citibank-0nline.duckdns.org Open in urlscan Pro
34.74.7.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPa...
Submission: On September 09 via automatic, source openphish (September 9th 2021, 1:26:49 am UTC) — Scanned from DE

Summary HTTP 56 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 17 IPs in 2 countries across 13 domains to perform 56 HTTP transactions. The main IP is 34.74.7.184, located in North Charleston, United States and belongs to GOOGLE, US. The main domain is citibank-0nline.duckdns.org.

This is the only time citibank-0nline.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	34.74.7.184 34.74.7.184	15169 (GOOGLE) (GOOGLE)
3	45.63.85.138 45.63.85.138	20473 (AS-CHOOPA) (AS-CHOOPA)
1	2a00:1450:400... 2a00:1450:400a:802::200e	15169 (GOOGLE) (GOOGLE)
1	54.69.159.212 54.69.159.212	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:400a:803::2004	15169 (GOOGLE) (GOOGLE)
3	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:400a:802::2002	15169 (GOOGLE) (GOOGLE)
16	23.50.101.215 23.50.101.215	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.20.18.193 2.20.18.193	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:400a:808::2003	15169 (GOOGLE) (GOOGLE)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	95.100.52.201 95.100.52.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.1.175 151.101.1.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
56	17

9 34.74.7.184 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 184.7.74.34.bc.googleusercontent.com

citibank-0nline.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultr.com

files.killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400a:802::200e (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.159.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-159-212.us-west-2.compute.amazonaws.com

ci-mpsnare.iovation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400a:803::2004 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400a:802::2002 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.50.101.215 (Glattbrugg, Switzerland)

ASN16625 (AKAMAI-AS, US)
PTR: a23-50-101-215.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.18.193 (Glattbrugg, Switzerland)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-18-193.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400a:808::2003 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.52.201 (Glattbrugg, Switzerland)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-52-201.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	citi.com online.citi.com www.citi.com	547 KB
9	duckdns.org citibank-0nline.duckdns.org	2 MB
8	google.com cse.google.com www.google.com	204 KB
3	bing.com bat.bing.com	590 B
3	medallia.com resources.digital-cloud-citi.medallia.com	90 KB
3	killbot.org files.killbot.org killbot.org	5 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	google.de www.google.de	677 B
2	doubleclick.net googleads.g.doubleclick.net	3 KB
1	bluekai.com stags.bluekai.com	337 B
1	rlcdn.com sr.rlcdn.com	66 B
1	wikimedia.org upload.wikimedia.org	15 KB
1	iovation.com ci-mpsnare.iovation.com	610 B
56	13

	Domain	Requested by
16	online.citi.com	citibank-0nline.duckdns.org
9	citibank-0nline.duckdns.org	citibank-0nline.duckdns.org
7	www.google.com	citibank-0nline.duckdns.org cse.google.com
3	bat.bing.com	citibank-0nline.duckdns.org
3	resources.digital-cloud-citi.medallia.com	citibank-0nline.duckdns.org resources.digital-cloud-citi.medallia.com
2	www.google.de	citibank-0nline.duckdns.org
2	killbot.org	files.killbot.org
2	googleads.g.doubleclick.net	citibank-0nline.duckdns.org
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	stags.bluekai.com	citibank-0nline.duckdns.org
1	sr.rlcdn.com	citibank-0nline.duckdns.org
1	upload.wikimedia.org	citibank-0nline.duckdns.org
1	www.citi.com	citibank-0nline.duckdns.org
1	ci-mpsnare.iovation.com	citibank-0nline.duckdns.org
1	cse.google.com	citibank-0nline.duckdns.org
1	files.killbot.org	citibank-0nline.duckdns.org
56	17

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
files.killbot.org R3	`2021-08-07` - `2021-11-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
ci-mpsnare.iovation.com DigiCert SHA2 Extended Validation Server CA	`2021-04-21` - `2022-05-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
*.wikipedia.org DigiCert SHA2 High Assurance Server CA	`2020-11-09` - `2021-11-16`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-07-06` - `2022-01-06`	6 months	crt.sh
killbot.org R3	`2021-08-08` - `2021-11-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Frame ID: EFAA888994ADAB4259DBF22D341E6565
Requests: 55 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 7421C54511969CA69F2A09DF446C8200
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Frame ID: 491C338416A8208D8D8C43A93FA27DE9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

56
Requests

73 %
HTTPS

38 %
IPv6

13
Domains

17
Subdomains

17
IPs

2
Countries

2428 kB
Transfer

3286 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login1.php Show response
citibank-0nline.duckdns.org/ 343 KB
344 KB 332ms
200ms Document
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1

Request headers

Host: citibank-0nline.duckdns.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Thu, 09 Sep 2021 01:26:42 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK killbot-security.js Show response
files.killbot.org/.cdn-cgi/ 2 KB
3 KB 528ms
164ms Script
application/javascript 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://files.killbot.org/.cdn-cgi/killbot-security.js

Requested by

Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

45.63.85.138.vultr.com

Software

nginx / Killbot, Inc.

Resource Hash

13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Killbot, Inc.
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 2400
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 07 Aug 2021 14:01:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "610e923b-960"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK styles.b03f48c37f713682a724.css
citibank-0nline.duckdns.org/css/ 1 MB
1 MB 205ms
199ms Stylesheet
text/css 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:42 GMT
Last-Modified: Sun, 21 Mar 2021 05:47:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1239121

GET
H/1.1 200
OK media.css
citibank-0nline.duckdns.org/ 932 B
1 KB 204ms
198ms Stylesheet
text/css 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/media.css
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:42 GMT
Last-Modified: Sun, 21 Mar 2021 06:13:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 932

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 106ms
55ms Script
text/javascript 2a00:1450:400a:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:802::200e Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

8ebdd11aa71062d7d76ebfa3d2260463d0d4d7c39b54bb9154ce467d0d294fda

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Thu, 09 Sep 2021 01:26:43 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3495
x-xss-protection: 0
expires: Thu, 09 Sep 2021 01:26:43 GMT

GET
H/1.1 200
OK logo.js Show response
ci-mpsnare.iovation.com/script/ 96 B
610 B 704ms
160ms Script
text/javascript 54.69.159.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/script/logo.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.159.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-159-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

72e3fa5af92f80b808279a410d0f2826ea62330c8eea929fd9bfa5bd4fd9e083

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 09 Sep 2022 01:26:43 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/921554e23151c152/ 264 KB
87 KB 69ms
17ms Script
text/javascript 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/cse_element__en.js?usqp=CAI%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 11:20:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89466
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 08 Sep 2022 11:20:29 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/921554e23151c152/ 41 KB
9 KB 65ms
12ms Stylesheet
text/css 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/default+en.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 11:20:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9045
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 08 Sep 2022 11:20:29 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
2 KB 64ms
12ms Stylesheet
text/css 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 604
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 09 Sep 2021 02:06:39 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 76ms
6ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f609f76bbb7f158c15f02c57dc1e1cd0115ee2ab7bbc417543aa0ebedccfaf71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 4Ny3y.goV2S3FUQ2llH85tCcpfnKySf8
content-encoding: gzip
etag: "5a5dbafff41cc92bc6aad29b1470bd29"
age: 4
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: 9v+/AbsN5dF5ZiM4o04yxERQpSa/PwVa8sTEyyADzVnagyWHobH1pw2bimf3F4ZXqpO8V6YOkzM=
x-served-by: cache-fra19176-FRA
last-modified: Thu, 02 Sep 2021 17:44:53 GMT
server: AmazonS3
x-timer: S1631150803.138054,VS0,VE0
date: Thu, 09 Sep 2021 01:26:43 GMT
vary: Accept-Encoding
x-amz-request-id: YP7K4JAQ0V00XNG4
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 81ms
29ms Script
text/javascript 2a00:1450:400a:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919652&cv=9&fst=1608659919652&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:802::2002 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b10720c7af006707615b7f871ae769ceb87595bc3f56f4e2e153fab56e67fbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:26:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1017
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
2 KB 80ms
28ms Script
text/javascript 2a00:1450:400a:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919663&cv=9&fst=1608659919663&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:802::2002 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0478d17423d338aa203bcca28ac84df7d7f7fd95d42c3582e855cd75b1a1f3eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:26:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 citilogoredesign.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 463ms
225ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1799
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 855e508a-1cba-4ec7-4745-e979c4d47753
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 050-location@2x.svg
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 491ms
253ms Image
image/svg+xml 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

sid: 3809c0b6-f044-4e2a-b9d8-84deb3e2ee14
content-encoding: gzip
x-content-type-options: nosniff
nonce: 2445477907957301
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: GT1DMS
content-length: 758
x-xss-protection: 1; mode=block
uuid: aeee5878-23ca-4f1a-8a14-9f92928fc798
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: image/svg+xml
access-control-allow-origin
x-vcap-request-id: 023e1669-dcec-4445-4891-30557098627d
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 235ms
18ms Image
image/svg+xml 2.20.18.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.20.18.193 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-20-18-193.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Sid: ccd98cc1-8ddd-47d8-b70d-fbb8cfaf0c43
Content-Encoding: gzip
ETag: W/"dc3-17b71bf4a58"
Nonce: 1961508352477457
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: 791430aa-ab9c-4a78-9735-426b8006f9d0
Last-Modified: Mon, 23 Aug 2021 06:42:47 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Thu, 09 Sep 2021 01:26:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 16b2c0f7-f67c-4431-732c-156f2b1b9a8c
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Thu, 09 Sep 2021 07:26:43 GMT

GET
H2 200 1200px-Hamburger_icon.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/ 14 KB
15 KB 58ms
18ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/1200px-Hamburger_icon.svg.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 09:30:23 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 57379
x-cache-status: hit-front
x-cache: cp3061 hit, cp3057 hit/29
content-disposition: inline;filename*=UTF-8''Hamburger_icon.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3057"
content-length: 14199
x-client-ip: 2a0f:9441:5:0:ea::1
x-object-meta-sha1base36: cahm2nlb65f2xcizmgouz9b2duv16ya
last-modified: Fri, 31 Mar 2017 13:01:56 GMT
server: ATS/8.0.8
etag: 79b18a5d205cdebc264fc06817b73584
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
x-timestamp: 1490965315.36449
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache

GET
H2 200 HP8764_H2.jpg
online.citi.com/JRS/banners/hero_background/ 196 KB
197 KB 295ms
61ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP8764_H2.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
last-modified: Thu, 08 Oct 2020 21:56:16 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 200475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 7717_HYCA_ME_m1m73up.jpg
online.citi.com/JRS/banners/modules/ 49 KB
50 KB 505ms
271ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/7717_HYCA_ME_m1m73up.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 50262
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP418_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 311ms
78ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP418_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
last-modified: Fri, 16 Jul 2021 16:04:44 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_DoubleCash.jpg
online.citi.com/JRS/banners/modules/ 21 KB
21 KB 311ms
78ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 21180
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP7643_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 223ms
222ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP7643_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53152
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 528-Citibank_Illustrations_Article_01.jpg
online.citi.com/JRS/banners/modules/ 14 KB
14 KB 142ms
141ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/528-Citibank_Illustrations_Article_01.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
last-modified: Fri, 16 Jul 2021 16:04:34 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 14137
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP8564_M.jpg
online.citi.com/JRS/banners/modules/ 71 KB
72 KB 754ms
753ms Image
image/jpeg 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP8564_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

Resource Hash

c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:26:44 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 72898
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 24 KB
25 KB 145ms
144ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/googlePlay@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 25077
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 7d344f27-fc90-4a97-4c87-e5e91973dd03
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 20 KB
21 KB 229ms
228ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/appStore@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 20047
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: ef2c3067-5816-4a1c-6264-0873454210a4
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_facebook@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
1 KB 316ms
315ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 445
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 43874af0-6915-4e6f-4676-0f93e8aaf4a9
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_twitter@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 142ms
141ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1277
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: f38250c0-a2cc-4a48-5a51-c95a7d65cf6a
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_youtube@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 235ms
234ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1175
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: a70ee00e-0b54-4ed5-4d11-e51eea5d25b3
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found 320_Citi-PLT@3x.png
citibank-0nline.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/ 315 B
315 B 102ms
101ms Image
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 1440_Citi-PLT@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
29 KB 265ms
264ms Image
image/png 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-50-101-215.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 28149
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:26:43 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:26:43 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: bab4603d-d03f-4f01-453e-a7d242a1994d
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 204 0
bat.bing.com/action/ 0
191 B 63ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=271722
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 09 Sep 2021 01:26:42 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 511C96AC75A5469282647874DF82563F Ref B: FRAEDGE1313 Ref C: 2021-09-09T01:26:43Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
304 B 62ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&ea=Application&evt=custom&msclkid=N&rn=480075
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 09 Sep 2021 01:26:42 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 36EDEFB9048341BBBFC0C72B73D34563 Ref B: FRAEDGE1313 Ref C: 2021-09-09T01:26:43Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
95 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=8936f9d9-a058-48c7-b3bb-647f9b931c9f&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=429226
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 09 Sep 2021 01:26:42 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 9DC95C5FC9C842458A845D8B47BBEE39 Ref B: FRAEDGE1313 Ref C: 2021-09-09T01:26:43Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1592741950571_CTA_Feedback(final).png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
2 KB 6ms
6ms Image
image/png 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-encoding: gzip
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
age: 4
via: 1.1 varnish
x-cache: HIT
content-length: 2219
x-amz-id-2: Sg2TaKES/V+SbtwF7cGZnq/UzUDMnwxD+/gxIWlCOfbYnpf0wyHFiv/yFWa1HhJJY+of6pfdpeg=
x-served-by: cache-fra19176-FRA
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
server: AmazonS3
x-timer: S1631150803.163390,VS0,VE0
date: Thu, 09 Sep 2021 01:26:43 GMT
vary: Accept-Encoding
x-amz-request-id: 95YM9RPCRVN3AXHB
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 1

GET
H/1.1 200
OK whois Show response
killbot.org/api/v2/ 264 B
1020 B 514ms
163ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 5ea5c85365879a1e9da4faa70b4dd18b77d457de36391ebdb30b4ca18823f78a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 09 Sep 2021 01:26:43 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/b54a745638da8bbb/ 280 KB
92 KB 14ms
13ms Script
text/javascript 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37c3ee1cf5ea40bba6290222162d2519c2c037f90538cb7d4327fcff734ced86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 06:56:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66605
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94157
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 08 Sep 2022 06:56:38 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/b54a745638da8bbb/ 41 KB
9 KB 12ms
12ms Stylesheet
text/css 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 06:56:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66605
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 08 Sep 2022 06:56:38 GMT

GET
H/1.1 401
Unauthorized blocker Show response
killbot.org/api/v2/ 146 B
911 B 606ms
605ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=91.199.118.78&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&url=?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 09 Sep 2021 01:26:44 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
340 B 29ms
29ms Image
image/gif 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=803060892&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:26:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
569 B 81ms
29ms Image
image/gif 2a00:1450:400a:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=803060892&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:808::2003 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:26:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 30ms
29ms Image
image/gif 2a00:1450:400a:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1718776409&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:803::2004 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:26:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
108 B 81ms
30ms Image
image/gif 2a00:1450:400a:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=1718776409&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:808::2003 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:26:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 7421 0
66 B 177ms
114ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://citibank-0nline.duckdns.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/

Response headers

date: Thu, 09 Sep 2021 01:26:43 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 404 search.svg
online.citi.com/citi-branding-assets/images/ 0
0 538ms
538ms Image
text/html 23.50.101.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online.citi.com/citi-branding-assets/images/search.svg
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.50.101.215 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-50-101-215.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 918 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
citibank-0nline.duckdns.org/assets/branding/ 315 B
315 B 102ms
102ms Image
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citibank-0nline.duckdns.org/assets/branding/Citi-Branding-Sprite.png
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Light.woff
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.woff
citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 101ms
101ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: http://citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 491C 71 B
337 B 207ms
167ms Document
text/html 95.100.52.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.52.201 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-52-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://citibank-0nline.duckdns.org/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: b8b
Date: Thu, 09 Sep 2021 01:26:44 GMT
Connection: keep-alive
X-N: S

GET Interstate-Light.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.ttf
citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 102ms
101ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: http://citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Bold.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Light.woff
citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 102ms
101ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: http://citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:43 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Interstate-Light.ttf
citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 102ms
101ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
Requested by: Host: citibank-0nline.duckdns.org
URL: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Origin: http://citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate
Host: citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: http://citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: http://citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:26:44 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK generic1630604691864.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 517 KB
87 KB 14ms
7ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1630604691864.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: HTTP/1.1
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 94463a708f7d1a66e3f33e9791a2b7d7f81b749c539ed20b2c258a9257b26f90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: JWxQ00v912_Y9ovWKQ3zlIUb_b00bi3g
Content-Encoding: gzip
ETag: "b94bad29d1d95542a92fdac5ae3a42d3"
Age: 4
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 88347
x-amz-id-2: BhPF/8eChezX7cJPkgwRk3d09oGD05Ir5A0Keb7Cv4xKMQtRV/i5KDFQ0IQEZVTxgYUZTCP1AEM=
X-Served-By: cache-fra19125-FRA
Last-Modified: Thu, 02 Sep 2021 17:44:53 GMT
Server: AmazonS3
X-Timer: S1631150804.367413,VS0,VE1
Date: Thu, 09 Sep 2021 01:26:44 GMT
Vary: Accept-Encoding
x-amz-request-id: QR2Q7RBQZN0Z2Z94
Access-Control-Allow-Origin: *
Cache-Control: max-age=0,must-revalidate
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 1

GET
H/1.1 200
OK cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
6 KB 41ms
6ms Script
application/javascript 151.101.1.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1630604691864.js
Protocol: HTTP/1.1
Server: 151.101.1.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
Content-Encoding: gzip
ETag: "80dd5e3be5152c5c72d552c6a26ef6ff"
Age: 0
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
x-amz-request-id: R8BG5GP8N89W8Z3A
x-amz-id-2: WdEqhurUlx7NVVkzTPqyPs0do77B0u8ZWrqkIKT3FZgni63QtwYfQ4nyif+yeepM5xdRyIs3Cpc=
X-Served-By: cache-fra19126-FRA
Accept-Ranges: bytes
Last-Modified: Sun, 24 Jan 2021 11:03:10 GMT
Server: AmazonS3
X-Timer: S1631150804.470568,VS0,VE0
Date: Thu, 09 Sep 2021 01:26:44 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Content-Length: 5197
X-Cache-Hits: 28959

GET
H/1.1 200
OK __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
487 B 140ms
97ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xNTkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2MzExNTA4MDQ0ODAiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE3YmM4MmEwZGZlNWQzLTBiMGNiZDhkYjMxNzFjLWMzNDMzNjUtMWQ0YzAwLTE3YmM4MmEwZGZmYzVmIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHA6Ly9jaXRpYmFuay0wbmxpbmUuZHVja2Rucy5vcmcvbG9naW4xLnBocD90cHFIRWhhWm1XOURCOHA1c0x3M0owRmM1ZzVxUVlRZVcwSkU1bFF6eFFNVWh0YjZTSW0zNUxJOUNvcDU1QWZIOEpEc3RZcW93Y0xNWFNiaGtHclBhbVZiTFdmdDhYOWI5ZFlTSm4xTVhTbTlvY3REczJ4dVFQSm9ZUzNzb244WWVXNlhHcEtOdWhabVJQU1FCVUpzYVQ9Iiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImNhZTktMGM3NC0xOGIwLTZhZjctNTMzYy1iMGE4LTU3MzEtMzhlMCIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjMxMTUwODA0NDQxIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDIwNCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDAuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTYzMTE1MDgwNDQ0NSwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
Protocol: HTTP/1.1
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-ME: prod-instance-gatewayservice-green-652t
Date: Thu, 09 Sep 2021 01:26:44 GMT
Via: 1.1 google
Server: Jetty(9.2.11.v20150529)
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Content-Type: image/gif; charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Content-Length: 0
X-Application-Context: application:9090

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 21:05:51	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-20 06:27:26	Name: MUID Value: 1361BA39AD1B61503FEDAA94ACC96079
citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: mdLogger Value: false
citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyle_userid Value: cae9-0c74-18b0-6af7-533c-b0a8-5731-38e0
citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyleUserSession Value: 1631150804441
citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyleUserSessionsCount Value: 1
citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyleSessionPageCounter Value: 1

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'http://citibank-0nline.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://citionline-securev9.duckdns.org' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: http://citibank-0nline.duckdns.org/assets/branding/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf' from origin 'http://citibank-0nline.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citibank-0nline.duckdns.org' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://citibank-0nline.duckdns.org/login1.php?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'http://citibank-0nline.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://secure-updateciti8m.viewdns.net' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://online.citi.com/citi-branding-assets/images/search.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=91.199.118.78&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&url=?tpqHEhaZmW9DB8p5sLw3J0Fc5g5qQYQeW0JE5lQzxQMUhtb6SIm35LI9Cop55AfH8JDstYqowcLMXSbhkGrPamVbLWft8X9b9dYSJn1MXSm9octDs2xuQPJoYS3son8YeW6XGpKNuhZmRPSQBUJsaT= Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
ci-mpsnare.iovation.com
citibank-0nline.duckdns.org
cse.google.com
files.killbot.org
googleads.g.doubleclick.net
killbot.org
nebula-cdn.kampyle.com
online.citi.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
udc-neb.kampyle.com
upload.wikimedia.org
www.citi.com
www.google.com
www.google.de
online.citi.com
151.101.1.175
151.101.2.133
2.20.18.193
23.50.101.215
2620:0:862:ed1a::2:b
2620:1ec:c11::200
2a00:1450:400a:802::2002
2a00:1450:400a:802::200e
2a00:1450:400a:803::2004
2a00:1450:400a:808::2003
34.74.7.184
35.190.60.146
35.241.45.82
45.63.85.138
54.69.159.212
95.100.52.201
0478d17423d338aa203bcca28ac84df7d7f7fd95d42c3582e855cd75b1a1f3eb
051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d
37c3ee1cf5ea40bba6290222162d2519c2c037f90538cb7d4327fcff734ced86
3b10720c7af006707615b7f871ae769ceb87595bc3f56f4e2e153fab56e67fbf
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d
5ea5c85365879a1e9da4faa70b4dd18b77d457de36391ebdb30b4ca18823f78a
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1
716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107
72e3fa5af92f80b808279a410d0f2826ea62330c8eea929fd9bfa5bd4fd9e083
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
8ebdd11aa71062d7d76ebfa3d2260463d0d4d7c39b54bb9154ce467d0d294fda
94463a708f7d1a66e3f33e9791a2b7d7f81b749c539ed20b2c258a9257b26f90
9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f609f76bbb7f158c15f02c57dc1e1cd0115ee2ab7bbc417543aa0ebedccfaf71

citibank-0nline.duckdns.org Open in urlscan Pro 34.74.7.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

56 Requests

73 %HTTPS

38 %IPv6

13 Domains

17 Subdomains

17 IPs

2 Countries

2428 kBTransfer

3286 kBSize

7 Cookies

1 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citibank-0nline.duckdns.org Open in urlscan Pro
34.74.7.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

73 %
HTTPS

38 %
IPv6

13
Domains

17
Subdomains

17
IPs

2
Countries

2428 kB
Transfer

3286 kB
Size

7
Cookies

56 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!