citisecure.duckdns.org Open in urlscan Pro
134.209.149.169 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OK...
Submission: On October 31 via automatic, source openphish (October 31st 2021, 1:27:41 am UTC) — Scanned from DE

Summary HTTP 56 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 17 IPs in 5 countries across 13 domains to perform 56 HTTP transactions. The main IP is 134.209.149.169, located in Bengaluru, India and belongs to DIGITALOCEAN-ASN, US. The main domain is citisecure.duckdns.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 30th 2021. Valid for: 3 months.

This is the only time citisecure.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	134.209.149.169 134.209.149.169	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	45.63.85.138 45.63.85.138	20473 (AS-CHOOPA) (AS-CHOOPA)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	54.69.159.212 54.69.159.212	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
3	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
16	184.24.6.17 184.24.6.17	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.117.204.150 104.117.204.150	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:401... 2a00:1450:4016:80a::2003	15169 (GOOGLE) (GOOGLE)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	184.30.16.79 184.30.16.79	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.65.175 151.101.65.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
56	17

9 134.209.149.169 (Bengaluru, India)

ASN14061 (DIGITALOCEAN-ASN, US)

citisecure.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultr.com

files.killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.159.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-159-212.us-west-2.compute.amazonaws.com

ci-mpsnare.iovation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 184.24.6.17 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-6-17.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.117.204.150 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-117-204-150.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4016:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.16.79 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-79.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	citi.com online.citi.com www.citi.com	547 KB
9	duckdns.org citisecure.duckdns.org	2 MB
8	google.com cse.google.com www.google.com	239 KB
3	bing.com bat.bing.com	835 B
3	medallia.com resources.digital-cloud-citi.medallia.com	91 KB
3	killbot.org files.killbot.org killbot.org	5 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	google.de www.google.de	656 B
2	doubleclick.net googleads.g.doubleclick.net	3 KB
1	bluekai.com stags.bluekai.com	338 B
1	rlcdn.com sr.rlcdn.com	66 B
1	wikimedia.org upload.wikimedia.org	15 KB
1	iovation.com ci-mpsnare.iovation.com	610 B
56	13

	Domain	Requested by
16	online.citi.com	citisecure.duckdns.org
9	citisecure.duckdns.org	citisecure.duckdns.org
7	www.google.com	citisecure.duckdns.org cse.google.com
3	bat.bing.com	citisecure.duckdns.org
3	resources.digital-cloud-citi.medallia.com	citisecure.duckdns.org resources.digital-cloud-citi.medallia.com
2	www.google.de	citisecure.duckdns.org
2	killbot.org	files.killbot.org
2	googleads.g.doubleclick.net	citisecure.duckdns.org
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	stags.bluekai.com	citisecure.duckdns.org
1	sr.rlcdn.com	citisecure.duckdns.org
1	upload.wikimedia.org	citisecure.duckdns.org
1	www.citi.com	citisecure.duckdns.org
1	ci-mpsnare.iovation.com	citisecure.duckdns.org
1	cse.google.com	citisecure.duckdns.org
1	files.killbot.org	citisecure.duckdns.org
56	17

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
citisecure.duckdns.org cPanel, Inc. Certification Authority	`2021-10-30` - `2022-01-28`	3 months	crt.sh
files.killbot.org R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
ci-mpsnare.iovation.com DigiCert SHA2 Extended Validation Server CA	`2021-04-21` - `2022-05-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-10-19` - `2022-11-17`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
killbot.org R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-10-18` - `2022-04-26`	6 months	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Frame ID: 835CDC95B4DE94D6FACDF1FA380E90F0
Requests: 55 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 75A814815997900D1643747F3B2A2D1C
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Frame ID: EEE356A31D41D369E34CE7F602E6A2D7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

56
Requests

95 %
HTTPS

38 %
IPv6

13
Domains

17
Subdomains

17
IPs

5
Countries

2463 kB
Transfer

3307 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login1.php Show response
citisecure.duckdns.org/ 343 KB
344 KB 972ms
170ms Document
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Sun, 31 Oct 2021 01:27:35 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK killbot-security.js Show response
files.killbot.org/.cdn-cgi/ 2 KB
3 KB 555ms
167ms Script
application/javascript 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://files.killbot.org/.cdn-cgi/killbot-security.js

Requested by

Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

45.63.85.138.vultr.com

Software

nginx / Killbot, Inc.

Resource Hash

13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:35 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Killbot, Inc.
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 2400
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 07 Aug 2021 14:01:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "610e923b-960"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK styles.b03f48c37f713682a724.css
citisecure.duckdns.org/css/ 1 MB
1 MB 399ms
134ms Stylesheet
text/css 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:35 GMT
Last-Modified: Sun, 21 Mar 2021 01:47:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1239121

GET
H/1.1 200
OK media.css
citisecure.duckdns.org/ 932 B
1 KB 400ms
134ms Stylesheet
text/css 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/media.css
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:35 GMT
Last-Modified: Sun, 21 Mar 2021 02:13:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 932

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 65ms
42ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

730e82fe8e6e281a0ea854a7926934b31c47b7ba6b6a020d3e622a2fe0ae3237

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Sun, 31 Oct 2021 01:27:35 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3499
x-xss-protection: 0
expires: Sun, 31 Oct 2021 01:27:35 GMT

GET
H/1.1 200
OK logo.js Show response
ci-mpsnare.iovation.com/script/ 96 B
610 B 808ms
169ms Script
text/javascript 54.69.159.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/script/logo.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.159.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-159-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

d7df4a024a369516a0cb40d3e5bc0022e3de87f9710cca203080c41119a90bfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 31 Oct 2022 01:27:36 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/921554e23151c152/ 264 KB
88 KB 39ms
15ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/cse_element__en.js?usqp=CAI%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:43:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 333823
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89466
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Thu, 27 Oct 2022 04:43:52 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/921554e23151c152/ 41 KB
41 KB 32ms
8ms Stylesheet
text/css 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/default+en.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 11:09:18 GMT
x-content-type-options: nosniff
age: 397097
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41521
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 26 Oct 2022 11:09:18 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
2 KB 31ms
7ms Stylesheet
text/css 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sun, 31 Oct 2021 01:55:28 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 40ms
7ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58edfbfc2f0d71cba3b2f3c7e20e86af09b6e7097c76db4e57cd9b4abe106b50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: KVUQFwxe6uYm_DklFxQL4X6kkdv6x6eG
content-encoding: gzip
etag: "7798b4a53b58bb0fc374637f9e58fc45"
age: 891272
via: 1.1 varnish
x-cache: HIT
content-length: 676
x-amz-id-2: Cz9jVpnSGRn9QMTGt//q4mdgRfdEUSLpK94N49SbFzzCBv8bmCXLTXg2sV1NEPfELF6ziK19XjA=
x-served-by: cache-fra19180-FRA
last-modified: Wed, 20 Oct 2021 17:52:53 GMT
server: AmazonS3
x-timer: S1635643656.875338,VS0,VE0
date: Sun, 31 Oct 2021 01:27:35 GMT
vary: Accept-Encoding
x-amz-request-id: 55YX40VRVR7418TN
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 87

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
2 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919652&cv=9&fst=1608659919652&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3295dcf4a4b7241d565c625387e7b50aa34079041f096657c65574ddea269a3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1026
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 44ms
19ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919663&cv=9&fst=1608659919663&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d0b9120efdab1fe263c4226068d2b455d50f51ca6d7f71e2f7d71d79fe1f224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1023
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 citilogoredesign.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 76ms
14ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1799
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 48512be6-6f95-40ed-7870-85780a57e877
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 050-location@2x.svg
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 83ms
22ms Image
image/svg+xml 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

sid: 695a50a6-2fef-4071-8225-3b5409ed185b
content-encoding: gzip
x-content-type-options: nosniff
nonce: 4518001572085588
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: GT1DMS
content-length: 758
x-xss-protection: 1; mode=block
uuid: 87d1ef58-03a6-400e-8bb3-ac1ff88c1b89
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: image/svg+xml
access-control-allow-origin
x-vcap-request-id: 3884c342-fc90-416d-4b45-3869bf3ac734
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 73ms
12ms Image
image/svg+xml 104.117.204.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.117.204.150 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-204-150.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Sid: e0d28800-72d2-46df-9f6e-5bacd4eec88b
Content-Encoding: gzip
ETag: W/"dc3-17c8d6ab0c0"
Nonce: 1785476197339295
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: a65f877a-be3e-4512-befb-129e2af05336
Last-Modified: Sun, 17 Oct 2021 08:42:32 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sun, 31 Oct 2021 01:27:35 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: b9bc0e9c-d51a-457f-4c0d-04b24e9f6a03
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Sun, 31 Oct 2021 07:27:35 GMT

GET
H2 200 1200px-Hamburger_icon.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/ 14 KB
15 KB 56ms
22ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/1200px-Hamburger_icon.svg.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 03:16:09 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 79886
x-cache-status: hit-front
x-cache: cp3061 hit, cp3051 hit/59
content-disposition: inline;filename*=UTF-8''Hamburger_icon.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3051"
content-length: 14199
x-client-ip: 2a01:4f8:a1:1a1:84::1
x-object-meta-sha1base36: cahm2nlb65f2xcizmgouz9b2duv16ya
last-modified: Fri, 31 Mar 2017 13:01:56 GMT
server: ATS/8.0.8
etag: 79b18a5d205cdebc264fc06817b73584
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
x-timestamp: 1490965315.36449
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache

GET
H2 200 HP8764_H2.jpg
online.citi.com/JRS/banners/hero_background/ 196 KB
197 KB 88ms
28ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP8764_H2.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Thu, 08 Oct 2020 21:56:16 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 200475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 7717_HYCA_ME_m1m73up.jpg
online.citi.com/JRS/banners/modules/ 49 KB
50 KB 98ms
39ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/7717_HYCA_ME_m1m73up.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 50262
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP418_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 98ms
39ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP418_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Fri, 16 Jul 2021 16:04:44 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_DoubleCash.jpg
online.citi.com/JRS/banners/modules/ 21 KB
21 KB 108ms
50ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 21180
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP7643_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 47ms
46ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP7643_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53152
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 528-Citibank_Illustrations_Article_01.jpg
online.citi.com/JRS/banners/modules/ 14 KB
14 KB 53ms
52ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/528-Citibank_Illustrations_Article_01.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Fri, 16 Jul 2021 16:04:34 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 14137
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP8564_M.jpg
online.citi.com/JRS/banners/modules/ 71 KB
72 KB 65ms
64ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP8564_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:27:35 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 72898
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 24 KB
25 KB 71ms
71ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/googlePlay@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 25077
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: f3a94f95-3f20-4f56-4594-4dfd108171de
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 20 KB
21 KB 77ms
76ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/appStore@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 20047
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 50995ec7-ce46-495f-4a50-3916defeb713
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_facebook@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
1 KB 82ms
82ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 445
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 00:54:57 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: b5aba3db-cef6-46db-7c62-0e9ce0b00670
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_twitter@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 88ms
87ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1277
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 42f5ddda-5cf8-4711-5af0-fd4231e5fd50
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_youtube@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 98ms
98ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1175
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:35 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:35 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: dfb5528f-a26e-4c6a-7ae3-9a77470b828b
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found 320_Citi-PLT@3x.png
citisecure.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/ 315 B
315 B 135ms
135ms Image
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 1440_Citi-PLT@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
28 KB 105ms
104ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 28149
x-xss-protection: 1; mode=block
expires: Sun, 31 Oct 2021 07:27:36 GMT
last-modified: Sun, 17 Oct 2021 08:42:32 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 31 Oct 2021 01:27:36 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 789782c1-388d-4c50-4d59-d7d8008c876f
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 204 0
bat.bing.com/action/ 0
429 B 58ms
39ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=271722
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D945C1CB8F464CB6A95DC1E2E7D2C7EB Ref B: FRAEDGE1517 Ref C: 2021-10-31T01:27:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
203 B 32ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&ea=Application&evt=custom&msclkid=N&rn=480075
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF5BCC3108244B219B1E43FD88E591FE Ref B: FRAEDGE1517 Ref C: 2021-10-31T01:27:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
203 B 33ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=8936f9d9-a058-48c7-b3bb-647f9b931c9f&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=429226
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3E4DBD46F78049B78E1933FEB775E915 Ref B: FRAEDGE1517 Ref C: 2021-10-31T01:27:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1592741950571_CTA_Feedback(final).png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
2 KB 10ms
6ms Image
image/png 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-encoding: gzip
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
age: 866035
via: 1.1 varnish
x-cache: HIT
content-length: 2219
x-amz-id-2: 2xskz8mioGRu//DD/6/YybCnvd0lWnxaKeb1OQ8XHpb68pDp3xXTJHz1av7dN7p7KQupK0jsqDo=
x-served-by: cache-fra19180-FRA
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
server: AmazonS3
x-timer: S1635643656.903475,VS0,VE0
date: Sun, 31 Oct 2021 01:27:35 GMT
vary: Accept-Encoding
x-amz-request-id: V2X4M07R3M9K6XKZ
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 50

GET
H/1.1 200
OK whois Show response
killbot.org/api/v2/ 264 B
1020 B 589ms
166ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: c3a40821b9ac3f9da9b7d2df998ec3a239877e1aaf3db6a8a0380a4eaa797064

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 401
Unauthorized blocker Show response
killbot.org/api/v2/ 146 B
911 B 165ms
165ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=168.119.25.193&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/95.0.4638.54%20Safari/537.36&url=?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/cc267ab8871224bd/ 290 KB
96 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/cc267ab8871224bd/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

323a804a3f14a53edd48617524b4911dbae8ac3b8d427c3a9bd820a129560859

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 403328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97670
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 21:05:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 26 Oct 2022 09:25:28 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/cc267ab8871224bd/ 41 KB
9 KB 8ms
8ms Stylesheet
text/css 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/cc267ab8871224bd/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 403328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 21:05:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 26 Oct 2022 09:25:28 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
340 B 19ms
18ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3003220576&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
548 B 75ms
32ms Image
image/gif 2a00:1450:4016:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3003220576&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4016:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 18ms
18ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=623258724&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
108 B 75ms
32ms Image
image/gif 2a00:1450:4016:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=623258724&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4016:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:27:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 75A8 0
66 B 157ms
115ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/

Response headers

date: Sun, 31 Oct 2021 01:27:36 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 404 search.svg
online.citi.com/citi-branding-assets/images/ 0
0 514ms
514ms Image
text/html 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online.citi.com/citi-branding-assets/images/search.svg
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.6.17 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-6-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 918 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
citisecure.duckdns.org/assets/branding/ 315 B
315 B 133ms
133ms Image
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.duckdns.org/assets/branding/Citi-Branding-Sprite.png
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Light.woff
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.woff
citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 135ms
135ms Font
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://citisecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame EEE3 71 B
338 B 182ms
155ms Document
text/html 184.30.16.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.79 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-79.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 3283
Date: Sun, 31 Oct 2021 01:27:36 GMT
Connection: keep-alive
X-N: S

GET Interstate-Light.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Light.woff
citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 133ms
133ms Font
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://citisecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Bold.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.ttf
citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 136ms
135ms Font
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://citisecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Interstate-Light.ttf
citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 133ms
133ms Font
text/html 134.209.149.169
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
Requested by: Host: citisecure.duckdns.org
URL: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 134.209.149.169 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://citisecure.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://citisecure.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:27:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 generic1634752371595.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 527 KB
87 KB 7ms
7ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1634752371595.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 915afa3a684b0562c638837fddc86f51700d954a4a13ed16d9857a066462edec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 6ztX3qWQv7AuHQ8Loe8lhcbddbcREYoc
content-encoding: gzip
etag: "045174c5e0174dd804b9dda17b772d12"
age: 891264
via: 1.1 varnish
x-cache: HIT
content-length: 89242
x-amz-id-2: kfXal0FPnYhjC/RTm6eJiBV6nLOyiSwfJg7bKkIV0FsJZ9LjjvLY55OFgh2YC0YopYcvX0a73F4=
x-served-by: cache-fra19180-FRA
last-modified: Wed, 20 Oct 2021 17:52:53 GMT
server: AmazonS3
x-timer: S1635643657.202666,VS0,VE0
date: Sun, 31 Oct 2021 01:27:37 GMT
vary: Accept-Encoding
x-amz-request-id: E66EZB2NQCXHKBDA
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 85

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 32ms
7ms Script
application/javascript 151.101.65.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1634752371595.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 494174
via: 1.1 varnish
x-cache: HIT
content-length: 5197
x-amz-id-2: ec1pQwHVImCyYJr0EFY0yh+SldGJrjf1L+yIpGS03h890uwmqcCGPj87kxJNe1qKKO/4umJGPLE=
x-served-by: cache-fra19155-FRA
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1635643657.265052,VS0,VE0
date: Sun, 31 Oct 2021 01:27:37 GMT
vary: Accept-Encoding
x-amz-request-id: SKT9TM4E7SGWTP4D
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 118098

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
317 B 121ms
98ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk1LjAuNDYzOC41NCBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTYzNTY0MzY1NzI3NSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdjZDNmNThjMzk4ZmItMGFlMDkyN2I5NjZmODQtNTdiMTkzZS0xZDRjMDAtMTdjZDNmNThjM2FiYzYiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly9jaXRpc2VjdXJlLmR1Y2tkbnMub3JnL2xvZ2luMS5waHA/dFRka0cyU3RpUTc4azlucDZXVWtRNmp6bUFuZVRuTmw3Uk9va0lDQ0o0OWkwSEd0TFNUN054TVczTTc4RjdlUGc2MTJJS1lETThtUkVJallNbzVPS1ptcGtRMkFFWjJkWmpqc3RsS2l3bUt6MklrR3VacG5QekZOdzRTZzBVRE95WnNiUDZ0YjBGMWllSHJEVGRzR2FXPSIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJhYWQxLWM3NDctMzMwNS1lM2VkLTUwOTktODRmYy1kZWNjLTg5MGMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTYzNTY0MzY1NzI0MyIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMDQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2MzU2NDM2NTcyNDUsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://citisecure.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-050l
date: Sun, 31 Oct 2021 01:27:37 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 22:20:44	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-20 07:42:19	Name: MUID Value: 3A94E499965468141B27F478973F69F7
citisecure.duckdns.org/	1970-01-20 07:06:19	Name: mdLogger Value: false
citisecure.duckdns.org/	1970-01-20 07:06:19	Name: kampyle_userid Value: aad1-c747-3305-e3ed-5099-84fc-decc-890c
citisecure.duckdns.org/	1970-01-20 07:06:19	Name: kampyleUserSession Value: 1635643657243
citisecure.duckdns.org/	1970-01-20 07:06:19	Name: kampyleUserSessionsCount Value: 1
citisecure.duckdns.org/	1970-01-20 07:06:19	Name: kampyleSessionPageCounter Value: 1

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=168.119.25.193&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/95.0.4638.54%20Safari/537.36&url=?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW= Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
javascript	error	URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://citisecure.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value ''.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf' from origin 'https://citisecure.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://secure-onlineciti.x24hr.com' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://citisecure.duckdns.org/assets/branding/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
javascript	error	URL: https://citisecure.duckdns.org/login1.php?tTdkG2StiQ78k9np6WUkQ6jzmAneTnNl7ROokICCJ49i0HGtLST7NxMW3M78F7ePg612IKYDM8mREIjYMo5OKZmpkQ2AEZ2dZjjstlKiwmKz2IkGuZpnPzFNw4Sg0UDOyZsbP6tb0F1ieHrDTdsGaW= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'https://citisecure.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value ''.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citisecure.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://online.citi.com/citi-branding-assets/images/search.svg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
ci-mpsnare.iovation.com
citisecure.duckdns.org
cse.google.com
files.killbot.org
googleads.g.doubleclick.net
killbot.org
nebula-cdn.kampyle.com
online.citi.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
udc-neb.kampyle.com
upload.wikimedia.org
www.citi.com
www.google.com
www.google.de
online.citi.com
104.117.204.150
134.209.149.169
151.101.65.175
151.101.66.133
184.24.6.17
184.30.16.79
2620:0:862:ed1a::2:b
2620:1ec:c11::200
2a00:1450:4001:803::2002
2a00:1450:4001:809::2004
2a00:1450:4001:809::200e
2a00:1450:4016:80a::2003
35.190.60.146
35.241.45.82
45.63.85.138
54.69.159.212
051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d
323a804a3f14a53edd48617524b4911dbae8ac3b8d427c3a9bd820a129560859
3295dcf4a4b7241d565c625387e7b50aa34079041f096657c65574ddea269a3d
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d
58edfbfc2f0d71cba3b2f3c7e20e86af09b6e7097c76db4e57cd9b4abe106b50
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1
716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107
730e82fe8e6e281a0ea854a7926934b31c47b7ba6b6a020d3e622a2fe0ae3237
7d0b9120efdab1fe263c4226068d2b455d50f51ca6d7f71e2f7d71d79fe1f224
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
915afa3a684b0562c638837fddc86f51700d954a4a13ed16d9857a066462edec
9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
c3a40821b9ac3f9da9b7d2df998ec3a239877e1aaf3db6a8a0380a4eaa797064
cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d7df4a024a369516a0cb40d3e5bc0022e3de87f9710cca203080c41119a90bfb
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

citisecure.duckdns.org Open in urlscan Pro 134.209.149.169 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

56 Requests

95 %HTTPS

38 %IPv6

13 Domains

17 Subdomains

17 IPs

5 Countries

2463 kBTransfer

3307 kBSize

7 Cookies

1 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

citisecure.duckdns.org Open in urlscan Pro
134.209.149.169 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

95 %
HTTPS

38 %
IPv6

13
Domains

17
Subdomains

17
IPs

5
Countries

2463 kB
Transfer

3307 kB
Size

7
Cookies

56 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!