secure04citizen.ru Open in urlscan Pro
45.133.200.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://secure04citizen.ru/
Effective URL:
http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
Submission: On November 12 via automatic, source phishtank (November 12th 2021, 7:13:08 am UTC) — Scanned from DE

Summary HTTP 60 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 13 domains to perform 60 HTTP transactions. The main IP is 45.133.200.3, located in Seychelles and belongs to INTERNET-IT, SC. The main domain is secure04citizen.ru.

This is the only time secure04citizen.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 9	45.133.200.3 45.133.200.3	200313 (INTERNET-IT) (INTERNET-IT)
3	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
22	104.109.73.152 104.109.73.152	16625 (AKAMAI-AS) (AKAMAI-AS)
2 5	63.32.159.255 63.32.159.255	16509 (AMAZON-02) (AMAZON-02)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
2 2	54.194.191.134 54.194.191.134	16509 (AMAZON-02) (AMAZON-02)
1	2.16.186.56 2.16.186.56	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	143.204.98.79 143.204.98.79	16509 (AMAZON-02) (AMAZON-02)
3	178.249.97.99 178.249.97.99	11054 (LIVEPERSON) (LIVEPERSON)
2	178.249.97.98 178.249.97.98	11054 (LIVEPERSON) (LIVEPERSON)
3	151.101.129.175 151.101.129.175	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:f16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	208.89.15.170 208.89.15.170	11054 (LIVEPERSON) (LIVEPERSON)
2	52.200.223.55 52.200.223.55	14618 (AMAZON-AES) (AMAZON-AES)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
2	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
60	17

9 45.133.200.3 (Seychelles) 1 redirects

ASN200313 (INTERNET-IT, SC)
PTR: cpanel-host.prohoster.info

secure04citizen.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 104.109.73.152 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-73-152.deploy.static.akamaitechnologies.com

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www4.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 63.32.159.255 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics.citizensbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.191.134 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-191-134.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.56 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-56.deploy.static.akamaitechnologies.com

fast.citizensbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-79.fra50.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.249.97.99 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.98 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.129.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f16 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.glassboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.15.170 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.idp.liveperson.net

va.idp.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.200.223.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-223-55.compute-1.amazonaws.com

report.citizen.glassboxdigital.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	citizensbankonline.com www3.citizensbankonline.com www4.citizensbankonline.com	234 KB
9	secure04citizen.ru 1 redirects secure04citizen.ru	8 KB
6	liveperson.net lptag.liveperson.net va.idp.liveperson.net va.v.liveperson.net	116 KB
6	demdex.net 2 redirects dpm.demdex.net fast.citizensbank.demdex.net	8 KB
5	lpsnmedia.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net	34 KB
4	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	95 KB
3	ensighten.com nexus.ensighten.com	92 KB
2	glassboxdigital.io report.citizen.glassboxdigital.io	2 KB
2	appdynamics.com cdn.appdynamics.com	58 KB
2	everesttech.net 2 redirects cm.everesttech.net	772 B
2	citizensbank.com metrics.citizensbank.com	5 KB
1	glassboxcdn.com cdn.glassboxcdn.com	112 KB
0	eum-appdynamics.com Failed pdx-col.eum-appdynamics.com Failed
60	13

	Domain	Requested by
21	www3.citizensbankonline.com	secure04citizen.ru www3.citizensbankonline.com
9	secure04citizen.ru	1 redirects secure04citizen.ru
5	dpm.demdex.net	2 redirects secure04citizen.ru nexus.ensighten.com
3	nebula-cdn.kampyle.com	cdn.appdynamics.com
3	accdn.lpsnmedia.net	cdn.appdynamics.com lpcdn.lpsnmedia.net
3	nexus.ensighten.com	secure04citizen.ru nexus.ensighten.com
2	va.v.liveperson.net	cdn.appdynamics.com
2	report.citizen.glassboxdigital.io	cdn.appdynamics.com
2	va.idp.liveperson.net	cdn.appdynamics.com va.idp.liveperson.net
2	lpcdn.lpsnmedia.net	cdn.appdynamics.com
2	cdn.appdynamics.com	nexus.ensighten.com cdn.appdynamics.com
2	cm.everesttech.net	2 redirects
2	metrics.citizensbank.com	nexus.ensighten.com cdn.appdynamics.com
2	lptag.liveperson.net	secure04citizen.ru cdn.appdynamics.com
1	udc-neb.kampyle.com
1	cdn.glassboxcdn.com	cdn.appdynamics.com
1	fast.citizensbank.demdex.net	nexus.ensighten.com
1	www4.citizensbankonline.com	secure04citizen.ru
0	pdx-col.eum-appdynamics.com Failed	cdn.appdynamics.com
60	19

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com

Subject Issuer	Validity	Valid
citizensbankonline.com Entrust Certification Authority - L1M	`2021-05-18` - `2022-05-18`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-05-30` - `2022-05-30`	2 years	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2021-02-21` - `2022-02-21`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.idp.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2020-07-09` - `2022-07-09`	2 years	crt.sh
citizen.glassboxdigital.io Amazon	`2020-12-19` - `2022-01-17`	a year	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-04-13` - `2022-04-13`	2 years	crt.sh

This page contains 4 frames:

Primary Page: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
Frame ID: DC0D0A2B1406472B4ED7120D7EB312DC
Requests: 55 HTTP requests in this frame

Frame: http://fast.citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 888C148731B5ED6EDB5818645FE6C959
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fsecure04citizen.ru&site=89632304&env=prod&isCrossDomain=true
Frame ID: 3C4F515315BA7133B6B929E7816A61A5
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701184169&loc=http%3A%2F%2Fsecure04citizen.ru
Frame ID: F4110A23733DC265F6B1F4A1482DBDFE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens

Page URL History Show full URLs

http://secure04citizen.ru/ HTTP 302
http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso= Page URL

Page Statistics

60
Requests

60 %
HTTPS

6 %
IPv6

13
Domains

19
Subdomains

17
IPs

6
Countries

762 kB
Transfer

2516 kB
Size

32
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citizensbank.com/learning/coronavirus/overview.aspx?WT.ac=CB_OLB_OLBAd_Coronavirus_CRC_COVID-19ResourceCenter_A484
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.citizensbank.com/mobile-and-online-banking/mobile-app.aspx
Title: Check out everything it can do and see information on how to get it.

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/
Title: Cancel

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://secure04citizen.ru/ HTTP 302
http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701183058 HTTP 302
http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701183058

Request Chain 24

http://cm.everesttech.net/cm/dd?d_uuid=40023673676494729373372496171870272213 HTTP 301
https://cm.everesttech.net/cm/dd?d_uuid=40023673676494729373372496171870272213 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY4T-wAAAEaEnQQz HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4T-wAAAEaEnQQz

60 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
secure04citizen.ru/
Redirect Chain

http://secure04citizen.ru/
http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

26 KB
8 KB

22ms
21ms

Document
text/html

45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx / PHP/5.6.40

Resource Hash

bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Fri, 12 Nov 2021 07:13:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Fri, 12 Nov 2021 07:13:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citizensbank/olbprod/ 86 KB
29 KB 18ms
14ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Requested by: Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 55d479e85168beaf51a55334a7705df70f093581280094737e635823385e376d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Sep 2021 15:32:48 GMT
Server: nginx
ETag: W/"61378620-15729"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found pm_fp.js
secure04citizen.ru/efs/efs/jsp-ns/ 0
0 229ms
229ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/efs/efs/jsp-ns/pm_fp.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
4 KB 63ms
16ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3780
x-olb-req-received: t=1636433715512591
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "4a56-5cbaeb0fc35d7"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:44:10 GMT
cache-control: max-age=52267
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1611

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 89ms
42ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2766
x-olb-req-received: t=1636278174263450
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "26c2-5cbaeb0fc3da7"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:44:29 GMT
cache-control: max-age=52286
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=671

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
12 KB 106ms
60ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 12357
x-olb-req-received: t=1636355924214756
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "f405-5cbaeb0fb9d80"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:41:55 GMT
cache-control: max-age=52132
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=2820

GET
H2 200 flows.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
3 KB 125ms
79ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2391
x-olb-req-received: t=1636433715582754
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "21ce-5cbaeb0fb9d80"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:43:54 GMT
cache-control: max-age=52251
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=609

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
2 KB 140ms
94ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1521
x-olb-req-received: t=1636433730978248
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
x-frame-options: SAMEORIGIN
etag: "1f31-5cbae8aa2b146"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:45:35 GMT
cache-control: max-age=52352
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=636

GET
H2 200 modernizr-2.6.2.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 15 KB
6 KB 154ms
108ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6246
x-olb-req-received: t=1636433757233160
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "3c36-5cbaeb0fc9f4e"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:42:45 GMT
cache-control: max-age=52182
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1828

GET
H2 200 plugins.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 199 KB
45 KB 239ms
194ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 46041
x-olb-req-received: t=1636278158055235
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "31d24-5cbaeb0fc9396"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:46:20 GMT
cache-control: max-age=52397
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=10735

GET
H2 200 main.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 19 KB
5 KB 212ms
167ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4818
x-olb-req-received: t=1636278158062586
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "4c03-5cbaeb0fc4d47"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:42:22 GMT
cache-control: max-age=52159
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1124

GET
H2 200 placeholders.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 4 KB
2 KB 174ms
129ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1633
x-olb-req-received: t=1636433757287580
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "10aa-5cbaeb0fca336"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:45:15 GMT
cache-control: max-age=52332
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=466

GET
H2 404 7c3ed55c
www4.citizensbankonline.com/akam/11/ 0
0 170ms
168ms Script
text/html 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www4.citizensbankonline.com/akam/11/7c3ed55c

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
strict-transport-security: max-age=15768000
content-type: text/html
expires: Fri, 12 Nov 2021 07:13:03 GMT
cache-control: max-age=0
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9
lb-action: None

GET
H2 404 tealeaf.js
www3.citizensbankonline.com/efs/efs/js/ 0
0 589ms
544ms Script
text/html 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js
Requested by: Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-73-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/ 5 KB
5 KB 97ms
96ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278157888811
last-modified: Sat, 28 Aug 2021 02:23:19 GMT
etag: "149d-5ca954886fa6a"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181683
x-olb-req-duration: D=224
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5277
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:41:06 GMT

GET
H/1.1 404
Not Found citizensHeaderFooter-citizensns42588.js
secure04citizen.ru/efs/hhf/js/ 0
0 16ms
16ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
secure04citizen.ru/content/ 0
0 36ms
33ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/content/930e113327rn2365aa3b7b98b0447e8d

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found common.js
secure04citizen.ru/efs/efs/jsp-ns/scripts/ 0
0 38ms
35ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/efs/efs/jsp-ns/scripts/common.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701183058
http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701183058

110 B
724 B

31ms
30ms

XHR
application/json

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701183058
Requested by: Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
Protocol: HTTP/1.1
Server: 63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-0550d3c00.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-Error: 172
X-TID: y2ZV5RCsTMI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://secure04citizen.ru
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 124
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v019-03e0f6c8e.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Access-Control-Allow-Origin: http://secure04citizen.ru
X-TID: 5FGb5YN0S9I=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701183058
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/citizensbank/olbprod/ 280 B
517 B 10ms
9ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Tue%20Sep%2007%2015:32:48%20GMT%202021&ClientID=397&PageID=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php%3Fonline_id%3D9c5d3111cbdebaf3881557e25%26country%3D%26iso%3D
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a3aeea882493c045f357dd3270cbc4775fc8255ac834327aec571d33e077ef0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 280
Expires: Fri, 12 Nov 2021 07:13:02 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 75ms
19ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=89632304
Requested by: Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H/1.1 200
OK id Show response
metrics.citizensbank.com/ 48 B
905 B 43ms
31ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citizensbank.com/id?d_visid_ver=2.1.0&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1636701183155

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

Protocol

HTTP/1.1

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

1ed1d4f217c45869fad79c452975827fa7b3d3a0cb4086a942a01c9c2a0adccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://secure04citizen.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6988cccb6f-kn8s4
vary: Origin
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
access-control-allow-origin: http://secure04citizen.ru
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 4 KB
2 KB 33ms
32ms XHR
application/json 63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=40004455992498789903369449672291501234&ts=1636701183208
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8e7621529e62306e30a409940cecc41a27eaa12a553bad46b7f8578f5c9a5480

Request headers

Referer: http://secure04citizen.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v019-003e67e75.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-TID: ZxDzOfjzQPQ=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://secure04citizen.ru
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1306
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 36ms
16ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://secure04citizen.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278164985914
last-modified: Sat, 11 Sep 2021 01:42:14 GMT
etag: "7ce0-5cbae576b0650"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181804
x-olb-req-duration: D=186
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:43:07 GMT

GET
H2 200 jquery-1.9.1.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 90 KB
32 KB 100ms
100ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://secure04citizen.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 32776
x-olb-req-received: t=1636433697709702
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "169d6-5cbaeb0fc9f4e"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:44:04 GMT
cache-control: max-age=52261
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=8704

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

http://cm.everesttech.net/cm/dd?d_uuid=40023673676494729373372496171870272213
https://cm.everesttech.net/cm/dd?d_uuid=40023673676494729373372496171870272213
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY4T-wAAAEaEnQQz
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4T-wAAAEaEnQQz

42 B
945 B

38ms
37ms

Image
image/gif

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4T-wAAAEaEnQQz

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0628fab0c.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: eulx0iaiRCo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v019-0493d6859.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: lcaiSgTNTyY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4T-wAAAEaEnQQz
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK dest5.html Show response
fast.citizensbank.demdex.net/ Frame 888C 7 KB
3 KB 15ms
11ms Document
text/html 2.16.186.56
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://fast.citizensbank.demdex.net/dest5.html?d_nsid=0
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 2.16.186.56 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-56.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/

Response headers

Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

GET
H/1.1 200
OK ab23b564354fb5711bac9e1bcff2c5e5.js Show response
nexus.ensighten.com/citizensbank/olbprod/code/ 203 KB
63 KB 8ms
8ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/code/ab23b564354fb5711bac9e1bcff2c5e5.js?conditionId0=421909
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d0dd4d3bca3af984b342c8d2f00110446f026a301801fde2f65442e696617751

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Sep 2021 15:32:48 GMT
Server: nginx
ETag: W/"61378620-32d75"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adrum-latest.js Show response
cdn.appdynamics.com/adrum/ 102 KB
38 KB 15ms
12ms Script
application/javascript 143.204.98.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 143.204.98.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-79.fra50.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: f7b4c01edef29deff0c9c54e6dd504b25bec2ed87bf88074d6a739f98d335acd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 21:28:33 GMT
Content-Encoding: gzip
Age: 2454270
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
access-control-allow-origin: *
Last-Modified: Wed, 17 Feb 2021 19:41:36 GMT
Server: nginx/1.16.1
ETag: W/"602d7170-199b9"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
Content-Type: application/javascript
Via: 1.1 009e5e3e32afcd1d135a7234c9da5521.cloudfront.net (CloudFront)
Cache-Control: public, max-age=2678400, s-max-age=14400
X-Amz-Cf-Pop: FRA50-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: d_Bb_At79GbEuUVREsnA38wY-Lmn8eiT7gQPSBEj2AA-Y1Rw9tazLQ==

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 277 KB
99 KB 22ms
22ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 409a6a5d181a0a637bcdbe88474020242344cda2084bd3171af6820d2ded2d38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 icon-secure.png
www3.citizensbankonline.com/efs/efs/grafx/ 292 B
604 B 43ms
43ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278164031335
last-modified: Sat, 11 Sep 2021 01:57:36 GMT
etag: "124-5cbae8e5ae972"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181791
x-olb-req-duration: D=172
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 292
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:54 GMT

GET
H2 200 flows-tooltip.png
www3.citizensbankonline.com/efs/efs/grafx/ 364 B
676 B 118ms
118ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278164040398
last-modified: Sat, 11 Sep 2021 01:43:11 GMT
etag: "16c-5cbae5aca150d"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181696
x-olb-req-duration: D=190
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 364
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:41:19 GMT

GET
H2 200 arrow-button-white.png
www3.citizensbankonline.com/efs/efs/grafx/ 1017 B
1 KB 184ms
184ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278165147350
last-modified: Sat, 11 Sep 2021 02:08:23 GMT
etag: "3f9-5cbaeb4e8f329"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181660
x-olb-req-duration: D=146
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1017
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:40:43 GMT

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 254ms
253ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278160927167
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "41e-5cbae5abaa817"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181702
x-olb-req-duration: D=125
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:41:25 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
478 B 338ms
337ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278160964200
last-modified: Sat, 11 Sep 2021 01:57:36 GMT
etag: "a5-5cbae8e58a753"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181852
x-olb-req-duration: D=188
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:43:55 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 27ms
27ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://secure04citizen.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278164210422
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
etag: "485c-5cbae8aa2e026"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181740
x-olb-req-duration: D=176
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:03 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 54ms
54ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://secure04citizen.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278164080136
last-modified: Sat, 11 Sep 2021 01:42:14 GMT
etag: "6ccc-5cbae576afe80"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181745
x-olb-req-duration: D=172
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:08 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 76ms
76ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://secure04citizen.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
x-olb-req-received: t=1636278164131265
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
etag: "7c78-5cbaeb0fc0adf"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181709
x-olb-req-duration: D=195
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:41:32 GMT

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 6 KB
2 KB 72ms
19ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=lpCb50531x38945
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-accdn.lpsnmedia.net
Software: ws /
Resource Hash: 2a964a697fd258d93cf73821fff9435c13fd2a723d8bcbe664f19aa4d9565ad1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 0
expires: Fri, 12 Nov 2021 07:13:04 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 3 KB
815 B 81ms
33ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-accdn.lpsnmedia.net
Software: ws /
Resource Hash: 00b4aeff275338a7dd5dac00ce573660f0c810b702103b15d541bfeccbe24d7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 0
expires: Fri, 12 Nov 2021 07:13:04 GMT

GET
H/1.1 404
Not Found citizensHeaderFooter-citizensns42588.js
secure04citizen.ru/efs/hhf/js/ 0
0 20ms
19ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
secure04citizen.ru/content/ 0
0 19ms
19ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/content/930e113327rn2365aa3b7b98b0447e8d

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found common.js
secure04citizen.ru/efs/efs/jsp-ns/scripts/ 0
0 20ms
20ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://secure04citizen.ru/efs/efs/jsp-ns/scripts/common.js

Requested by

Host: secure04citizen.ru
URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK s64487916527078 Show response
metrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/ 3 KB
4 KB 42ms
42ms Script
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/s64487916527078?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=12%2F10%2F2021%207%3A13%3A3%205%200&d.&nsid=0&jsonv=1&.d&mid=40004455992498789903369449672291501234&aamlh=6&ce=UTF-8&ns=citizensbank&pageName=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php&g=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php%3Fonline_id%3D9c5d3111cbdebaf3881557e25%26country%3D%26iso%3D&cc=USD&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c5=D%3Dv8&c7=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php&v7=New&v8=2%3A13%20AM%7CFriday&c9=D%3Dv7&v9=CTZ&c10=D%3Dv10&v10=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php&c11=D%3Dv11&v11=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php%3Fonline_id%3D9c5d3111cbdebaf3881557e25%26country%3D%26iso%3D&c12=D%3Dv12&v12=%2Flogin.php&c13=D%3Dv13&v13=secure04citizen.ru&c14=D%3Dv18&v14=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php&c15=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php&v18=.COM&v19=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php&v26=%3A&v32=40004455992498789903369449672291501234&c75=VisitorAPI%20Present&v82=Legacy%20Site&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&AQE=1

Requested by

Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?

Protocol

HTTP/1.1

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

12c7c75e1675ce5a03c5b8692908de72ea678bd5202af4ad35da462bf77c4f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-aam-tid: 1koEdBlxR7I=
date: Fri, 12 Nov 2021 07:13:03 GMT
x-content-type-options: nosniff
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
content-length: 3529
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v019-03e0f6c8e.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Sat, 13 Nov 2021 07:13:03 GMT
server: jag
xserver: anedge-6988cccb6f-h5z4n
etag: 3514789028180525056-4619909071285501794
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Thu, 11 Nov 2021 07:13:03 GMT

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ Frame 3C4F 39 KB
16 KB 80ms
21ms Document
text/html 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fsecure04citizen.ru&site=89632304&env=prod&isCrossDomain=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-type: text/html
last-modified: Fri, 05 Nov 2021 13:34:15 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 12 Nov 2021 07:23:03 GMT
cache-control: max-age=600

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ 38 KB
15 KB 91ms
34ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=http%3A%2F%2Fsecure04citizen.ru&site=89632304&force=1&env=prod&isCrossDomain=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:03 GMT
content-encoding: gzip
last-modified: Fri, 05 Nov 2021 13:34:15 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 12 Nov 2021 07:23:03 GMT

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 3C4F 437 B
414 B 18ms
18ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb49527x82870
Requested by: Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fsecure04citizen.ru&site=89632304&env=prod&isCrossDomain=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-accdn.lpsnmedia.net
Software: ws /
Resource Hash: 8b91fcf9f9ec4fa85b2dc4381a74daea798820aecf22457728b3739cac145a65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:04 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 12 Nov 2021 07:13:05 GMT

GET
H2 200 embed.js Show response
nebula-cdn.kampyle.com/wu/356861/onsite/ 2 KB
1 KB 26ms
8ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7001893331806f100ac77b4fadba552d8377c545c64f685f9fa12744cd254a25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: pGIXvhLWfDzGMVPEev_JvoEW7fOe6G1r
content-encoding: gzip
etag: "da328e1406ad0538f232d609b404838e"
age: 419532
via: 1.1 varnish
x-cache: HIT
content-length: 665
x-amz-id-2: jzEklx7Vick38L04NlM9yhE3+vMBG+mjkrcXuPkpBkmR5JTeEfjnRk/oW7XF4eEhCpw55r1vCJg=
x-served-by: cache-fra19151-FRA
last-modified: Fri, 30 Jul 2021 17:17:00 GMT
server: AmazonS3
x-timer: S1636701184.181564,VS0,VE1
date: Fri, 12 Nov 2021 07:13:04 GMT
vary: Accept-Encoding
x-amz-request-id: B2Q7R00WVVVXEW58
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H/1.1 200
OK detector-dom.min.js Show response
cdn.glassboxcdn.com/citizen/OLB/p/ 364 KB
112 KB 29ms
25ms Script
application/javascript 2606:4700::6812:f16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 2606:4700::6812:f16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:04 GMT
Via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Age: 6055
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 13 May 2021 10:48:21 GMT
Server: cloudflare
ETag: W/"845173368b011e7fa14658b57426fe09"
Vary: Accept-Encoding
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
Cache-Control: public, max-age=14400
X-Amz-Cf-Pop: FRA2-C2
CF-RAY: 6acdf4a10ce668eb-FRA
X-Amz-Cf-Id: y9pQJzWdY7Afh4aTYcnA7Y44dcyHZREvv1DRsDZCajarSFF2zAhkoA==
Expires: Fri, 12 Nov 2021 11:13:04 GMT

GET
H/1.1 200
OK adrum-ext.4a8dd0f950e3f613a821c330eb081cdc.js Show response
cdn.appdynamics.com/ 51 KB
20 KB 8ms
7ms Script
application/javascript 143.204.98.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.appdynamics.com/adrum-ext.4a8dd0f950e3f613a821c330eb081cdc.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 143.204.98.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-79.fra50.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: 5346dfc0f18be96e38080c303c312d99867487d6078f5ce0f1c0ddaaf165c473

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 18 Oct 2021 21:42:33 GMT
Content-Encoding: gzip
Age: 2107831
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
access-control-allow-origin: *
Last-Modified: Wed, 17 Feb 2021 19:41:35 GMT
Server: nginx/1.16.1
ETag: W/"602d716f-cc11"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
Content-Type: application/javascript
Via: 1.1 009e5e3e32afcd1d135a7234c9da5521.cloudfront.net (CloudFront)
Cache-Control: public, max-age=2678400, s-max-age=14400
X-Amz-Cf-Pop: FRA50-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: bWmXoWkaMOAtddT1Pj-AlVANRTmhGSOT5QZDopvPqZzcZYDxReSgAQ==

GET
H/1.1 200
OK generic1627665419003.js Show response
nebula-cdn.kampyle.com/us/wu/356861/onsite/ 708 KB
88 KB 14ms
11ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1627665419003.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0127d268a6a4cf765e1cc11ecefd388dee5431fa0100afc60f8fd0365441409d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: xzfZ8wCDhw5e8izCl9zfknZaOkwG9yp.
Content-Encoding: gzip
ETag: "3e0f51a7fc9d1b87f0f8f84c58f5cff6"
Age: 416049
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 89384
x-amz-id-2: ca0UtxWVUFCrOZltxUdAsBxUEK4d+H2AncJ6mHBtfY4MudRO24fZgSwp3kTubLKyj/4Si76zLF8=
X-Served-By: cache-fra19137-FRA
Last-Modified: Fri, 30 Jul 2021 17:17:00 GMT
Server: AmazonS3
X-Timer: S1636701184.198515,VS0,VE0
Date: Fri, 12 Nov 2021 07:13:04 GMT
Vary: Accept-Encoding
x-amz-request-id: KT25FG3GN6F06ZQ8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 2

GET
H2 200 postmessage.min.html Show response
va.idp.liveperson.net/postmessage/ Frame F411 11 KB
5 KB 447ms
177ms Document
text/html 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701184169&loc=http%3A%2F%2Fsecure04citizen.ru
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.idp.liveperson.net
Software: ws /
Resource Hash: c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/

Response headers

date: Fri, 12 Nov 2021 07:13:04 GMT
content-type: text/html
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
etag: W/"5f2ff440-2a51"
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip

GET
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 0
929 B 330ms
104ms XHR
text/plain 52.200.223.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=eed9021d-b5f5-415f-a8b0-d58bd91be843%3A0&_cls_v=1c877fd2-71e7-4435-814a-030c86da0b58&pv=2&f_cls_s=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.223.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-223-55.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:13:04 GMT
Server: GlassBox Cligate
vary: origin
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: http://secure04citizen.ru
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 0

GET
H/1.1 200
OK cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
6 KB 7ms
7ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
Content-Encoding: gzip
ETag: "80dd5e3be5152c5c72d552c6a26ef6ff"
Age: 420250
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 5197
x-amz-id-2: i4yEv5OfJ2ngkYqK6dY0oPCZJ75eg5IdsXyRaGoudOzIwZBr9c6670eqhW4a4pKk7P4wBqjtkRo=
X-Served-By: cache-fra19137-FRA
Last-Modified: Sun, 24 Jan 2021 11:03:10 GMT
Server: AmazonS3
X-Timer: S1636701184.261506,VS0,VE0
Date: Fri, 12 Nov 2021 07:13:04 GMT
Vary: Accept-Encoding
x-amz-request-id: 6K58BN6YD6EVY1ZM
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 24017

GET
H/1.1 200
OK __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
486 B 106ms
103ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk1LjAuNDYzOC41NCBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTYzNjcwMTE4NDI1NCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdkMTJmZTIwZmMzYzMtMGZjZjRhN2I3YmVkOTYtNTdiMTkzZS0xZDRjMDAtMTdkMTJmZTIwZmRiYTAiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9zZWN1cmUwNGNpdGl6ZW4ucnUvbG9naW4ucGhwP29ubGluZV9pZD05YzVkMzExMWNiZGViYWYzODgxNTU3ZTI1JmNvdW50cnk9Jmlzbz0iLCJ3ZWJzaXRlSWQiOiAzNTY4NjEsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjcwZWEtNzA1ZS1lZDc2LTRlODItZjI2Mi02NTBlLThhNTMtYWQ3OCIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjM2NzAxMTg0MjQzIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDE1MDUsImthbXB5bGVfdmVyc2lvbiI6ICIyLjM5LjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjM5LjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2MzY3MDExODQyNDcsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: HTTP/1.1
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

X-ME: prod-instance-gatewayservice-blue-vp63
Date: Fri, 12 Nov 2021 07:13:04 GMT
Via: 1.1 google
Server: Jetty(9.2.11.v20150529)
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Content-Type: image/gif; charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Content-Length: 0
X-Application-Context: application:9090

POST
H2 200 authorize Show response
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame F411 678 B
1 KB 181ms
180ms XHR
application/json 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=11879

Requested by

Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701184169&loc=http%3A%2F%2Fsecure04citizen.ru

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

19200e0671dc7ea66f3cf1fa2e46c98a38e80bb6eafd1efa531c1a7fb8fb5455

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

LP-DOMAIN-REFERER: http://secure04citizen.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701184169&loc=http%3A%2F%2Fsecure04citizen.ru
X-Requested-With: XMLHttpRequest
LP-URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=

Response headers

date: Fri, 12 Nov 2021 07:13:04 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
access-control-allow-origin: https://va.idp.liveperson.net
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 678

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 245 B
1 KB 487ms
217ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?&cb=lpCb70362x98405&t=sp&ts=1636701184156&pid=6540440070&tid=95816326&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fsecure04citizen.ru%2Flogin.php%3Fonline_id%3D9c5d3111cbdebaf3881557e25%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22f536acaf-ac01-40f6-b6ac-afac0170f612%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 41868da0a26bfe04fa2191a712fac77875b6959441b64f0f31ad06b5bad394da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:05 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 111 B
854 B 92ms
91ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?sid=S-zmVp1gRZOXNbDq5q1b8Q&cb=lpCb46567x42560&t=pl&ts=1636701184876&pid=6540440070&tid=95816326&vid=ViZDI2ZjY0MzIxNDQyNzkw
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: b1ff9cee25529ca7a36fd241a9b7e551716d6f80df4635dea65ec0a092e0df37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://secure04citizen.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:13:05 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

POST
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 545 B
1 KB 117ms
116ms XHR
application/json 52.200.223.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=eed9021d-b5f5-415f-a8b0-d58bd91be843:0&_cls_v=1c877fd2-71e7-4435-814a-030c86da0b58&pid=705fbebe-7797-4a92-a3bc-820edf8de5c9&sn=1&cfg&pv=2&aid=
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.223.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-223-55.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: fccf396f8daeb2473e4948bf85b46533c45a1de5992cb835e7677fafbd99c355

Request headers

Referer: http://secure04citizen.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Fri, 12 Nov 2021 07:13:05 GMT
content-encoding: gzip
Server: GlassBox Cligate
vary: origin
Content-Type: application/json
access-control-allow-origin: http://secure04citizen.ru
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 328

POST adrum
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pdx-col.eum-appdynamics.com
URL: https://pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/adrum

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_s Value: eed9021d-b5f5-415f-a8b0-d58bd91be843:0
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_v Value: 1c877fd2-71e7-4435-814a-030c86da0b58
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_cfgver Value: 8105026c
secure04citizen.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2ta2gch7uoa9sb5s2icedr09k0
secure04citizen.ru/	1969-12-31 23:59:59	Name: AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 07:23:57	Name: everest_g_v2 Value: g_surferid~YY4T-wAAAEaEnQQz
.demdex.net/	1970-01-20 02:57:33	Name: demdex Value: 37200703683401030862520666564257055219
.secure04citizen.ru/	1970-01-19 22:38:22	Name: gpv_v51 Value: no%20value
.secure04citizen.ru/	1970-01-19 23:21:33	Name: s_nr Value: 1636701183768-New
.dpm.demdex.net/	1970-01-20 02:57:33	Name: dpm Value: 37200703683401030862520666564257055219
.secure04citizen.ru/	1969-12-31 23:59:59	Name: s_cc Value: true
secure04citizen.ru/	1970-01-20 16:09:33	Name: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1099438348%7CMCIDTS%7C18944%7CMCMID%7C40004455992498789903369449672291501234%7CMCAID%7CNONE%7CMCOPTOUT-1636708383s%7CNONE%7CMCAAMLH-1637305983%7C6%7CMCAAMB-1637305983%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-18951%7CvVersion%7C2.1.0
.secure04citizen.ru/	1970-01-20 02:57:33	Name: AAMC_citizensbank_0 Value: REGION%7C6
.secure04citizen.ru/	1970-01-19 23:21:33	Name: aam_uuid Value: 40023673676494729373372496171870272213
.secure04citizen.ru/	1970-01-20 16:09:33	Name: s_fid Value: 0452D34A12089B6D-30ABF64BB4E57431
.secure04citizen.ru/	1970-01-19 22:38:22	Name: gpv_p5 Value: Datalayer%3ACBDL%20Missing
.secure04citizen.ru/	1970-01-19 23:21:33	Name: s_nr30 Value: 1636701184028-New
.secure04citizen.ru/	1970-01-19 23:05:16	Name: s_vncm Value: 1638316799029%26vn%3D1
.secure04citizen.ru/	1970-01-19 22:38:22	Name: s_ivc Value: true
.secure04citizen.ru/	1970-01-21 00:55:09	Name: s_lv Value: 1636701184030
.secure04citizen.ru/	1970-01-19 22:38:22	Name: s_lv_s Value: First%20Visit
.secure04citizen.ru/	1969-12-31 23:59:59	Name: s_ppvl Value: http%253A%2F%2Fsecure04citizen.ru%2Flogin.php%253Fonline_id%253D9c5d3111cbdebaf3881557e25%2526country%253D%2526iso%253D%2C100%2C162%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
secure04citizen.ru/	1970-01-20 07:23:57	Name: mdLogger Value: false
secure04citizen.ru/	1970-01-20 07:23:57	Name: kampyle_userid Value: 70ea-705e-ed76-4e82-f262-650e-8a53-ad78
secure04citizen.ru/	1970-01-20 07:23:57	Name: kampyleUserSession Value: 1636701184243
secure04citizen.ru/	1970-01-20 07:23:57	Name: kampyleUserSessionsCount Value: 1
secure04citizen.ru/	1970-01-20 07:23:57	Name: kampyleSessionPageCounter Value: 1
.secure04citizen.ru/	1970-01-20 07:23:57	Name: cd_user_id Value: 17d12fe20fc3c3-0fcf4a7b7bed96-57b193e-1d4c00-17d12fe20fdba0
.secure04citizen.ru/	1969-12-31 23:59:59	Name: s_ppv Value: http%253A%2F%2Fsecure04citizen.ru%2Flogin.php%253Fonline_id%253D9c5d3111cbdebaf3881557e25%2526country%253D%2526iso%253D%2C100%2C100%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.secure04citizen.ru/	1970-01-20 07:23:57	Name: LPVID Value: ViZDI2ZjY0MzIxNDQyNzkw
.secure04citizen.ru/	1969-12-31 23:59:59	Name: LPSID-89632304 Value: S-zmVp1gRZOXNbDq5q1b8Q
report.citizen.glassboxdigital.io/	1970-01-19 22:48:25	Name: AWSALBCORS Value: i9RZLMQepLucdr6Jz2v5OjKiOBBxUlUPQpC4em5RpPmAr7BsVWVXAONePHvQpfoiZ+vMooo25SLGjz2wBX0UouNsnUAxvXBUWW91T/3qGPKT9Q3gIa0I7gttSEhm

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://secure04citizen.ru/efs/efs/jsp-ns/pm_fp.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://secure04citizen.ru/login.php?online_id=9c5d3111cbdebaf3881557e25&country=&iso=(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: http://secure04citizen.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://secure04citizen.ru/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://secure04citizen.ru/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www4.citizensbankonline.com/akam/11/7c3ed55c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: http://secure04citizen.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://secure04citizen.ru/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://secure04citizen.ru/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
cdn.appdynamics.com
cdn.glassboxcdn.com
cm.everesttech.net
dpm.demdex.net
fast.citizensbank.demdex.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
metrics.citizensbank.com
nebula-cdn.kampyle.com
nexus.ensighten.com
pdx-col.eum-appdynamics.com
report.citizen.glassboxdigital.io
secure04citizen.ru
udc-neb.kampyle.com
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
www4.citizensbankonline.com
pdx-col.eum-appdynamics.com
104.109.73.152
143.204.98.79
15.188.95.229
151.101.129.175
178.249.97.23
178.249.97.98
178.249.97.99
18.195.42.228
2.16.186.56
208.89.12.87
208.89.15.170
2606:4700::6812:f16
35.241.45.82
45.133.200.3
52.200.223.55
54.194.191.134
63.32.159.255
00b4aeff275338a7dd5dac00ce573660f0c810b702103b15d541bfeccbe24d7c
0127d268a6a4cf765e1cc11ecefd388dee5431fa0100afc60f8fd0365441409d
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
12c7c75e1675ce5a03c5b8692908de72ea678bd5202af4ad35da462bf77c4f34
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
19200e0671dc7ea66f3cf1fa2e46c98a38e80bb6eafd1efa531c1a7fb8fb5455
1ed1d4f217c45869fad79c452975827fa7b3d3a0cb4086a942a01c9c2a0adccb
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
2a964a697fd258d93cf73821fff9435c13fd2a723d8bcbe664f19aa4d9565ad1
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
409a6a5d181a0a637bcdbe88474020242344cda2084bd3171af6820d2ded2d38
41868da0a26bfe04fa2191a712fac77875b6959441b64f0f31ad06b5bad394da
5346dfc0f18be96e38080c303c312d99867487d6078f5ce0f1c0ddaaf165c473
539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5
55d479e85168beaf51a55334a7705df70f093581280094737e635823385e376d
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
7001893331806f100ac77b4fadba552d8377c545c64f685f9fa12744cd254a25
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8b91fcf9f9ec4fa85b2dc4381a74daea798820aecf22457728b3739cac145a65
8e7621529e62306e30a409940cecc41a27eaa12a553bad46b7f8578f5c9a5480
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73
a3aeea882493c045f357dd3270cbc4775fc8255ac834327aec571d33e077ef0a
a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
b1ff9cee25529ca7a36fd241a9b7e551716d6f80df4635dea65ec0a092e0df37
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
d0dd4d3bca3af984b342c8d2f00110446f026a301801fde2f65442e696617751
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7b4c01edef29deff0c9c54e6dd504b25bec2ed87bf88074d6a739f98d335acd
fccf396f8daeb2473e4948bf85b46533c45a1de5992cb835e7677fafbd99c355
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

secure04citizen.ru Open in urlscan Pro 45.133.200.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

60 Requests

60 %HTTPS

6 %IPv6

13 Domains

19 Subdomains

17 IPs

6 Countries

762 kBTransfer

2516 kBSize

32 Cookies

3 Outgoing links

Page URL History

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

secure04citizen.ru Open in urlscan Pro
45.133.200.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

60 %
HTTPS

6 %
IPv6

13
Domains

19
Subdomains

17
IPs

6
Countries

762 kB
Transfer

2516 kB
Size

32
Cookies

60 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!