVIaWME3tAWYDVNkWyIfqs8dGt6arPDfJNwOW6SKMFiP8nt2n1GWDdYv0qbkpPTj%2BnJEGvP50eeMKJ2c9IlYPpTmP9cPAfuCxuUaSDqZR89np4HFMnij%2BisfocRxJbQD6RPK9%2Fo%2FhiFjIBjfUQYzuvagbpMbEfOjOehU2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b9a4dbdcb7b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60