interfaceauth-priority17.cloudns.nz Open in urlscan Pro
34.125.145.159 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoV...
Submission: On October 12 via automatic, source openphish (October 12th 2021, 1:15:51 am UTC) — Scanned from DE

Summary HTTP 52 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 12 domains to perform 52 HTTP transactions. The main IP is 34.125.145.159, located in Las Vegas, United States and belongs to GOOGLE, US. The main domain is interfaceauth-priority17.cloudns.nz.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 11th 2021. Valid for: 3 months.

This is the only time interfaceauth-priority17.cloudns.nz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	34.125.145.159 34.125.145.159	15169 (GOOGLE) (GOOGLE)
3	45.63.85.138 45.63.85.138	20473 (AS-CHOOPA) (AS-CHOOPA)
1	142.250.184.238 142.250.184.238	15169 (GOOGLE) (GOOGLE)
1	54.69.159.212 54.69.159.212	16509 (AMAZON-02) (AMAZON-02)
7	142.250.74.196 142.250.74.196	15169 (GOOGLE) (GOOGLE)
3	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
17	104.111.238.178 104.111.238.178	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.45.237.66 23.45.237.66	16625 (AKAMAI-AS) (AKAMAI-AS)
1	91.198.174.208 91.198.174.208	14907 (WIKIMEDIA) (WIKIMEDIA)
3	13.107.21.200 13.107.21.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.129.175 151.101.129.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
52	16

7 34.125.145.159 (Las Vegas, United States)

ASN15169 (GOOGLE, US)
PTR: 159.145.125.34.bc.googleusercontent.com

interfaceauth-priority17.cloudns.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultr.com

files.killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.159.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-159-212.us-west-2.compute.amazonaws.com

ci-mpsnare.iovation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.74.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.111.238.178 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-178.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.66 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-237-66.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.198.174.208 (United States)

ASN14907 (WIKIMEDIA, US)
PTR: upload-lb.esams.wikimedia.org

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	citi.com online.citi.com www.citi.com	622 KB
8	google.com cse.google.com www.google.com	207 KB
7	cloudns.nz interfaceauth-priority17.cloudns.nz	2 MB
3	bing.com bat.bing.com	722 B
3	medallia.com resources.digital-cloud-citi.medallia.com	91 KB
3	killbot.org files.killbot.org killbot.org	5 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	doubleclick.net googleads.g.doubleclick.net	3 KB
1	bluekai.com stags.bluekai.com	338 B
1	rlcdn.com sr.rlcdn.com	66 B
1	wikimedia.org upload.wikimedia.org	15 KB
1	iovation.com ci-mpsnare.iovation.com	610 B
52	12

	Domain	Requested by
17	online.citi.com	interfaceauth-priority17.cloudns.nz
7	www.google.com	interfaceauth-priority17.cloudns.nz cse.google.com
7	interfaceauth-priority17.cloudns.nz	interfaceauth-priority17.cloudns.nz
3	bat.bing.com	interfaceauth-priority17.cloudns.nz
3	resources.digital-cloud-citi.medallia.com	interfaceauth-priority17.cloudns.nz resources.digital-cloud-citi.medallia.com
2	googleads.g.doubleclick.net	interfaceauth-priority17.cloudns.nz
2	killbot.org	files.killbot.org
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	stags.bluekai.com	interfaceauth-priority17.cloudns.nz
1	sr.rlcdn.com	interfaceauth-priority17.cloudns.nz
1	upload.wikimedia.org	interfaceauth-priority17.cloudns.nz
1	www.citi.com	interfaceauth-priority17.cloudns.nz
1	ci-mpsnare.iovation.com	interfaceauth-priority17.cloudns.nz
1	cse.google.com	interfaceauth-priority17.cloudns.nz
1	files.killbot.org	interfaceauth-priority17.cloudns.nz
52	16

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
interfaceauth-priority17.cloudns.nz cPanel, Inc. Certification Authority	`2021-10-11` - `2022-01-09`	3 months	crt.sh
files.killbot.org R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
killbot.org R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
ci-mpsnare.iovation.com DigiCert SHA2 Extended Validation Server CA	`2021-04-21` - `2022-05-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
*.wikipedia.org DigiCert SHA2 High Assurance Server CA	`2020-11-09` - `2021-11-16`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Frame ID: C78DFC95429DD9928BB6763E6FDFC3E5
Requests: 51 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 0254494579C78F092A3AFF89F38AD0EF
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Frame ID: 2BD3AD79CC129C2812F3E1DC3B63FEAF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

52
Requests

96 %
HTTPS

0 %
IPv6

12
Domains

16
Subdomains

16
IPs

2
Countries

2506 kB
Transfer

3454 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login1.php Show response
interfaceauth-priority17.cloudns.nz/86456users34132/ 343 KB
344 KB 501ms
168ms Document
text/html 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1

Request headers

Host: interfaceauth-priority17.cloudns.nz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 12 Oct 2021 01:15:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK killbot-security.js Show response
files.killbot.org/.cdn-cgi/ 2 KB
3 KB 546ms
165ms Script
application/javascript 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://files.killbot.org/.cdn-cgi/killbot-security.js

Requested by

Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

45.63.85.138.vultr.com

Software

nginx / Killbot, Inc.

Resource Hash

13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:45 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Killbot, Inc.
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 2400
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 07 Aug 2021 14:01:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "610e923b-960"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK styles.b03f48c37f713682a724.css
interfaceauth-priority17.cloudns.nz/86456users34132/css/ 1 MB
1 MB 451ms
151ms Stylesheet
text/css 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:45 GMT
Last-Modified: Sun, 21 Mar 2021 01:47:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1239121

GET
H/1.1 200
OK media.css
interfaceauth-priority17.cloudns.nz/86456users34132/ 932 B
1 KB 469ms
156ms Stylesheet
text/css 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/media.css
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:45 GMT
Last-Modified: Sun, 21 Mar 2021 02:13:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 932

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 75ms
39ms Script
text/javascript 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

gws /

Resource Hash

fd9a53f18020bfb342d9d88f347bf94280915fd60cd350e409cb48cd93cdb6d8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Tue, 12 Oct 2021 01:15:45 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3499
x-xss-protection: 0

GET
H/1.1 200
OK whois Show response
killbot.org/api/v2/ 265 B
1021 B 466ms
160ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: c68001aa7b2e4c36d5d667092733b5fcd3b9f2bd0b9503f9f700f87f5cbeee6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Oct 2021 01:15:45 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK logo.js Show response
ci-mpsnare.iovation.com/script/ 96 B
610 B 696ms
169ms Script
text/javascript 54.69.159.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/script/logo.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.159.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-159-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

622797067d53352f28b3526c5dc1d48ae5af549422762f7e0a2f253237d0939a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Wed, 12 Oct 2022 01:15:46 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/921554e23151c152/ 264 KB
88 KB 37ms
12ms Script
text/javascript 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/cse_element__en.js?usqp=CAI%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

sffe /

Resource Hash

9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 14:58:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89466
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 10 Oct 2022 14:58:23 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/921554e23151c152/ 41 KB
9 KB 32ms
7ms Stylesheet
text/css 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/default+en.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

sffe /

Resource Hash

051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 13:21:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9045
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sat, 08 Oct 2022 13:21:07 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
2 KB 31ms
7ms Stylesheet
text/css 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:00:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 12 Oct 2021 01:50:26 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 39ms
6ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7d6ecfbd99dd3feaf63fb84ccd9df372c3c1287bc61c7a38f78afb7593c08de1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: v74DJ8qp8VC2xe1Rui.jWHeroRuyFZRM
content-encoding: gzip
etag: "0c0229c063cde34b86a9762cef1eaa5c"
age: 532063
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: qkeW4KrKg47WtcA29c5tmJl+bOxlgzMu8IQkOD8bllUThyAgm+dJqpbdhP51vbvpozBWVCShBTw=
x-served-by: cache-hhn4061-HHN
last-modified: Tue, 05 Oct 2021 21:27:54 GMT
server: AmazonS3
x-timer: S1634001346.502347,VS0,VE0
date: Tue, 12 Oct 2021 01:15:45 GMT
vary: Accept-Encoding
x-amz-request-id: 62SE40CWXX91D9J5
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 21

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 41ms
18ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919652&cv=9&fst=1608659919652&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

64b68c55abf8ed86766fa8969b08a1a229069e3ad525cf08d678d84bba514b5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 01:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1005
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
2 KB 41ms
18ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919663&cv=9&fst=1608659919663&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

8537ff23b359b3709f1ca48486c71aef136a5b677f6937d107ca78bdda97dac8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 01:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1003
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 citilogoredesign.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 79ms
25ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1799
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 72e7c6c8-7147-4945-7797-f661eefea83e
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 050-location@2x.svg
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 89ms
36ms Image
image/svg+xml 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

sid: d7c285fc-c00f-4e5b-a6b9-563d090e6ef8
content-encoding: gzip
x-content-type-options: nosniff
nonce: 4303252070578587
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: GT1DMS
content-length: 758
x-xss-protection: 1; mode=block
uuid: 80f95349-1c5e-4d4b-99b7-18faa3657d7a
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: image/svg+xml
access-control-allow-origin
x-vcap-request-id: 41025d65-8570-4cc2-7e06-6d5f53a7d212
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 66ms
12ms Image
image/svg+xml 23.45.237.66
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.45.237.66 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-237-66.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Sid: a5f531e1-4fcf-4b74-bd11-f3331b72625b
Content-Encoding: gzip
ETag: W/"dc3-17c11923518"
Nonce: 4686193998349757
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: 36dded17-f685-44ac-a907-0094cbde0c56
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Tue, 12 Oct 2021 01:15:45 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: a755f087-b57a-4e47-5bf1-abfacbbedb43
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Tue, 12 Oct 2021 07:15:45 GMT

GET
H2 200 1200px-Hamburger_icon.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/ 14 KB
15 KB 48ms
16ms Image
image/png 91.198.174.208
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/1200px-Hamburger_icon.svg.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.198.174.208 , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

upload-lb.esams.wikimedia.org

Software

ATS/8.0.8 /

Resource Hash

e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 15:01:16 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 36868
x-cache-status: hit-front
x-cache: cp3061 hit, cp3065 hit/6
content-disposition: inline;filename*=UTF-8''Hamburger_icon.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3065"
content-length: 14199
x-client-ip: 216.131.114.163
x-object-meta-sha1base36: cahm2nlb65f2xcizmgouz9b2duv16ya
last-modified: Fri, 31 Mar 2017 13:01:56 GMT
server: ATS/8.0.8
etag: 79b18a5d205cdebc264fc06817b73584
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
x-timestamp: 1490965315.47926
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache

GET
H2 200 HP8764_H2.jpg
online.citi.com/JRS/banners/hero_background/ 196 KB
197 KB 91ms
38ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP8764_H2.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Thu, 08 Oct 2020 21:56:16 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 200475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 7717_HYCA_ME_m1m73up.jpg
online.citi.com/JRS/banners/modules/ 49 KB
50 KB 107ms
54ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/7717_HYCA_ME_m1m73up.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 50262
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP418_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 115ms
62ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP418_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Fri, 16 Jul 2021 16:04:44 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_DoubleCash.jpg
online.citi.com/JRS/banners/modules/ 21 KB
21 KB 119ms
66ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 21180
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP7643_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 65ms
63ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP7643_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53152
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 528-Citibank_Illustrations_Article_01.jpg
online.citi.com/JRS/banners/modules/ 14 KB
14 KB 85ms
84ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/528-Citibank_Illustrations_Article_01.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Fri, 16 Jul 2021 16:04:34 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 14137
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP8564_M.jpg
online.citi.com/JRS/banners/modules/ 71 KB
72 KB 86ms
85ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP8564_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:15:45 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 72898
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 24 KB
25 KB 98ms
97ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/googlePlay@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 25077
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 7885d355-a802-4047-5d4d-c0f6d7ccbfdb
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 20 KB
21 KB 115ms
114ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/appStore@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 20047
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: cd74e881-2cc7-4c44-7358-d839b92255a9
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_facebook@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
1 KB 134ms
132ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 445
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 9f1b3764-abab-4c78-4f1b-f0baba533382
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_twitter@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 145ms
144ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1277
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 57eb052c-c712-4cea-5110-5bad8bcddd67
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_youtube@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 155ms
154ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1175
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 60e2a3ce-9b48-4a6a-7f92-abf1bda8398a
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found 320_Citi-PLT@3x.png
interfaceauth-priority17.cloudns.nz/86456users34132/cbol-pre-login-static-assets/citi-branding-assets/images/ 315 B
315 B 160ms
159ms Image
text/html 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:45 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 1440_Citi-PLT@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
28 KB 161ms
160ms Image
image/png 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 28149
x-xss-protection: 1; mode=block
expires: Tue, 12 Oct 2021 07:15:45 GMT
last-modified: Thu, 23 Sep 2021 07:32:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:45 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: edb6911e-08c4-44ce-60a8-e4d297226a78
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 204 0
bat.bing.com/action/ 0
314 B 94ms
47ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=271722
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 12 Oct 2021 01:15:45 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 1E743FD2B242461B9079987FBF39561C Ref B: PRG01EDGE0708 Ref C: 2021-10-12T01:15:45Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
204 B 50ms
47ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&ea=Application&evt=custom&msclkid=N&rn=480075
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 12 Oct 2021 01:15:45 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 666314AA4F4C451580382C780683EC07 Ref B: PRG01EDGE0708 Ref C: 2021-10-12T01:15:45Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
204 B 49ms
48ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=8936f9d9-a058-48c7-b3bb-647f9b931c9f&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=429226
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 12 Oct 2021 01:15:45 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 6BD27CD4A8C84082B043D59F4ED94A56 Ref B: PRG01EDGE0708 Ref C: 2021-10-12T01:15:45Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1592741950571_CTA_Feedback(final).png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
2 KB 7ms
6ms Image
image/png 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-encoding: gzip
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
age: 674122
via: 1.1 varnish
x-cache: HIT
content-length: 2219
x-amz-id-2: OpiJIbEvmJ2RY79L44d4wVZHLcRAjl7M3lHegtmrQYLp+cYIJFYDTGjz9xv4k8eVVdHAwRnfdsI=
x-served-by: cache-hhn4061-HHN
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
server: AmazonS3
x-timer: S1634001346.538529,VS0,VE0
date: Tue, 12 Oct 2021 01:15:45 GMT
vary: Accept-Encoding
x-amz-request-id: HC78HS3T503XY67N
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 14

GET
H/1.1 401
Unauthorized blocker Show response
killbot.org/api/v2/ 146 B
911 B 160ms
160ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=216.131.114.163&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/93.0.4577.63%20Safari/537.36&url=?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Oct 2021 01:15:45 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/cc267ab8871224bd/ 290 KB
95 KB 10ms
8ms Script
text/javascript 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/cc267ab8871224bd/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

sffe /

Resource Hash

323a804a3f14a53edd48617524b4911dbae8ac3b8d427c3a9bd820a129560859

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 09:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97670
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 21:05:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 11 Oct 2022 09:10:26 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/cc267ab8871224bd/ 41 KB
9 KB 8ms
7ms Stylesheet
text/css 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/cc267ab8871224bd/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 09:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 21:05:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 11 Oct 2022 09:10:26 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 26ms
25ms Image
image/gif 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3937272381&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 01:15:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 25ms
25ms Image
image/gif 142.250.74.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=477445240&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Oct 2021 01:15:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 0254 0
66 B 163ms
118ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://interfaceauth-priority17.cloudns.nz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/

Response headers

date: Tue, 12 Oct 2021 01:15:46 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 404 search.svg
online.citi.com/citi-branding-assets/images/ 0
0 521ms
521ms Image
text/html 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online.citi.com/citi-branding-assets/images/search.svg
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-178.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 918 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
interfaceauth-priority17.cloudns.nz/86456users34132/assets/branding/ 315 B
315 B 150ms
150ms Image
text/html 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/assets/branding/Citi-Branding-Sprite.png
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:46 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Light.woff
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.woff
interfaceauth-priority17.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 159ms
159ms Font
text/html 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://interfaceauth-priority17.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://interfaceauth-priority17.cloudns.nz
Accept-Encoding: gzip, deflate, br
Host: interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Origin: https://interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:46 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 2BD3 71 B
338 B 175ms
143ms Document
text/html 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-191.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://interfaceauth-priority17.cloudns.nz/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: fa16
Date: Tue, 12 Oct 2021 01:15:46 GMT
Connection: keep-alive
X-N: S

GET
H2 200 Interstate-Light.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 150 KB
76 KB 112ms
112ms Font
font/ttf 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d02e7dd453bd2ad105b94b84e60eddacc279fbc606bf300c24107ee7819ea702

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://interfaceauth-priority17.cloudns.nz/
Origin: https://interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

sid: 05b494bb-84b2-4946-8ca7-20da8f758b7d
content-encoding: gzip
x-content-type-options: nosniff
nonce: 2373385659614084
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: SW1DMS
content-length: 76175
x-xss-protection: 1; mode=block
uuid: e6e92363-8c5e-41da-97cd-ba24c2487ce6
expires: Tue, 12 Oct 2021 07:15:46 GMT
last-modified: Thu, 23 Sep 2021 04:46:13 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Tue, 12 Oct 2021 01:15:46 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: font/ttf
access-control-allow-origin: https://interfaceauth-priority17.cloudns.nz
x-vcap-request-id: 7c7e74a5-2def-4061-6a56-e36541c9b2d8
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET Interstate-Bold.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.ttf
interfaceauth-priority17.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 160ms
159ms Font
text/html 34.125.145.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://interfaceauth-priority17.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
Requested by: Host: interfaceauth-priority17.cloudns.nz
URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.125.145.159 Las Vegas, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.145.125.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://interfaceauth-priority17.cloudns.nz
Accept-Encoding: gzip, deflate, br
Host: interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://interfaceauth-priority17.cloudns.nz/86456users34132/css/styles.b03f48c37f713682a724.css
Origin: https://interfaceauth-priority17.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 12 Oct 2021 01:15:46 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 generic1633469271800.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 526 KB
87 KB 6ms
6ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1633469271800.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7bd93ed53c190d531b7a41d860960914e7c005fd992ed4ca2a5370ca885dd9f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: 0SC9EjJms6Aq_P9S9iuEAFh0xZYwM3Vo
content-encoding: gzip
etag: "23a8811f7e034cd28245f8d4f1d15f47"
age: 532063
via: 1.1 varnish
x-cache: HIT
content-length: 89148
x-amz-id-2: 7Ix/qx5f8pexzbByP09Rm3KqD52Q080G/V0DROEnRBgCy8b9GT/UxgkuBAzF9sWDvMh8nw8LWdk=
x-served-by: cache-hhn4061-HHN
last-modified: Tue, 05 Oct 2021 21:27:53 GMT
server: AmazonS3
x-timer: S1634001347.867511,VS0,VE0
date: Tue, 12 Oct 2021 01:15:46 GMT
vary: Accept-Encoding
x-amz-request-id: JDZ1G1GR21HAMD54
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 29

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 44ms
6ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1633469271800.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 751099
via: 1.1 varnish
x-cache: HIT
content-length: 5197
x-amz-id-2: kDddomr1FHBih4KAUvS8DrOoS+9b6qzboqZmgx7LlEeRhwD/F3UiwxWp3WVrtZ/JyUcZcz3IN5k=
x-served-by: cache-hhn4025-HHN
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1634001347.945583,VS0,VE0
date: Tue, 12 Oct 2021 01:15:46 GMT
vary: Accept-Encoding
x-amz-request-id: 3JBDPGF3RZM21Z5S
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 355405

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
317 B 115ms
99ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkzLjAuNDU3Ny42MyBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTYzNDAwMTM0Njk1MyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdjNzIxMWUxODc0NWEtMDg5ODljMDg0NDk2M2EtYTdkMTkzZC0xZDRjMDAtMTdjNzIxMWUxODg4YmUiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly9pbnRlcmZhY2VhdXRoLXByaW9yaXR5MTcuY2xvdWRucy5uei84NjQ1NnVzZXJzMzQxMzIvbG9naW4xLnBocD9sU1FvbFoxYTZYQzlYWHRGaVRuZzJpNXFPVEZSWjJDUm1mYmRmN2k2SEd3WXRlNEl5S1VLSVNNbFk5cm85aE9VcDZEb1ZnR3BXdUZ2UHprNHZMRUV6VzZUVklZaUVBdzNwTFNhQWxZcjV4S0lJTVFTdm93eTdDSE5ybjlVUUd5a3A0dGxOWTU1alZ0MFE5ZVI0V3Y0bWs9Iiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZhZTEtZjgxMS1jNDRmLWI1ODAtNzU0YS1hNjQ3LWY4ZTUtMzM0OCIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjM0MDAxMzQ2OTA5Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDIwNCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDEuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDEuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTYzNDAwMTM0NjkyOCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interfaceauth-priority17.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-1628
date: Tue, 12 Oct 2021 01:15:47 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 21:53:22	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-20 07:14:57	Name: MUID Value: 11E51C6EFB4E692E3CE50CA0FA0B689C
interfaceauth-priority17.cloudns.nz/	1970-01-20 06:38:57	Name: mdLogger Value: false
interfaceauth-priority17.cloudns.nz/	1970-01-20 06:38:57	Name: kampyle_userid Value: fae1-f811-c44f-b580-754a-a647-f8e5-3348
interfaceauth-priority17.cloudns.nz/	1970-01-20 06:38:57	Name: kampyleUserSession Value: 1634001346909
interfaceauth-priority17.cloudns.nz/	1970-01-20 06:38:57	Name: kampyleUserSessionsCount Value: 1
interfaceauth-priority17.cloudns.nz/	1970-01-20 06:38:57	Name: kampyleSessionPageCounter Value: 1
.interfaceauth-priority17.cloudns.nz/	1970-01-20 06:38:57	Name: cd_user_id Value: 17c7211e18745a-08989c0844963a-a7d193d-1d4c00-17c7211e1888be

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=216.131.114.163&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/93.0.4577.63%20Safari/537.36&url=?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk= Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
javascript	error	URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://interfaceauth-priority17.cloudns.nz' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://interfaceauth-web017.cloudns.nz' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/assets/branding/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://interfaceauth-priority17.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://interfaceauth-priority17.cloudns.nz/86456users34132/login1.php?lSQolZ1a6XC9XXtFiTng2i5qOTFRZ2CRmfbdf7i6HGwYte4IyKUKISMlY9ro9hOUp6DoVgGpWuFvPzk4vLEEzW6TVIYiEAw3pLSaAlYr5xKIIMQSvowy7CHNrn9UQGykp4tlNY55jVt0Q9eR4Wv4mk= Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'https://interfaceauth-priority17.cloudns.nz' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://interfaceauth-web017.cloudns.nz' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://interfaceauth-priority17.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://online.citi.com/citi-branding-assets/images/search.svg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
ci-mpsnare.iovation.com
cse.google.com
files.killbot.org
googleads.g.doubleclick.net
interfaceauth-priority17.cloudns.nz
killbot.org
nebula-cdn.kampyle.com
online.citi.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
udc-neb.kampyle.com
upload.wikimedia.org
www.citi.com
www.google.com
online.citi.com
104.111.215.191
104.111.238.178
13.107.21.200
142.250.181.226
142.250.184.238
142.250.74.196
151.101.129.175
151.101.194.133
23.45.237.66
34.125.145.159
35.190.60.146
35.241.45.82
45.63.85.138
54.69.159.212
91.198.174.208
051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d
323a804a3f14a53edd48617524b4911dbae8ac3b8d427c3a9bd820a129560859
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d
622797067d53352f28b3526c5dc1d48ae5af549422762f7e0a2f253237d0939a
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
64b68c55abf8ed86766fa8969b08a1a229069e3ad525cf08d678d84bba514b5c
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1
716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107
7d6ecfbd99dd3feaf63fb84ccd9df372c3c1287bc61c7a38f78afb7593c08de1
8537ff23b359b3709f1ca48486c71aef136a5b677f6937d107ca78bdda97dac8
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
c68001aa7b2e4c36d5d667092733b5fcd3b9f2bd0b9503f9f700f87f5cbeee6a
cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d
d02e7dd453bd2ad105b94b84e60eddacc279fbc606bf300c24107ee7819ea702
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bd93ed53c190d531b7a41d860960914e7c005fd992ed4ca2a5370ca885dd9f
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd9a53f18020bfb342d9d88f347bf94280915fd60cd350e409cb48cd93cdb6d8

interfaceauth-priority17.cloudns.nz Open in urlscan Pro 34.125.145.159 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

52 Requests

96 %HTTPS

0 %IPv6

12 Domains

16 Subdomains

16 IPs

2 Countries

2506 kBTransfer

3454 kBSize

8 Cookies

1 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

interfaceauth-priority17.cloudns.nz Open in urlscan Pro
34.125.145.159 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

96 %
HTTPS

0 %
IPv6

12
Domains

16
Subdomains

16
IPs

2
Countries

2506 kB
Transfer

3454 kB
Size

8
Cookies

52 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!