texasholep.com Open in urlscan Pro
162.241.216.137 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&s...
Submission: On March 26 via automatic, source openphish (March 26th 2022, 1:08:39 am UTC) — Scanned from DE

Summary HTTP 174 Redirects Links 80 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 25 domains to perform 174 HTTP transactions. The main IP is 162.241.216.137, located in United States and belongs to OIS1, US. The main domain is texasholep.com.
TLS certificate: Issued by R3 on March 17th 2022. Valid for: 3 months.

This is the only time texasholep.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	162.241.216.137 162.241.216.137	26337 (OIS1) (OIS1)
1	151.101.1.175 151.101.1.175	54113 (FASTLY) (FASTLY)
29	104.89.31.32 104.89.31.32	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:215... 2600:9000:2156:3c00:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.89.33.102 104.89.33.102	16625 (AKAMAI-AS) (AKAMAI-AS)
30	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
3	52.43.32.23 52.43.32.23	16509 (AMAZON-02) (AMAZON-02)
2	54.228.71.178 54.228.71.178	16509 (AMAZON-02) (AMAZON-02)
3	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
2 3	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	143.204.98.95 143.204.98.95	16509 (AMAZON-02) (AMAZON-02)
8	104.92.75.138 104.92.75.138	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (STACKPATH...) (STACKPATH-CDN)
1 4	54.171.186.191 54.171.186.191	16509 (AMAZON-02) (AMAZON-02)
2	34.235.253.107 34.235.253.107	14618 (AMAZON-AES) (AMAZON-AES)
1 2	143.204.98.125 143.204.98.125	16509 (AMAZON-02) (AMAZON-02)
1	34.248.142.13 34.248.142.13	16509 (AMAZON-02) (AMAZON-02)
1	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	52.50.18.68 52.50.18.68	16509 (AMAZON-02) (AMAZON-02)
26	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:d400:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	52.141.218.213 52.141.218.213	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.224.195.71 13.224.195.71	16509 (AMAZON-02) (AMAZON-02)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	198.160.105.95 198.160.105.95	15026 (ACXIOM) (ACXIOM)
1	104.89.42.102 104.89.42.102	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
174	31

7 162.241.216.137 (United States)

ASN26337 (OIS1, US)
PTR: box5407.bluehost.com

texasholep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 104.89.31.32 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-32.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:3c00:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.33.102 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-33-102.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.43.32.23 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-43-32-23.us-west-2.compute.amazonaws.com

ci-mpsnare.iovation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.228.71.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-71-178.eu-west-1.compute.amazonaws.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

20822230p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-95.fra50.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.92.75.138 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-75-138.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.171.186.191 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-186-191.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.235.253.107 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-253-107.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.125 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-125.fra50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.142.13 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-142-13.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.18.68 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-18-68.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:d400:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.141.218.213 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

contents3.00110.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.195.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-71.fra2.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.160.105.95 (Conway, United States)

ASN15026 (ACXIOM, US)

cardoffer.citicards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.42.102 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	citi.com www.citi.com — Cisco Umbrella Rank: 25372 online.citi.com — Cisco Umbrella Rank: 20517 metrics1.citi.com — Cisco Umbrella Rank: 22374 contents3.00110.citi.com — Cisco Umbrella Rank: 30022	1 MB
30	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2591	238 KB
27	kampyle.com nebula-cdn.kampyle.com — Cisco Umbrella Rank: 3348 udc-neb.kampyle.com — Cisco Umbrella Rank: 2681	8 KB
15	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	581 KB
8	google.de www.google.de — Cisco Umbrella Rank: 6433	996 B
8	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
8	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	10 KB
7	texasholep.com texasholep.com	364 KB
5	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 184 citi.demdex.net — Cisco Umbrella Rank: 35291	7 KB
3	rfihub.com 2 redirects 20822230p.rfihub.com s.rfihub.com — Cisco Umbrella Rank: 61686 20766699p.rfihub.com — Cisco Umbrella Rank: 34103	2 KB
3	medallia.com resources.digital-cloud-citi.medallia.com — Cisco Umbrella Rank: 23247	176 KB
3	iovation.com ci-mpsnare.iovation.com — Cisco Umbrella Rank: 58286	27 KB
3	tvpixel.com c.tvpixel.com — Cisco Umbrella Rank: 7407 p.tvpixel.com — Cisco Umbrella Rank: 1280	103 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	30 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 125	998 B
2	iesnare.com mpsnare.iesnare.com — Cisco Umbrella Rank: 5451	14 KB
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 437	338 B
1	citicards.com cardoffer.citicards.com — Cisco Umbrella Rank: 721757
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 11741	98 B
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 7877
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5644	6 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 878	517 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 588	30 KB
1	rezync.com live.rezync.com — Cisco Umbrella Rank: 1633	30 B
1	bkrtx.com tags.bkrtx.com — Cisco Umbrella Rank: 2764	16 KB
174	25

	Domain	Requested by
30	nexus.ensighten.com	texasholep.com nexus.ensighten.com
29	www.citi.com	texasholep.com
26	udc-neb.kampyle.com	texasholep.com
15	www.googletagmanager.com	nexus.ensighten.com www.googletagmanager.com
8	www.google.de
8	www.google.com	1 redirects
8	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
8	online.citi.com	texasholep.com
7	texasholep.com	texasholep.com www.citi.com
4	dpm.demdex.net	1 redirects texasholep.com nexus.ensighten.com
3	resources.digital-cloud-citi.medallia.com	texasholep.com resources.digital-cloud-citi.medallia.com
3	ci-mpsnare.iovation.com	texasholep.com ci-mpsnare.iovation.com
2	www.googleadservices.com	www.googletagmanager.com
2	sb.scorecardresearch.com	1 redirects texasholep.com
2	p.tvpixel.com	c.tvpixel.com
2	mpsnare.iesnare.com	texasholep.com mpsnare.iesnare.com
1	stags.bluekai.com	tags.bkrtx.com
1	cardoffer.citicards.com
1	sr.rlcdn.com	nexus.ensighten.com
1	cdn.pbbl.co	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	contents3.00110.citi.com	www.citi.com
1	c1.rfihub.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	code.jquery.com	texasholep.com
1	s.rfihub.com	1 redirects
1	live.rezync.com	texasholep.com
1	20822230p.rfihub.com	1 redirects
1	tags.bkrtx.com	texasholep.com
1	c.tvpixel.com	texasholep.com
1	nebula-cdn.kampyle.com	texasholep.com
174	33

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
www.citicards.com
marketinsights.citi.com
citigoldprivateclient.citi.com
banking.citi.com
www.thefemalequotient.com
www.citigroup.com
jobs.citi.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
www.citibank.com
play.google.com
itunes.apple.com
www.jdpower.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
webdisk.texasholep.com R3	`2022-03-17` - `2022-06-15`	3 months	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-22` - `2023-03-26`	a year	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2021-11-02` - `2022-12-03`	a year	crt.sh
*.tvpixel.com Amazon	`2022-01-14` - `2023-02-12`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2022-02-07` - `2023-02-06`	a year	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-14` - `2022-10-12`	a year	crt.sh
ci-mpsnare.iovation.com DigiCert SHA2 Extended Validation Server CA	`2021-04-21` - `2022-05-10`	a year	crt.sh
mpsnare.iesnare.com DigiCert SHA2 Extended Validation Server CA	`2021-04-27` - `2022-05-24`	a year	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2021-11-15` - `2022-10-20`	a year	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-07-02` - `2022-08-30`	2 years	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
contents1.00110.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-08-10` - `2022-08-10`	2 years	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.pbbl.co Amazon	`2021-11-04` - `2022-12-02`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
cardoffer.citicards.com DigiCert SHA2 Extended Validation Server CA	`2020-02-14` - `2022-05-08`	2 years	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Frame ID: 56697B3347F12BBE8776062B4A69F108
Requests: 168 HTTP requests in this frame

Frame: https://www.citi.com//sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: DD4FAB910A2EEA3C979F16DF9C4921F8
Requests: 1 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 90216EF0D9782A5D79A1393CDFCBF538
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=868&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&pf=&ra=602785917020783
Frame ID: FDFB22A4364B824D06F227E5EE5BE902
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 7B150DB4330452DD9B8EDAB1503E8905
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&phint=__bk_v%3D3.1.10&limit=10&r=93574276
Frame ID: 13CC8151441AFC481AF35919F062774A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Banking, Mortgages, Personal Loans, Investing | Citi.com

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

174
Requests

93 %
HTTPS

23 %
IPv6

25
Domains

33
Subdomains

31
IPs

5
Countries

2659 kB
Transfer

8949 kB
Size

31
Cookies

80 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=low-interest-credit-card
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/rewards-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/savings-and-cash-back-credit-cards
Title: Cash Back Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/travel-reward-credit-cards
Title: Travel Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=all-small-business-credit-cards&m=f
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/knowledge-center
Title: Citi ® Credit Knowledge Center

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=Y
Title: Respond to Mail Offer

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/banking/checking-account
Title: Checking

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=savings-account-overview
Title: Savings

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=banking-overview
Title: Banking Overview

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=cd-ira-account-overview
Title: Certificates of Deposit

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/cd-ira/citi.action?ID=citi-ira
Title: Banking IRAs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Rates

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=your-savings-made-simple
Title: Savings Made Simple

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/banking/special-offers
Title: Citi ® Bonus Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/personal-loan
Title: Personal Loans & Lines of Credit

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_home_mortgage
Title: Home Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_buy_home
Title: Buy a Home

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_refinancing
Title: Refinance Your Home

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_heloc
Title: Use Your Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=refinance_and_mortgage_calculators
Title: Mortgage Calculators

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_calculators
Title: Home Equity Calculators

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/investing/investingwithciti
Title: Investing with Citi

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/pands/detail.do?ID=InvestWithPersonalAdvisor&JFP_TOKEN=PZKYHT3Q
Title: Working with an Advisor

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citiwealthbuilder/detail/marketing?intc=2~7~51~5~200101~2~BANKACQ~investingwithciti~prelogin~web~all&JFP_TOKEN=PZKYHT3Q
Title: Citi Wealth Builder

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citi-self-invest
Title: Self-Directed Trading

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=FinancialPlanningTools&JFP_TOKEN=PD3BPM40
Title: Financial Planning

Search URL Search Domain Scan URL

URL: https://marketinsights.citi.com/
Title: Market Insights

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=InvestingProducts&JFP_TOKEN=PZKYHT3Q
Title: Investments & Insurance

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold ® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://citigoldprivateclient.citi.com/contact/
Title: Find a Wealth Team

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/open-a-bank-account
Title: Open an Account

Search URL Search Domain Scan URL

URL: https://www.citi.com/US/JSO/uidn/RequestUserIDReminder.do?fuipFlowInd=userID
Title: Forgot User ID?

Search URL Search Domain Scan URL

URL: https://www.citi.com/US/ag/activate/index
Title: Activate a Card

Search URL Search Domain Scan URL

URL: https://www.citi.com/US/JSO/uidn/RequestUserIDReminder.do?fuipFlowInd=pwd
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://www.citi.com/JSO/reg/Setup.do
Title: Register for Online Access

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=covid19
Title: COVID-19 resources

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=paycheck-protection-program
Title: Paycheck Protection Program

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/citi-custom-cash-credit-card?afc=106
Title: Learn More Plus enjoy a low intro APR for 15 months on purchases and balance transfers.

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/forgot-userid-pwd/account-type?fuipFlowInd=userID
Title: Forgot User ID?

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/forgot-userid-pwd/account-type?fuipFlowInd=pwd
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/view-all-credit-cards?afc=105&intc=1~1~52~6~BANR~1~mpc_Default_citicomREDPE_aug2016~OMPC105
Title: Choose the Right Citi ® Credit Card for You

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=american-airlines-aadvantage-credit-cards&intc=7~1~64~1~080115~1~AAFam3~AA&afc=1A3
Title: Explore Citi ® / AAdvantage ® Credit Cards

Search URL Search Domain Scan URL

URL: https://banking.citi.com/cbol/citigold/offer/default.htm?venue=OnsiteHP&intc=1_1_52_3_BANR_2_CHECK21_CG1500_HP
Title: Earn Up To $1,500

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/zelle/p2pmarketing

Search URL Search Domain Scan URL

URL: https://www.thefemalequotient.com/advancing-equality-calculator

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://jobs.citi.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy Deals SM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi Entertainment ®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://www.citibank.com/commercialbank/en/index.html
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title: Continue

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citibank
Title: Continue

Search URL Search Domain Scan URL

URL: https://twitter.com/Citibank/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title: Continue

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=international-personal-bank&l=en&locale=en_US
Title: International Personal Bank U.S.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://20822230p.rfihub.com/ca.html?rb=648&ca=20822230&ra=306079209&_o=17169175&_t=zx-cookie-match HTTP 302
https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=d0ae33fb718b14c742c9cdf1dea83556&k=citi-prod-acct-pixel-3465&zmpID=citi-prod-acct&cid=5133329520793132754

Request Chain 54

https://s.rfihub.com/uidm?_o=17169175&_u=0ab5c2ff-4e13-4a45-baf8-6c37f05be65c&_sm=:R22534S@BA7GH3C24944S@BA7GH3C2232L2@BA7GH3S2233L2@BA7GH3S28259S1@BA7GH3S28265S1@BA7GH3S28266S1@BA7GH3S28267S1@BA7GH3S4074L2@BA7GH3S4075L2@BA7GH3S4076L1@BA7GH3S28227S1@BA7GH3S49119S@BA7GH3C49699S@BA7GH3C49700S@BA7GH3C49701S1@BA7GH3S49712S@BA7GH3C49749S1@BA7GH3S49828S1@BA7GH3S11053c1@BA7GH3I1383T2@BA7GH3S2569L87@BA7GH3S4076L1@BA7GH3S49701S1@BA7GH3S&redirect=32 HTTP 302
https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00Rz1AAGnmntI=931

Request Chain 64

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648256913534 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648256913534

Request Chain 88

https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&c8=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&c9=&rn=1648256913778 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&c8=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&c9=&rn=1648256913778

Request Chain 92

https://cm.everesttech.net/cm/dd?d_uuid=41041885014808502113815266193603898245 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yj5nkgAAAG4v3AP7

Request Chain 153

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1648256915116&cv=9&fst=1648256915116&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1648256915116&cv=9&fst=1648256400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2896400979&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1648256915116&cv=9&fst=1648256400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2896400979&resp=GooglemKTybQhCsO&ipr=y

174 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.php Show response
texasholep.com/ 1 MB
182 KB 927ms
481ms Document
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to

Full URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash: 162abc461d21ebb06cc5cfe64318ec73b88dfc2ba56dbce8895b029eb6f0f130

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 26 Mar 2022 01:08:32 GMT
server: Apache
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-server-cache: false

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 142ms
15ms Script
application/javascript 151.101.1.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 689630
via: 1.1 varnish
x-cache: HIT
content-length: 5197
x-amz-id-2: yg/JTOSNROeWfhK4/2iSo2u4sJ7zQj+BLHHRGRaYmrtaOz3Qab4RwqE8R3W/FB3LuqnObsa07Bo=
x-served-by: cache-cdg20747-CDG
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1648256913.730891,VS0,VE0
date: Sat, 26 Mar 2022 01:08:32 GMT
vary: Accept-Encoding
x-amz-request-id: 2AJVYR37D8A9EXDQ
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 14830

GET
H/1.1 404
Not Found cool-2.1.15.min.js
www.citi.com//nebula-cdn.kampyle.com/resources/onsite/js/ 0
0 723ms
573ms Script
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 404
Not Found tc.min.js
www.citi.com//c1.rfihub.net/js/ 0
0 672ms
672ms Script
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//c1.rfihub.net/js/tc.min.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 404
Not Found bat.js
www.citi.com//bat.bing.com/ 0
0 658ms
658ms Script
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//bat.bing.com/bat.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
103 KB 47ms
7ms Script
application/javascript 2600:9000:2156:3c00:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3c00:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 04:11:58 GMT
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
last-modified: Thu, 16 Sep 2021 18:14:59 GMT
server: AmazonS3
age: 75396
etag: "08e770c8a17bf087d50cec01af0892c2"
x-cache: Hit from cloudfront
x-amz-version-id: oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
content-length: 105110
x-amz-cf-id: FSz8Y965gX997L56H3mUycOZuzph1KUw3KvCWMqqyOd0G1WBGdNe_A==

GET
H/1.1 404
Not Found js
www.citi.com//www.googletagmanager.com/gtag/ 0
0 589ms
587ms Script
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//www.googletagmanager.com/gtag/js?id=AW-916451471
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 404
Not Found js
www.citi.com//www.googletagmanager.com/gtag/ 0
0 596ms
577ms Script
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//www.googletagmanager.com/gtag/js?id=DC-6260004
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 404
Not Found js
www.citi.com//www.googletagmanager.com/gtag/ 0
0 682ms
638ms Script
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//www.googletagmanager.com/gtag/js?id=DC-6268858
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 51 KB
16 KB 111ms
24ms Script
application/javascript 104.89.33.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.33.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-33-102.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 21 May 2021 19:14:21 GMT
Server: nginx/1.15.8
ETag: W/"60a8068d-cbc2"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Sat, 26 Mar 2022 01:08:33 GMT
Connection: keep-alive
Content-Length: 16078
Expires: Sat, 02 Apr 2022 01:08:33 GMT

GET
H2 200 7b447bc276f22ad8adb1a508ec3ccd95.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 15ms
10ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7b447bc276f22ad8adb1a508ec3ccd95.js?conditionId0=455897
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 80f9f953a9a15824f851eb8e8f9ce1a2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 14ms
8ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/80f9f953a9a15824f851eb8e8f9ce1a2.js?conditionId0=4906371
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 9088b0ceb01ee51a9f99e8c023ebe24c.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 16ms
11ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=3013337
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 c1997fc4285b4ded7a3ef6dce5a65f2b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 14ms
9ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/c1997fc4285b4ded7a3ef6dce5a65f2b.js?conditionId0=467299
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 f1d424be7dfd03475beb6dfc2f1cd2ea.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 14ms
9ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f1d424be7dfd03475beb6dfc2f1cd2ea.js?conditionId0=486757
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 51aba9f62787efbaa13e53a8d1ae3892.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
847 B 15ms
10ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Tue, 31 Aug 2021 17:19:01 GMT
server: nginx
etag: W/"612e6485-52a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 334ee8c21712837a7f71da136cfbed7d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 15ms
10ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/334ee8c21712837a7f71da136cfbed7d.js?conditionId0=421908
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 3ae5401499ebbfa990c60e4063f9b6af.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 16ms
11ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/3ae5401499ebbfa990c60e4063f9b6af.js?conditionId0=480881
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 16ms
11ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 86ca0d0e2329b59c0004f99b9175209c.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 16ms
12ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/86ca0d0e2329b59c0004f99b9175209c.js?conditionId0=4897099
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 d90ce1a791ada193ee0ca4e9ce66632d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
1 KB 20ms
15ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d90ce1a791ada193ee0ca4e9ce66632d.js?conditionId0=4905849&conditionId1=491868
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c1b3f3803c42132039b21ce8921335c9cb785a58d513fdc04b0350434bec8e29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 18:41:47 GMT
server: nginx
etag: W/"611c02eb-12f1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 610385315aaf2ee252e6868cc4dbde09.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 20ms
16ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/610385315aaf2ee252e6868cc4dbde09.js?conditionId0=462132
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 e6abf13671cf36a6659fa0107408b1a1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 20ms
16ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/e6abf13671cf36a6659fa0107408b1a1.js?conditionId0=4880418
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 20ms
16ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
911 B 151ms
26ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Oct%2005%2016:56:51%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fwww.citi.com%2F
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 733e73b3b387cc156e5b36d8a3c58941e697d331443630a701f47ad92f37d73f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:32 GMT
cache-control: no-cache, no-store
content-type: text/javascript
server: nginx
content-encoding: gzip
vary: Accept-Encoding
expires: Sat, 26 Mar 2022 01:08:31 GMT

GET
H/1.1 200
OK 6c8322c7341eac98645c10e3d1d3c7ae.js Show response
www.citi.com/assets/scripts/global/ 1 KB
1 KB 775ms
626ms Script
application/javascript 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com/assets/scripts/global/6c8322c7341eac98645c10e3d1d3c7ae.js?seed=AGDgbVt8AQAAePz57VglhqHi-r8eptEAN2N6LbzJ6wkkuzicU4H3EZlzlAer&X-soz9htCz--z=q
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8b4c7126938ec73397227c79199141b7d1851cdf34f66df16b057e092a30769f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 01:08:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 728
X-Ion-Hop: Prod
Expires: 0

GET
H/1.1 200
OK tagging.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/js/ 70 KB
15 KB 174ms
25ms Script
application/javascript 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/js/tagging.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e0e88353dfd82f315aa3e3cc1458d43c931217da111e37fac2a82e8886b7f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 14087
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:32:24 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 69a4403a-5447-4dc2-6e50-3e9815f71f4f
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1173a-17f596c4c40"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:32 GMT

GET
H/1.1 200
OK banner.min.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/js/ 15 KB
6 KB 178ms
30ms Script
application/javascript 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/js/banner.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

66e0a4b3019f0e19c99a314095a7e13932cd8afcb82a236475abf3f8723ea69d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 4812
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: a4e9c74d-6c13-4197-6af8-544aebba2b0b
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"3cdd-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:32 GMT

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_stage/ 230 KB
70 KB 138ms
13ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 45825f1c81bffd28fbab1becad7203a882727b820c7fd79f19c517a348f87177

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:32 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 16:34:19 GMT
server: nginx
etag: W/"623def0b-39972"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300

GET Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Regular.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 200
OK snare.js Show response
ci-mpsnare.iovation.com/ 38 KB
13 KB 643ms
155ms Script
text/javascript 52.43.32.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/snare.js?_=2419949006049506

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.43.32.23 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-43-32-23.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

253cd31cafeb2b418e3123b5c6aec07f6d8facb2dacc0ffb98a436a1c018d5a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 01:08:34 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H/1.1 200
OK snare.js Show response
ci-mpsnare.iovation.com/ 38 KB
13 KB 653ms
158ms Script
text/javascript 52.43.32.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/snare.js?_=3013948181442951

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.43.32.23 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-43-32-23.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

197541584fcdbb3f7b724ec53f92f166afa3a46fee922f4576f8d697f24fa312

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 01:08:34 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H/1.1 200
OK snare.js Show response
mpsnare.iesnare.com/ 38 KB
13 KB 145ms
30ms Script
text/javascript 54.228.71.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/snare.js?_=747598135508415

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-228-71-178.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fb30168bf0fdb501dc8c18bcf4a318fa818a12051230ed8c74990b8ab684ac9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Mar 2022 01:08:33 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H/1.1 200
OK styles.07893b721f6dae561ac2.css
www.citi.com/cbol-pre-login-static-assets/ 0
0 769ms
621ms Stylesheet
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com/cbol-pre-login-static-assets/styles.07893b721f6dae561ac2.css
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 229 KB
70 KB 23ms
20ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9eedb23c0b90b4524ef8da15b1118f61ea836f691a8030a88f72c8209a882696

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 21:07:32 GMT
server: nginx
etag: W/"62325194-393a3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300

GET
H/1.1 200
OK cedric.js Show response
www.citi.com/cbol-pre-login-static-assets/cbol-core-assets/cedric/ 602 KB
113 KB 33ms
33ms Script
application/javascript 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/cbol-core-assets/cedric/cedric.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

48451bef935eba4b7a149a7b6dc16cc7183e75cb2887d571a3382ae3f155686a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 114756
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: d3a89bdb-1567-4fc4-5ffc-cd20fd68876d
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"96983-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:32 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 48ms
6ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: 7ZFGbm5gfkxV.pQuBY8LWu5zWeTQ0IFs
content-encoding: gzip
etag: "a698e80bc62ebcae5d8ef95ef0d2804d"
fastly-original-body-size: 1573
age: 348986
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: u1tZNaC/5T/pnBxInHESXg2tp+0XOzw+i+e+nLGUvcg0/fF1c1+TVdFHYPFKqoR+63eRSZLZFSI=
x-served-by: cache-hhn4053-HHN
last-modified: Fri, 25 Feb 2022 18:17:26 GMT
server: AmazonS3
x-timer: S1648256913.882083,VS0,VE0
date: Sat, 26 Mar 2022 01:08:32 GMT
vary: Accept-Encoding
x-amz-request-id: 1R98NRXW2SWENTVP
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 4

GET
H2

200

sync
live.rezync.com/
Redirect Chain

https://20822230p.rfihub.com/ca.html?rb=648&ca=20822230&ra=306079209&_o=17169175&_t=zx-cookie-match
https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=d0ae33fb718b14c742c9cdf1dea83556&k=citi-prod-acct-pixel-3465&zmpID=citi-prod-acct&cid=5133329520793132754

30 B
30 B

192ms
156ms

Image
application/javascript

143.204.98.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=d0ae33fb718b14c742c9cdf1dea83556&k=citi-prod-acct-pixel-3465&zmpID=citi-prod-acct&cid=5133329520793132754
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Server: 143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-95.fra50.r.cloudfront.net
Software: lighttpd/1.4.33 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
via: 1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
server: lighttpd/1.4.33
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/javascript
content-length: 30
x-amz-cf-id: 4lW2JMJNwUhyu9pGt4hy9TWd1no4_-bMNBsXKZsbn9gChTuTh1NdsQ==

Redirect headers

Location: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=d0ae33fb718b14c742c9cdf1dea83556&k=citi-prod-acct-pixel-3465&zmpID=citi-prod-acct&cid=5133329520793132754
Date: Sat, 26 Mar 2022 01:08:33 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK citilogoredesign.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 67ms
20ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1799
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 9b0091f4-2e5f-42b9-6e24-569767c3e4c2
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"707-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:33 GMT

GET
H/1.1 200
OK 050-location@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 31ms
18ms Image
image/svg+xml 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Sid: 9ddda1ad-5914-44ca-afe6-adeb647b7965
Content-Encoding: gzip
ETag: W/"6d8-17f596ac5a0"
Nonce: 4613191492681614
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 758
X-Xss-Protection: 1; mode=block
Uuid: 4e04544e-2399-4c15-9f92-296102d7707f
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:33 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: d6b84130-03ec-45ca-66a4-0c396f29c5df
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Sat, 26 Mar 2022 07:08:33 GMT

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 46ms
14ms Image
image/svg+xml 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Sid: b31bd576-a045-442e-a60f-d84f3aa21e48
Content-Encoding: gzip
ETag: W/"dc3-17f596ac5a0"
Nonce: 8121217717129401
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: 933d944d-5d47-46ca-9461-8dec2d01deaf
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:33 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: d24c458a-9328-426e-4e8f-034dfeb5b57f
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Sat, 26 Mar 2022 07:08:33 GMT

GET
H2 404 icon_globe_med-grey@2x.svg
texasholep.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 315 B
315 B 164ms
162ms Image
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://texasholep.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 200 HP754_Hero1.png
online.citi.com/JRS/banners/hero_background/ 131 KB
132 KB 206ms
76ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP754_Hero1.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

169ccdb0a8bb621bd31524a5a87964faf689303e2e070afec1627926b49ac19f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Fri, 04 Jun 2021 17:37:22 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 134328
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK phone.png
www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/ 10 KB
11 KB 165ms
16ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/phone.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 9873
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 2cafe97a-c9f5-4bdd-6289-b49060274718
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"2691-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK qrsignon.png
www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/ 741 B
2 KB 44ms
14ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/qrsignon.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 741
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: dd8576b1-d9e9-4f2c-6a84-0a61d67bf029
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"2e5-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK laptop-and-phone-pairing.png
www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/ 17 KB
18 KB 56ms
15ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/laptop-and-phone-pairing.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ff5150ab5741a5c8345bc7861cb1cab8f574fe17f2cdb2fbc2058311f3d65817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 17241
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 914ad881-408a-445e-6115-40b3085a0fd5
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"4359-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK laptop-and-phone-success.png
www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/ 13 KB
14 KB 41ms
15ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/qrcode/images/laptop-and-phone-success.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

bb1fdd5be17ce6cbeb21411a9ba10b99f11bbe232a93b34bec7c4722d763bf52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 13305
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 258f4c3c-73f3-4555-4f6d-faadd5820797
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"33f9-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H2 200 Cards-tile-grey-1120.jpg
online.citi.com/JRS/banners/modules/ 51 KB
52 KB 181ms
50ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/Cards-tile-grey-1120.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Tue, 21 Sep 2021 22:10:14 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 52559
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP3054_M.jpg
online.citi.com/JRS/banners/modules/ 50 KB
50 KB 290ms
159ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP3054_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

ce8a594c5d8e50a90980fc53a9920dedad889bdcfc846621dc569b24958fc5d4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Fri, 16 Jul 2021 16:04:48 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 50895
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP_1681_CHECK21_CG1500_Citigold_3-UP_Module.jpg
online.citi.com/JRS/banners/modules/ 39 KB
40 KB 295ms
164ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP_1681_CHECK21_CG1500_Citigold_3-UP_Module.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

ce7920d8eb0262507af53f820d7f2979a557303abbf59d45aca54d77fbd1a1e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Fri, 22 Oct 2021 18:11:30 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 40288
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP_1262_CitiSelfInvest_Image.jpg
online.citi.com/JRS/banners/modules/ 46 KB
47 KB 196ms
86ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP_1262_CitiSelfInvest_Image.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

21ce9d5fb1b0c08a3983cabe314138b163341fea02a49962bdec84a5a13e02e0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Fri, 06 Aug 2021 19:56:06 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 47164
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP_1005_LifestyleBenefit_3Up_M1M7.jpg
online.citi.com/JRS/banners/modules/ 57 KB
58 KB 246ms
173ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP_1005_LifestyleBenefit_3Up_M1M7.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

f0dbc6cfd4a4c729ae0ca2f1404efcdb3e61e4943032b1767a567b9fbce33a51

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Fri, 16 Jul 2021 16:04:38 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 58806
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP9368_M.jpg
online.citi.com/JRS/banners/modules/ 67 KB
68 KB 26ms
26ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP9368_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

f8d72428d9ad2a78762aaf3baf508892fac3dfa91ff222b6543b487df180b042

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Fri, 16 Jul 2021 16:04:55 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 68893
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1

200
OK

citi.action
www.citi.com/credit-cards/rfuidmatch/
Redirect Chain

https://s.rfihub.com/uidm?_o=17169175&_u=0ab5c2ff-4e13-4a45-baf8-6c37f05be65c&_sm=:R22534S@BA7GH3C24944S@BA7GH3C2232L2@BA7GH3S2233L2@BA7GH3S28259S1@BA7GH3S28265S1@BA7GH3S28266S1@BA7GH3S28267S1@BA7G...
https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00Rz1AAGnmntI=931

0
2 KB

540ms
519ms

Image
text/html

104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00Rz1AAGnmntI=931
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: / Servlet/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 01:08:34 GMT
Content-Encoding: gzip
X-Powered-By: Servlet/3.0
P3P: policyref="/w3c/p3p.xml"\,CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
Connection: keep-alive
Content-Length: 20
X-UA-Compatible: IE=edge, IE=edge
X-Akamai-CITISITE: SWDC
Vary: Accept-Encoding
Content-Language: de-DE
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
Cache-Control: no-cache="set-cookie, set-cookie2"
Access-Control-Allow-Credentials: true
Content-Type: text/html
X-Akamai-Transformed: 9 0 0 pmb=mTOE,1
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Location: https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00Rz1AAGnmntI=931
Date: Sat, 26 Mar 2022 01:08:34 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK 320_Citi-PLT@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 11 KB
13 KB 37ms
17ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 11562
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 7da27a62-efc3-4b89-7db3-3af0623146aa
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"2d2a-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK 1440_Citi-PLT@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
29 KB 47ms
19ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 28149
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 71ee068b-e781-4206-458d-361eb62304af
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"6df5-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 32ms
12ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://texasholep.com/
Origin: https://texasholep.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d84"
vary: Accept-Encoding
x-hw: 1648256914.dop002.fr8.t,1648256914.cds258.fr8.hn,1648256914.cds142.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H/1.1 200
OK xmsdk.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/qrcode/js/ 1 MB
305 KB 31ms
31ms Script
application/javascript 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/qrcode/js/xmsdk.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1c69468ad43d43f8c701bcd193de8688ba49a17128a730c065c7a06d08106daf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 310764
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:32:33 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: e05289f6-1944-4245-69f7-e2ad8e66cce5
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"145237-17f596c6f68"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:33 GMT

GET
H/1.1 200
OK qrsignon.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/qrcode/js/ 6 KB
3 KB 14ms
14ms Script
application/javascript 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/qrcode/js/qrsignon.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

463364c237ac33fd5ce60338742b888edad01bfa59b7271db12210071fc41c6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2139
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:43 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: d44e155c-a30b-4e6b-47ef-7d458e00152b
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1926-17f596ac1b8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:33 GMT

GET
H2 200 config.js Show response
online.citi.com/CBOL/taggingTransformation/ 0
569 B 17ms
16ms Script
application/x-javascript 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/taggingTransformation/config.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 13 Nov 2018 18:30:44 GMT
x-akamai-citisite: SWDC
date: Sat, 26 Mar 2022 01:08:34 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
expires: Sat, 26 Mar 2022 07:08:34 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 20
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 generic1633469271800.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 526 KB
87 KB 14ms
12ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1633469271800.js
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7bd93ed53c190d531b7a41d860960914e7c005fd992ed4ca2a5370ca885dd9f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: 0SC9EjJms6Aq_P9S9iuEAFh0xZYwM3Vo
content-encoding: gzip
etag: "23a8811f7e034cd28245f8d4f1d15f47"
age: 32734
via: 1.1 varnish
x-cache: HIT
content-length: 89148
x-amz-id-2: qfccjsWBSA38xy9DMdsok1JHYSbIJ8BU59IOlySUg2xuvKB4lUK6DIz8sWyAVmR/yXq/6W88dYI=
x-served-by: cache-hhn4053-HHN
last-modified: Tue, 05 Oct 2021 21:27:53 GMT
server: AmazonS3
x-timer: S1648256914.600237,VS0,VE1
date: Sat, 26 Mar 2022 01:08:33 GMT
vary: Accept-Encoding
x-amz-request-id: YKNDA7KR85TXJQJM
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 404 6c8322c7341eac98645c10e3d1d3c7ae.js
texasholep.com/assets/scripts/global/ 0
0 145ms
145ms Script
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to

Full URL: https://texasholep.com/assets/scripts/global/6c8322c7341eac98645c10e3d1d3c7ae.js?cache=AIC6vMN_AQAAZlPneQUTaNzL2qZhh4_vyW5I_p-0LmeSY7msiLCD7bAvA9Qw&X-soz9htCz--z=q
Requested by: Host: www.citi.com
URL: https://www.citi.com/assets/scripts/global/6c8322c7341eac98645c10e3d1d3c7ae.js?seed=AGDgbVt8AQAAePz57VglhqHi-r8eptEAN2N6LbzJ6wkkuzicU4H3EZlzlAer&X-soz9htCz--z=q
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 200 login.php Show response
texasholep.com/ 1 MB
181 KB 427ms
427ms XHR
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to

Full URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Requested by: Host: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/assets/js/tagging.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash: 162abc461d21ebb06cc5cfe64318ec73b88dfc2ba56dbce8895b029eb6f0f130

Request headers

appVersion: CBOLV1.0.0
Referer: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
client_id: undefined

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
server: Apache
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-server-cache: false
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648256913534
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648256913534

363 B
1 KB

32ms
31ms

XHR
application/json

54.171.186.191
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648256913534

Requested by

Protocol

HTTP/1.1

Server

54.171.186.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-186-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

03de095f69937925b08c96d7ec57ab41ff58e5be7c611a25975500595ee354ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-00213c1f5.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: nLPn0alST5M=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://texasholep.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 304
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v030-00aacbce8.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://texasholep.com
X-TID: vYku2SIZQes=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648256913534
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 32ms
31ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_stage&rid=3080271&did=622672&errorName=ReferenceError
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
BLOB 200
OK d876f584-ebad-4f35-8f0c-9f0195e9b9fe
https://texasholep.com/ 161 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://texasholep.com/d876f584-ebad-4f35-8f0c-9f0195e9b9fe
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8bc330a07fc8ba4ead1f924570b2eeb220dfb170e86ea6594f7a2daef2efc16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 165178

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_stage/ 1 KB
775 B 38ms
38ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_stage/code/&publishedOn=Fri%20Mar%2025%2016:34:16%20GMT%202022&ClientID=1129&PageID=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a18f38a45ead64da489d99b8345e36d189a0e31bd713993a070ffe68c049312a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
cache-control: no-cache, no-store
content-type: text/javascript
server: nginx
content-encoding: gzip
vary: Accept-Encoding
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 404 jamp-spinner-2x.gif
texasholep.com/cbol-pre-login-static-assets/commonui-assets/images/ 315 B
315 B 142ms
141ms Image
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://texasholep.com/cbol-pre-login-static-assets/commonui-assets/images/jamp-spinner-2x.gif
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 404 qrsignon-b.png
texasholep.com/cbol-pre-login-static-assets/assets/qrcode/images/ 315 B
315 B 136ms
135ms Image
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://texasholep.com/cbol-pre-login-static-assets/assets/qrcode/images/qrsignon-b.png
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Citi-Branding-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 5 KB
6 KB 39ms
17ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/Citi-Branding-Sprite.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4952
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 076c86dd-60b2-42fa-69cb-fb7f99e73a0c
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1358-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK Appstore-Googleplay-JDPower-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 44 KB
45 KB 28ms
18ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/Appstore-Googleplay-JDPower-Sprite.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 44996
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: cb8e198d-a478-4d83-753c-0035ec981532
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"afc4-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK social-media_facebook@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
2 KB 40ms
19ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 445
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 1f0b9bf9-ca3e-40f6-7b2b-929212c81abb
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1bd-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK social-media_twitter@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 29ms
17ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1277
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: a1893d49-34e6-4805-7014-e4b4a1141a1f
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"4fd-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET
H/1.1 200
OK social-media_youtube@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 31ms
17ms Image
image/png 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1175
X-Xss-Protection: 1; mode=block
Last-Modified: Sat, 05 Mar 2022 09:30:44 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sat, 26 Mar 2022 01:08:34 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: acdafa5a-5f9a-4a02-70eb-8637a1305501
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"497-17f596ac5a0"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Sat, 26 Mar 2022 07:08:34 GMT

GET Interstate-Regular.ttf
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H2 404 Interstate-Light.woff
texasholep.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 137ms
136ms Font
text/html 162.241.216.137
OIS1

General

Check archive.org

Show headers Download Go to

Full URL: https://texasholep.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.216.137 , United States, ASN26337 (OIS1, US),
Reverse DNS: box5407.bluehost.com
Software: Apache /
Resource Hash

Request headers

Referer: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Origin: https://texasholep.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET Interstate-Bold.ttf
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found 425466.html Show response
www.citi.com//sr.rlcdn.com/ Frame DD4F 914 B
811 B 574ms
560ms Document
text/html 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citi.com//sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9d9dc812a66b9f5603e6cdbe540f32bcd9bbdbec5fe3de9165ce282b7098c47f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/

Response headers

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 434
Content-Type: text/html
Date: Sat, 26 Mar 2022 01:08:34 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://citimobile.citibankonline.com

GET
H2 200 1106464b92c342a3c2fa0b71543bda48.js Show response
nexus.ensighten.com/citi/na_stage/code/ 989 B
1 KB 7ms
7ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/1106464b92c342a3c2fa0b71543bda48.js?conditionId0=4849963
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 275cf9d336d8a29dd3a8cc8bc22761e96bfdd81c75a24bc5f48e10bfcc54d4fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
last-modified: Mon, 28 Dec 2020 17:49:03 GMT
server: nginx
etag: "5fea1a8f-3dd"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 2a79a4c22fabbe7a76f37d5f614e6e82.js Show response
nexus.ensighten.com/citi/na_stage/code/ 10 KB
4 KB 7ms
7ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/2a79a4c22fabbe7a76f37d5f614e6e82.js?conditionId0=4897099
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 423a3ff754f89c38d67d5cebda0e8472d31a0fbf281e1154e9146cfc44c3cfc3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Tue, 22 Feb 2022 21:39:10 GMT
server: nginx
etag: W/"621557fe-2873"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 daf17cf3adb07b9f460815b5237591c5.js Show response
nexus.ensighten.com/citi/na_stage/code/ 2 KB
960 B 16ms
16ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/daf17cf3adb07b9f460815b5237591c5.js?conditionId0=4837456
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 600263e9bde3fb2c66b5ccb8c59efd8bcb9224b5e2481aa3a336d7843803e8f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Mon, 28 Dec 2020 17:49:03 GMT
server: nginx
etag: W/"5fea1a8f-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 7fae92f3983e1689e185689d6d46da8f.js Show response
nexus.ensighten.com/citi/na_stage/code/ 164 KB
35 KB 17ms
17ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/7fae92f3983e1689e185689d6d46da8f.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0209d5809116b8ab55373e161ce8dbb30b7766dc85c9a974213e5f5b65b2ece4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 16:34:19 GMT
server: nginx
etag: W/"623def0b-28f11"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 ef72263151bbee03f74ed4cee09f2ed0.js Show response
nexus.ensighten.com/citi/na_stage/code/ 2 KB
1 KB 18ms
18ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/ef72263151bbee03f74ed4cee09f2ed0.js?conditionId0=4827153
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ce08fd02ade613214c6416ccac773f24a7bed68f52af453adf7c8a5a2d42ba71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Tue, 24 Aug 2021 21:40:26 GMT
server: nginx
etag: W/"6125674a-752"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 249b642f5f154a955c0f720d4c45cc34.js Show response
nexus.ensighten.com/citi/na_stage/code/ 152 KB
37 KB 16ms
16ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/249b642f5f154a955c0f720d4c45cc34.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 14e7f2a96fb3e16ae9e6fa6e129382d272f654957ee0deb09bc8855193dd6475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 05:10:48 GMT
server: nginx
etag: W/"623bfd58-26083"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 a61bc1d5310e9952a77fe13daa9f2731.js Show response
nexus.ensighten.com/citi/na_stage/code/ 54 KB
10 KB 22ms
21ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/code/a61bc1d5310e9952a77fe13daa9f2731.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: edb4044f6b9ae1451177c0d3f9b54374ddd8f4a172bf7281fa0b6397b0a7f5f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 05:10:48 GMT
server: nginx
etag: W/"623bfd58-d668"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 313ms
97ms Preflight 34.235.253.107
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.253.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-253-107.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://texasholep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-length: 0
access-control-allow-origin: https://texasholep.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 5
server: akka-http/10.1.12

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
336 B 292ms
97ms XHR
text/plain 34.235.253.107
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: c.tvpixel.com
URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.253.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-253-107.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://texasholep.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://texasholep.com
date: Sat, 26 Mar 2022 01:08:34 GMT
access-control-allow-credentials: true
server: akka-http/10.1.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length: 2
content-type: text/plain; charset=UTF-8

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%2...
https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%...

64 B
331 B

10ms
10ms

Image
image/gif

143.204.98.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&c8=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&c9=&rn=1648256913778
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Server: 143.204.98.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-125.fra50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: YSGGLtATZIk1RcXnJYGF1NV4DwDxe3gFiFN7PaS9pMEddMisRC5Vhg==

Redirect headers

date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&c8=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&c9=&rn=1648256913778
content-length: 477
x-amz-cf-id: KV9m3G9ZL3Q0cPY2_cB1RdNe0wtVEEVeF8uqzzVDsgViXsc7fOrYOw==

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/script/ 96 B
610 B 29ms
29ms Script
text/javascript 54.228.71.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/script/logo.js

Requested by

Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js?_=747598135508415

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-228-71-178.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fd4a22d6fcf2bb09258ad4a53672a247083adb3ad518c57bffce49315ff35e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 01:08:34 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Sun, 26 Mar 2023 01:08:34 GMT

GET
H/1.1 200
OK dest5.html Show response
citi.demdex.net/ Frame 9021 7 KB
3 KB 131ms
30ms Document
text/html 34.248.142.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.248.142.13 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-142-13.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 26 Mar 2022 01:08:33 GMT
DCS: dcs-prod-irl1-1-v030-0c24a6284.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Tue, 15 Mar 2022 12:13:27 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 54Gvuz1ZQCY=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
674 B 132ms
30ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=35551999808089934084418337286082204198&ts=1648256913884

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a6f318312ca5884e0f4165e68c5492efe8290fa50c5773a355d8c2f554c3cb49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://texasholep.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7f6b754cd4-6jkbb
vary: Origin
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://texasholep.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Yj5nkgAAAG4v3AP7
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=41041885014808502113815266193603898245
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yj5nkgAAAG4v3AP7

42 B
945 B

265ms
265ms

Image
image/gif

54.171.186.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yj5nkgAAAG4v3AP7

Requested by

Protocol

HTTP/1.1

Server

54.171.186.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-186-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-0e55f8179.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 81eSKWy5RB4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yj5nkgAAAG4v3AP7
Date: Sat, 26 Mar 2022 01:08:34 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET Interstate-Light.ttf
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
77 B 119ms
95ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5MSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgwOSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MTQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-qdx7
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 123ms
107ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5MiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgyNiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MjgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-m8jn
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
47 B 110ms
99ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5MyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgzOCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-rcm4
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 103ms
97ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5MyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg0NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-g4ck
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 100ms
94ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5NCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg1NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-rcm4
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 103ms
99ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5NiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgwOSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MTQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-sl2z
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 97ms
95ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5NyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgyNiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MjgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-r2hl
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
47 B 96ms
94ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5NyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgzOCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-sl2z
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 96ms
95ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5NyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg0NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-064d
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 96ms
94ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg1NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-2mv1
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 99ms
98ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgwOSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MTQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-kjk4
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 99ms
97ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgyNiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MjgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-n27j
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 99ms
97ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgzOCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-vdx8
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 102ms
101ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg0NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-h78b
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 178ms
176ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg1NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-tptx
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 181ms
179ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzg5OSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgwOSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MTQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-83zj
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 182ms
180ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgyNiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MjgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-kz8m
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 185ms
183ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgzOCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-f0tx
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
75 B 184ms
182ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg0NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-02h2
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 188ms
187ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg1NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-tmtw
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 186ms
185ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgwOSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MTQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-vwmc
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 225ms
223ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgyNiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4MjgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-wwnw
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 188ms
186ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzgzOCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-q2mb
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 190ms
188ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg0NyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NDksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-x79c
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 185ms
184ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxMzkwMiIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxMzg1NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA1NDYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDgyNTY5MTM4NTYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-663g
date: Sat, 26 Mar 2022 01:08:34 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 83ms
7ms Script
application/x-javascript 2600:9000:2156:d400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/code/2a79a4c22fabbe7a76f37d5f614e6e82.js?conditionId0=4897099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:d400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 00:59:06 GMT
content-encoding: gzip
last-modified: Sat, 26 Mar 2022 00:58:56 GMT
server: Jetty(9.3.29.v20201019)
age: 568
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: 6glY_NUTV0bW4-nQApJQUEuCCxc2wrgzVlPMOHP76LhZ3k17-YDYCQ==
expires: Sat, 26 Mar 2022 01:59:06 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 40ms
17ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dfae083e25fd3c69dbf43ad181248caa9e7bffc73b418b16d94885a0618cc85b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37319
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1225aa298dccec1c98cbda9490d293d09201169690f1c24c830a23e1a08119c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37320
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 7ms
7ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=citiData%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_stage&rid=3441960&did=542251&errorName=ReferenceError
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 7ms
7ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%22ReferenceError%3A%20cookiepref%20is%20not%20defined%22%20error%20caught%20in%20Data%20Definition%20trigger%3A%20ccpa_cookiepref%2C%20ID%3A64079.%20Using%20bottom%20of%20body%20trigger.&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_stage&rid=-1&did=-1&errorName=DataDefinitionException
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 7ms
7ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%22ReferenceError%3A%20cookiepref%20is%20not%20defined%22%20error%20caught%20in%20Data%20Definition%20extractor%3A%20ccpa_cookiepref%2C%20ID%3A64079.&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_stage&rid=2736057&did=562734&errorName=DataDefinitionException
Requested by: Host: texasholep.com
URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:33 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sat, 26 Mar 2022 01:08:32 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 32ms
31ms XHR
application/json 54.171.186.191
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=35551999808089934084418337286082204198&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%01311F33C9075E614D-60001DDD0A142886&ts=1648256914031

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.186.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-186-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7e6261f4643addce5911455987a46690d271e672686a643c55fc90ea3ab59726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://texasholep.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v030-01952d331.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: Z0iNmvV1QA0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://texasholep.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK cr.png Show response
contents3.00110.citi.com/api/v1/ 4 B
343 B 452ms
132ms XHR
application/json 52.141.218.213
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://contents3.00110.citi.com/api/v1/cr.png?cid=cedric&snum=1648256914126-sjn0000141-9bac8860-f7f9-44e7-9946-6e0838252b82&muid=1648256913576-901FE97F-B60A-42BF-B9F5-B10ED91EF94A
Requested by: Host: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/cbol-core-assets/cedric/cedric.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.141.218.213 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
Date: Sat, 26 Mar 2022 01:08:34 GMT
Server: nginx
tail-id: 14916710-bff0-4cfa-a562-68f9bfae36c9
Content-Type: application/json
access-control-allow-origin: https://texasholep.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 4

GET
H/1.1 200
OK logo.js Show response
ci-mpsnare.iovation.com/script/ 96 B
610 B 157ms
157ms Script
text/javascript 52.43.32.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/script/logo.js

Requested by

Host: ci-mpsnare.iovation.com
URL: https://ci-mpsnare.iovation.com/snare.js?_=2419949006049506

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.43.32.23 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-43-32-23.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

f8363283ef2d982871d8041fd1f1b593a32d7c82f0c4600c6154da2046a0c604

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sat, 26 Mar 2022 01:08:34 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Sun, 26 Mar 2023 01:08:34 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76e4237e997303d109609d2f3f230b950ab1c2c1b7d3b0fca3552a36a55bb4f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37324
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2fc075b24cadf6abc89dd3dbee8303f47eab648340a31eb9e9fd1f101da207fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37325
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

567e207975d3b7c6d2e033454e843045a876816eed244c001c84663be11c2134

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37323
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame FDFB 118 B
705 B 143ms
20ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=868&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&pf=&ra=602785917020783
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/

Response headers

Date: Sat, 26 Mar 2022 01:08:34 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3be25a632e0f5030696bbbe62fd94fbeeabcee2e4d31fde30e7f793dd713fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37326
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H2 403 1560.js
cdn.pbbl.co/r/ 0
0 59ms
7ms Script
text/html 13.224.195.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/1560.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-71.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 7B15 0
98 B 162ms
113ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/code/2a79a4c22fabbe7a76f37d5f614e6e82.js?conditionId0=4897099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

70f1130d068a950638e654b569a5d94c1a839052e7a72c7be63d3107f39c113b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41060
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:34 GMT

GET
H2 200 generic1645813044147.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 532 KB
88 KB 7ms
7ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 05a45e5c705e5fa8b22c243d3461520e64f75236b702335764bed044e763e25e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: n9np7L1i8NPYVmXlDkA6OOYu.Ggu5g4q
content-encoding: gzip
etag: "b6b583d1c21fe708664599f47fe6d042"
fastly-original-body-size: 545192
age: 331391
via: 1.1 varnish
x-cache: HIT
content-length: 89444
x-amz-id-2: DznJIXvrnDy8Uw4uQn+QFjtUjIcASEgJLzXYhDM7uTIqcAIydfKT20BJNNRXxdDO/izjbd4EQd4=
x-served-by: cache-hhn4053-HHN
last-modified: Fri, 25 Feb 2022 18:17:26 GMT
server: AmazonS3
x-timer: S1648256915.964293,VS0,VE0
date: Sat, 26 Mar 2022 01:08:34 GMT
vary: Accept-Encoding
x-amz-request-id: 1BPBMPNJ35B6E58B
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 6

GET
H/1.1 404
Not Found trigger.jsp
cardoffer.citicards.com/PORB/tl/api/event/ 0
0 405ms
125ms Image
text/html 198.160.105.95
ACXIOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cardoffer.citicards.com/PORB/tl/api/event/trigger.jsp?ev=PDM&p=undefined&cu=error&idl=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 198.160.105.95 Conway, United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 8ms
7ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=Error%20resolving%20data%20definitions%3A%2017005%2C64072.%20Details%3A%20TypeError%3A%20Cannot%20read%20properties%20of%20null%20(reading%20%27appendChild%27)&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_stage&rid=-1&did=-1&errorName=DataDefinitionException
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:34 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sat, 26 Mar 2022 01:08:33 GMT

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 13CC 71 B
338 B 197ms
154ms Document
text/html 104.89.42.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&phint=__bk_v%3D3.1.10&limit=10&r=93574276
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.42.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-42-102.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 483f
Date: Sat, 26 Mar 2022 01:08:35 GMT
Connection: keep-alive
X-N: S

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a70009bac134805dd7be94a46e10bc2aabb13a5ff0c3303c772654626a7797b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41073
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 49ms
24ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

00359d552170386e0f9dc362a2a48ad8da908f6263810b28eb26348073b70bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14884
x-xss-protection: 0
server: cafe
etag: 4198181851688197673
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b84df292525d49412aad5408dc32a82c4d3af4325c68c4d4f179f3655a62736d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41074
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 102 KB
40 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b4e98dc54fc897d13638c33740bc9a22cbf6bff70db7d6ed1dac1155b8241f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa8426121be94788fbaf8fef466aea7b48611eaf55d42ee10ec73999a348de8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41074
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eb6f343025dc225c2ffd8f66bffffc5cf70074d7f58e90bb73cc836c4f13f193

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41062
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c654841dbcfafed4f0e28734233e617a8cffee7381701b2131f370469f740878

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41077
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a8b430d8c3d8c68b2eed950a65a1a640c84aad5f9742458b0f6509d4f53a70f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40990
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

09840ca9c08470ea7841f786f57664129f136e34fe4eac901479db90e819190b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41064
x-xss-protection: 0
last-modified: Sat, 26 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
76 B 97ms
96ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC41MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODI1NjkxNTAzNSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmYzNjNDkxZTEzMmQtMDBkOTk0MThjOGE1YTctOTc3MTczYy0xZDRjMDAtMTdmYzNjNDkxZTJiOTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly90ZXhhc2hvbGVwLmNvbS9sb2dpbi5waHA/Y21kPWxvZ2luX3N1Ym1pdCZpZD1jYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyM2NhN2E5NjFkMDBhN2E0ZTEzMDJjMWQxMzNmYWQ4YzIzJnNlc3Npb249Y2E3YTk2MWQwMGE3YTRlMTMwMmMxZDEzM2ZhZDhjMjNjYTdhOTYxZDAwYTdhNGUxMzAyYzFkMTMzZmFkOGMyMyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkNzU1LTk3NjMtNjc5NS0xYWU2LTAyOTAtMTk3Yy03MTYzLWJhYmYiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0ODI1NjkxNTAyNyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxMTEwLCJrYW1weWxlX3ZlcnNpb24iOiAiMi40Mi4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi40Mi4xIiwiaGlzdG9yeV9sZW5ndGgiOiAyLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjQ4MjU2OTE1MDM1LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-mq0p
date: Sat, 26 Mar 2022 01:08:35 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 3 KB
1 KB 48ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1648256915112&cv=9&fst=1648256915112&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f17b7993a064c5c3b21c1ba98959edd8fb89c641f8ccc3235e6f73a8f69ce5f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1132
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 3 KB
1 KB 48ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1648256915114&cv=9&fst=1648256915114&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d44cfae1cda3f475663adeefa7788af7aa075491fdc2f3f7b2b39f2bef587dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1131
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 3 KB
2 KB 45ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1648256915116&cv=9&fst=1648256915116&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14dd05a2831ed5c6246caf5fd5ed4865a8f7b28ac2c219f1776e1be1066f6cc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1131
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1648256915116&cv=9&fst=1648256915116&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/916451471/?random=1648256915116&cv=9&fst=1648256400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=f...
https://www.google.de/pagead/1p-user-list/916451471/?random=1648256915116&cv=9&fst=1648256400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=fa...

42 B
64 B

36ms
20ms

Image
image/gif

2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1648256915116&cv=9&fst=1648256400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2896400979&resp=GooglemKTybQhCsO&ipr=y

Protocol

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1648256915116&cv=9&fst=1648256400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2896400979&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 3 KB
1 KB 45ms
21ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1648256915117&cv=9&fst=1648256915117&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5558dc9a1834587c7f923a2d466985137a05b6a0c51b23f977a99eb875c2a405

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1132
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
1 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1648256915118&cv=9&fst=1648256915118&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45033a7c1d601a2d8684500fb8e17314239cbcfe408200b1642a0b2e0b4003fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1132
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 35ms
16ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

00359d552170386e0f9dc362a2a48ad8da908f6263810b28eb26348073b70bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14884
x-xss-protection: 0
server: cafe
etag: 4198181851688197673
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 01:08:35 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
1 KB 44ms
29ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1648256915163&cv=9&fst=1648256915163&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45f4e2704c7e4eba42012a46c9e8930e0cb4834cf0c14e3ca492802944fe4e78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1132
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 3 KB
1 KB 36ms
23ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1648256915165&cv=9&fst=1648256915165&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ad52ffa0fde61350be1185e41ebe320e028adba699de27d8d2af2311d0188a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1132
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
548 B 41ms
19ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1648256915116&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=271907464&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
548 B 42ms
20ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1648256915116&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=271907464&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1648256915112&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2881574272&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1648256915112&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2881574272&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
64 B 39ms
22ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1648256915118&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1382158487&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
64 B 39ms
22ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1648256915118&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1382158487&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
64 B 38ms
22ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1648256915117&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1484895435&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
64 B 37ms
20ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1648256915117&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1484895435&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
64 B 35ms
19ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1648256915114&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2880109605&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
64 B 42ms
25ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1648256915114&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2880109605&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
64 B 34ms
18ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1648256915165&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3518370794&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
64 B 39ms
23ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1648256915165&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3518370794&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
64 B 34ms
20ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1648256915163&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2803208646&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
64 B 37ms
22ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1648256915163&cv=9&fst=1648256400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftexasholep.com%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23%26session%3Dca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2803208646&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://texasholep.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 26 Mar 2022 01:08:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.ttf

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

219 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.texasholep.com/	1969-12-31 23:59:59	Name: cdContextId Value: 1
.texasholep.com/	1970-01-20 10:36:32	Name: bmuid Value: 1648256913576-901FE97F-B60A-42BF-B9F5-B10ED91EF94A
.demdex.net/	1970-01-20 06:10:08	Name: demdex Value: 41041885014808502113815266193603898245
mpsnare.iesnare.com/	1970-01-20 10:36:32	Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef Value: 73rzetjU9kAh1qubm1/O3g5kVxonYYOHruZZ6KbfSWQ=
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0NjY2sjQ1MjC3NDY0NjI3NRHiM9Qt8gl3C9b1ycuIKg8HAIxfHM8lAAAA
.rfihub.com/	1970-01-20 11:12:32	Name: rud Value: H4sIAAAAAAAAAOMSNjU0NjY2sjQ1MjC3NDY0NjI3NRHiM9Qt8gl3C9b1ycuIKg-X4jU0M7EwMjWzNDQ2NzMCAFQ0VMw0AAAA
.texasholep.com/	1970-01-20 01:50:58	Name: _dpm_ses.9e2b Value: *
.texasholep.com/	1970-01-20 10:36:32	Name: _dpm_id.9e2b Value: 4123b9f9-cc26-4b57-bd3b-b3df9014d668.1648256914.1.1648256914.1648256914.1b413c96-1f44-4e2a-af83-173b5e888a7d
texasholep.com/	1970-01-20 10:36:32	Name: mdLogger Value: false
texasholep.com/	1970-01-20 10:36:32	Name: kampyle_userid Value: d755-9763-6795-1ae6-0290-197c-7163-babf
texasholep.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.texasholep.com/	1970-01-20 10:36:32	Name: cd_user_id Value: 17fc3c491e132d-00d99418c8a5a7-977173c-1d4c00-17fc3c491e2b93
texasholep.com/	1970-01-20 01:50:58	Name: 7830 Value: error
texasholep.com/	1970-01-20 01:50:58	Name: 7018 Value:
texasholep.com/	1970-01-20 04:00:32	Name: 64072 Value:
.citi.com/	1970-01-20 19:22:08	Name: s_vi Value: [CS]v1\|311F33C9075E614D-60001DDD0A142886[CE]
.citi.com/	1970-01-20 19:22:08	Name: s_ecid Value: MCMID%7C35551999808089934084418337286082204198
.rezync.com/	1970-01-20 06:09:43	Name: zync-uuid Value: fd5a09fb-f946-47df-ac22-55a8a8ecc46c:1648256913.99
live.rezync.com/	1970-01-20 06:10:08	Name: sd-session-id Value: eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjp7IiBiIjoiWm1RMVlUQTVabUl0WmprME5pMDBOMlJtTFdGak1qSXROVFZoT0dFNFpXTmpORFpqT2pFMk5EZ3lOVFk1TVRNdU9Uaz0ifX0.FR_5EQ.0EDiGBIkxMMUbM4MNzwTXIKj8eg
.scorecardresearch.com/	1970-01-20 19:07:44	Name: UID Value: 1BC8ed15342142818a433851648256914
.texasholep.com/	1970-01-20 10:36:32	Name: cdSNum Value: 1648256914126-sjn0000141-9bac8860-f7f9-44e7-9946-6e0838252b82
ci-mpsnare.iovation.com/	1970-01-20 10:36:32	Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef Value: ubPC12JPQCEE0Ds1sYWK0/VJ9Yrf4D2nZaEyq/kwVXc=
.everesttech.net/	1970-01-20 10:36:32	Name: everest_g_v2 Value: g_surferid~Yj5nkgAAAG4v3AP7
.tvpixel.com/	1970-01-20 10:36:32	Name: sp Value: 0ecfd6fc-a970-437f-85f1-83b2573c7cbf
.dpm.demdex.net/	1970-01-20 06:10:08	Name: dpm Value: 41041885014808502113815266193603898245
.texasholep.com/	1970-01-20 04:00:32	Name: _gcl_au Value: 1.1.1990431784.1648256915
texasholep.com/	1970-01-20 19:23:35	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C19078%7CMCMID%7C35551999808089934084418337286082204198%7CMCAAMLH-1648861714%7C6%7CMCAAMB-1648861714%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1648264113s%7CNONE%7CMCAID%7C311F33C9075E614D-60001DDD0A142886%7CMCSYNCSOP%7C411-19085%7CvVersion%7C3.1.2
texasholep.com/	1970-01-20 10:36:32	Name: kampyleUserSession Value: 1648256915027
texasholep.com/	1970-01-20 10:36:32	Name: kampyleUserSessionsCount Value: 6
texasholep.com/	1970-01-20 10:36:32	Name: kampyleSessionPageCounter Value: 1
.doubleclick.net/	1970-01-20 11:12:32	Name: IDE Value: AHWqTUlx3neyBwivZw0qoBRDT7Z9BR750DpPi0fJyJemficC0fy7OdUkk-Mgt0m1

28 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23 Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://texasholep.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23 Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff' from origin 'https://texasholep.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23 Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff' from origin 'https://texasholep.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.citi.com//nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://texasholep.com/assets/scripts/global/6c8322c7341eac98645c10e3d1d3c7ae.js?cache=AIC6vMN_AQAAZlPneQUTaNzL2qZhh4_vyW5I_p-0LmeSY7msiLCD7bAvA9Qw&X-soz9htCz--z=q Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23(Line 12520) Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.ttf' from origin 'https://texasholep.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23(Line 12520) Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'https://texasholep.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://texasholep.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://texasholep.com/cbol-pre-login-static-assets/assets/qrcode/images/qrsignon-b.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://texasholep.com/cbol-pre-login-static-assets/commonui-assets/images/jamp-spinner-2x.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://texasholep.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23 Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf' from origin 'https://texasholep.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.citi.com//c1.rfihub.net/js/tc.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citi.com//bat.bing.com/bat.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citi.com//www.googletagmanager.com/gtag/js?id=AW-916451471 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citi.com//www.googletagmanager.com/gtag/js?id=DC-6260004 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citi.com//www.googletagmanager.com/gtag/js?id=DC-6268858 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citi.com//sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://cdn.pbbl.co/r/1560.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://cardoffer.citicards.com/PORB/tl/api/event/trigger.jsp?ev=PDM&p=undefined&cu=error&idl= Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://texasholep.com/login.php?cmd=login_submit&id=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23&session=ca7a961d00a7a4e1302c1d133fad8c23ca7a961d00a7a4e1302c1d133fad8c23 Message: The resource https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
20822230p.rfihub.com
c.tvpixel.com
c1.rfihub.net
cardoffer.citicards.com
cdn.pbbl.co
ci-mpsnare.iovation.com
citi.demdex.net
cm.everesttech.net
code.jquery.com
contents3.00110.citi.com
dpm.demdex.net
googleads.g.doubleclick.net
live.rezync.com
metrics1.citi.com
mpsnare.iesnare.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
p.tvpixel.com
resources.digital-cloud-citi.medallia.com
s.rfihub.com
sb.scorecardresearch.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
texasholep.com
udc-neb.kampyle.com
www.citi.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.citi.com
104.89.31.32
104.89.33.102
104.89.42.102
104.92.75.138
13.224.195.71
142.250.185.98
143.204.98.125
143.204.98.95
15.188.95.229
151.101.1.175
151.101.2.133
162.241.216.137
18.195.42.228
193.0.160.129
198.160.105.95
2001:4de0:ac18::1:a:1b
2600:9000:2156:3c00:1d:bf0a:0:93a1
2600:9000:2156:d400:1:76cf:fe80:93a1
2a00:1450:4001:808::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2004
2a00:1450:4001:82a::2002
34.235.253.107
34.248.142.13
35.190.60.146
35.241.45.82
52.141.218.213
52.43.32.23
52.50.18.68
54.171.186.191
54.228.71.178
00359d552170386e0f9dc362a2a48ad8da908f6263810b28eb26348073b70bee
0209d5809116b8ab55373e161ce8dbb30b7766dc85c9a974213e5f5b65b2ece4
03de095f69937925b08c96d7ec57ab41ff58e5be7c611a25975500595ee354ce
05a45e5c705e5fa8b22c243d3461520e64f75236b702335764bed044e763e25e
09840ca9c08470ea7841f786f57664129f136e34fe4eac901479db90e819190b
0ad52ffa0fde61350be1185e41ebe320e028adba699de27d8d2af2311d0188a2
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
1225aa298dccec1c98cbda9490d293d09201169690f1c24c830a23e1a08119c7
14dd05a2831ed5c6246caf5fd5ed4865a8f7b28ac2c219f1776e1be1066f6cc3
14e7f2a96fb3e16ae9e6fa6e129382d272f654957ee0deb09bc8855193dd6475
162abc461d21ebb06cc5cfe64318ec73b88dfc2ba56dbce8895b029eb6f0f130
169ccdb0a8bb621bd31524a5a87964faf689303e2e070afec1627926b49ac19f
197541584fcdbb3f7b724ec53f92f166afa3a46fee922f4576f8d697f24fa312
1a8b430d8c3d8c68b2eed950a65a1a640c84aad5f9742458b0f6509d4f53a70f
1c69468ad43d43f8c701bcd193de8688ba49a17128a730c065c7a06d08106daf
1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8
21ce9d5fb1b0c08a3983cabe314138b163341fea02a49962bdec84a5a13e02e0
253cd31cafeb2b418e3123b5c6aec07f6d8facb2dacc0ffb98a436a1c018d5a8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
275cf9d336d8a29dd3a8cc8bc22761e96bfdd81c75a24bc5f48e10bfcc54d4fb
2fc075b24cadf6abc89dd3dbee8303f47eab648340a31eb9e9fd1f101da207fc
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
3636e5e8010b2e4e186788a748a7cbd16572b386cf2d67b3bea73cb7417abf9d
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
423a3ff754f89c38d67d5cebda0e8472d31a0fbf281e1154e9146cfc44c3cfc3
45033a7c1d601a2d8684500fb8e17314239cbcfe408200b1642a0b2e0b4003fa
45825f1c81bffd28fbab1becad7203a882727b820c7fd79f19c517a348f87177
45f4e2704c7e4eba42012a46c9e8930e0cb4834cf0c14e3ca492802944fe4e78
463364c237ac33fd5ce60338742b888edad01bfa59b7271db12210071fc41c6a
48451bef935eba4b7a149a7b6dc16cc7183e75cb2887d571a3382ae3f155686a
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
5558dc9a1834587c7f923a2d466985137a05b6a0c51b23f977a99eb875c2a405
567e207975d3b7c6d2e033454e843045a876816eed244c001c84663be11c2134
5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8
600263e9bde3fb2c66b5ccb8c59efd8bcb9224b5e2481aa3a336d7843803e8f6
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
66e0a4b3019f0e19c99a314095a7e13932cd8afcb82a236475abf3f8723ea69d
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6d44cfae1cda3f475663adeefa7788af7aa075491fdc2f3f7b2b39f2bef587dc
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
70f1130d068a950638e654b569a5d94c1a839052e7a72c7be63d3107f39c113b
733e73b3b387cc156e5b36d8a3c58941e697d331443630a701f47ad92f37d73f
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
76e4237e997303d109609d2f3f230b950ab1c2c1b7d3b0fca3552a36a55bb4f9
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7e6261f4643addce5911455987a46690d271e672686a643c55fc90ea3ab59726
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
8b4c7126938ec73397227c79199141b7d1851cdf34f66df16b057e092a30769f
9d9dc812a66b9f5603e6cdbe540f32bcd9bbdbec5fe3de9165ce282b7098c47f
9eedb23c0b90b4524ef8da15b1118f61ea836f691a8030a88f72c8209a882696
a18f38a45ead64da489d99b8345e36d189a0e31bd713993a070ffe68c049312a
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a6f318312ca5884e0f4165e68c5492efe8290fa50c5773a355d8c2f554c3cb49
a70009bac134805dd7be94a46e10bc2aabb13a5ff0c3303c772654626a7797b3
b3be25a632e0f5030696bbbe62fd94fbeeabcee2e4d31fde30e7f793dd713fc5
b4e98dc54fc897d13638c33740bc9a22cbf6bff70db7d6ed1dac1155b8241f6b
b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4
b84df292525d49412aad5408dc32a82c4d3af4325c68c4d4f179f3655a62736d
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
bb1fdd5be17ce6cbeb21411a9ba10b99f11bbe232a93b34bec7c4722d763bf52
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650
c1b3f3803c42132039b21ce8921335c9cb785a58d513fdc04b0350434bec8e29
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c654841dbcfafed4f0e28734233e617a8cffee7381701b2131f370469f740878
c8bc330a07fc8ba4ead1f924570b2eeb220dfb170e86ea6594f7a2daef2efc16
ce08fd02ade613214c6416ccac773f24a7bed68f52af453adf7c8a5a2d42ba71
ce7920d8eb0262507af53f820d7f2979a557303abbf59d45aca54d77fbd1a1e2
ce8a594c5d8e50a90980fc53a9920dedad889bdcfc846621dc569b24958fc5d4
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
dfae083e25fd3c69dbf43ad181248caa9e7bffc73b418b16d94885a0618cc85b
e0e88353dfd82f315aa3e3cc1458d43c931217da111e37fac2a82e8886b7f1e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bd93ed53c190d531b7a41d860960914e7c005fd992ed4ca2a5370ca885dd9f
eb6f343025dc225c2ffd8f66bffffc5cf70074d7f58e90bb73cc836c4f13f193
edb4044f6b9ae1451177c0d3f9b54374ddd8f4a172bf7281fa0b6397b0a7f5f7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0dbc6cfd4a4c729ae0ca2f1404efcdb3e61e4943032b1767a567b9fbce33a51
f17b7993a064c5c3b21c1ba98959edd8fb89c641f8ccc3235e6f73a8f69ce5f3
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8363283ef2d982871d8041fd1f1b593a32d7c82f0c4600c6154da2046a0c604
f8d72428d9ad2a78762aaf3baf508892fac3dfa91ff222b6543b487df180b042
fa8426121be94788fbaf8fef466aea7b48611eaf55d42ee10ec73999a348de8d
fb30168bf0fdb501dc8c18bcf4a318fa818a12051230ed8c74990b8ab684ac9e
fd4a22d6fcf2bb09258ad4a53672a247083adb3ad518c57bffce49315ff35e1b
ff5150ab5741a5c8345bc7861cb1cab8f574fe17f2cdb2fbc2058311f3d65817

texasholep.com Open in urlscan Pro 162.241.216.137 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

174 Requests

93 %HTTPS

23 %IPv6

25 Domains

33 Subdomains

31 IPs

5 Countries

2659 kBTransfer

8949 kBSize

31 Cookies

80 Outgoing links

Redirected requests

174 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

texasholep.com Open in urlscan Pro
162.241.216.137 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

174
Requests

93 %
HTTPS

23 %
IPv6

25
Domains

33
Subdomains

31
IPs

5
Countries

2659 kB
Transfer

8949 kB
Size

31
Cookies

174 HTTP transactions
0 data transactions