citizenswell.dray-dns.de Open in urlscan Pro
45.58.52.43 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citizenswell.dray-dns.de/
Submission: On July 15 via manual (July 15th 2022, 8:41:17 pm UTC) from US — Scanned from DE

Summary HTTP 60 Redirects Links 50 Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 6 domains to perform 60 HTTP transactions. The main IP is 45.58.52.43, located in Dallas, United States and belongs to HOSTUS-GLOBAL-AS HostUS, HK. The main domain is citizenswell.dray-dns.de.
TLS certificate: Issued by R3 on July 15th 2022. Valid for: 3 months.

This is the only time citizenswell.dray-dns.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
11	45.58.52.43 45.58.52.43	7489 (HOSTUS-GL...) (HOSTUS-GLOBAL-AS HostUS)
27	104.90.136.64 104.90.136.64	16625 (AKAMAI-AS) (AKAMAI-AS)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
2	2a02:26f0:480... 2a02:26f0:480:297::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:fb:... 2a02:26f0:fb:187::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	178.249.97.99 178.249.97.99	11054 (LIVEPERSON) (LIVEPERSON)
7	178.249.97.98 178.249.97.98	11054 (LIVEPERSON) (LIVEPERSON)
2	208.89.15.170 208.89.15.170	11054 (LIVEPERSON) (LIVEPERSON)
2	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
60	10

11 45.58.52.43 (Dallas, United States)

ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK)

citizenswell.dray-dns.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 104.90.136.64 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-136-64.deploy.static.akamaitechnologies.com

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:297::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
684dd330.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:fb:187::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.249.97.99 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.249.97.98 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.15.170 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.idp.liveperson.net

va.idp.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	citizensbankonline.com www3.citizensbankonline.com — Cisco Umbrella Rank: 118748	389 KB
11	dray-dns.de citizenswell.dray-dns.de	22 KB
10	lpsnmedia.net accdn.lpsnmedia.net — Cisco Umbrella Rank: 3063 lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 3062	406 KB
6	liveperson.net lptag.liveperson.net — Cisco Umbrella Rank: 3162 va.idp.liveperson.net — Cisco Umbrella Rank: 11159 va.v.liveperson.net — Cisco Umbrella Rank: 3576	119 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1283 c.go-mpulse.net — Cisco Umbrella Rank: 522	50 KB
1	akstat.io 684dd330.akstat.io — Cisco Umbrella Rank: 55143	208 B
60	6

	Domain	Requested by
27	www3.citizensbankonline.com	citizenswell.dray-dns.de www3.citizensbankonline.com
11	citizenswell.dray-dns.de	citizenswell.dray-dns.de www3.citizensbankonline.com
7	lpcdn.lpsnmedia.net	lptag.liveperson.net
3	accdn.lpsnmedia.net	lptag.liveperson.net lpcdn.lpsnmedia.net
2	va.v.liveperson.net	lptag.liveperson.net
2	va.idp.liveperson.net	lptag.liveperson.net va.idp.liveperson.net
2	lptag.liveperson.net	citizenswell.dray-dns.de
1	684dd330.akstat.io	s.go-mpulse.net
1	c.go-mpulse.net	s.go-mpulse.net
1	s.go-mpulse.net	citizenswell.dray-dns.de
60	10

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
jobs.citizensbank.com
www3.citizensbankonline.com
student.citizensbank.com
investor.citizensbank.com

Subject Issuer	Validity	Valid
citizenswell.dray-dns.de R3	`2022-07-15` - `2022-10-13`	3 months	crt.sh
citizensbankonline.com Entrust Certification Authority - L1M	`2022-04-13` - `2023-04-13`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2022-02-07` - `2023-02-07`	a year	crt.sh
*.idp.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-06-09` - `2023-06-09`	a year	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-03-22` - `2023-03-22`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://citizenswell.dray-dns.de/
Frame ID: A8B1E064C6C98E728E51304537FFA666
Requests: 55 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Frame ID: 1D145DCE4DB8EB117C0FFB2E96819D47
Requests: 2 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.17.0.0-release_5076/storage.secure.min.html?loc=https%3A%2F%2Fcitizenswell.dray-dns.de&site=89632304&env=prod&isCrossDomain=true
Frame ID: 33192CFC5A0A0DC5D1EF7950EF6071B6
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1657917673388&loc=https%3A%2F%2Fcitizenswell.dray-dns.de
Frame ID: B9AE355E8FD41C65666AB443D23875DB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Banking | Citizens

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

60
Requests

95 %
HTTPS

22 %
IPv6

6
Domains

10
Subdomains

10
IPs

3
Countries

987 kB
Transfer

2967 kB
Size

0
Cookies

50 Outgoing links

These are links going to different origins than the main page.

URL: http://www.citizensbank.com/

Search URL Search Domain Scan URL

URL: https://jobs.citizensbank.com/?utm_source=OT&utm_medium=Consumer_Marketing&utm_campaign=RM_CustomerMkt_OLB&utm_term=&utm_content=Other
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www3.citizensbankonline.com/efs/ui/tli/index.html
Title: Trouble logging in?

Search URL Search Domain Scan URL

URL: https://www3.citizensbankonline.com/efs/ui/enrollment/index.html
Title: Enroll Now

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking/
Title: Checking

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/savings-and-cds/savings.aspx
Title: Savings

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/savings-and-cds/money-markets.aspx
Title: Money Markets

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/savings-and-cds/cds.aspx
Title: Certificates of Deposit (CDs) ®

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/ira/
Title: IRAs

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking-and-savings/programs-and-services.aspx
Title: Programs & Services

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking-and-savings/benefits-and-features.aspx
Title: Benefits & Features

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking/debit-cards/standard.aspx
Title: Debit Card

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/overdraft-protection/
Title: Overdraft Choices ®

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/mortgages/
Title: Mortgages

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/home-equity/loans.aspx
Title: Home Equity Loans

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/home-equity/lines.aspx
Title: Home Equity Lines of Credit

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/loans/determine-my-rate.aspx
Title: Determine My Rate

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/student-loans/default.aspx
Title: Student Loan Options

Search URL Search Domain Scan URL

URL: https://student.citizensbank.com/app/#/login
Title: Refinancing Student Loans

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/student-loans/process/default.aspx
Title: The Student Loan Process

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/student-loans/process/undergraduate.aspx
Title: Undergraduate Students & Parents

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/student-loans/process/graduate.aspx
Title: Graduate Students

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/student-loans/tools.aspx
Title: Tools & Information

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking/one-deposit-checking-account.aspx
Title: Banking for Students

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/student-services/access-my-student-loan/default.aspx
Title: Access My Student Loan

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/credit-cards/overview.aspx
Title: Credit Cards

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/cards-and-rewards/credit-cards/creditcardagreements/agreements.aspx
Title: Card Agreements

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/security/
Title: Security Features

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/personal-loans/overview.aspx
Title: Overview

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/personal-loans/faqs.aspx
Title: FAQs

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking/order-checks.aspx
Title: Order Checks

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/online-and-mobile-banking/default.aspx
Title: Online & Mobile Banking

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/customer-service/
Title: Customer Service

Search URL Search Domain Scan URL

URL: http://investor.citizensbank.com/about-us/our-company.aspx
Title: About Citizens

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/community/
Title: In the Community

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/about_our_ads.aspx
Title: About Our Ads

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/investing/
Title: Investing

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/small-business/
Title: Small Business

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/commercial-banking/
Title: Commercial

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/pf/onlinebanking/terms.aspx
Title: Online Terms and Conditions

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/assets/pdf/E-SignDisclosure.pdf
Title: E-Sign Disclosure

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/checking-and-savings/account-documents.aspx
Title: Account Documents

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/tools/leaving.aspx?url=http://www.fdic.gov
Title: Member FDIC

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/security/equal-housing-lender.aspx
Title: Equal Housing Lender

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/tools/SiteMap.aspx
Title: Site Map

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/tools/leaving.aspx?url=http://www.facebook.com/citizensbank

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/tools/leaving.aspx?url=http://twitter.com/citizensbank

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/tools/leaving.aspx?url=http://linkedin.com/company/citizens-bank

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/tools/leaving.aspx?url=http://youtube.com/citizensbank

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

60 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
citizenswell.dray-dns.de/ 33 KB
10 KB 427ms
142ms Document
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: 7b9743f28b2d35a15a6f2249a2933dd11a24a3cfe36f1e07cf46a7c869926600

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 10441
Content-Type: text/html
Date: Fri, 15 Jul 2022 20:41:11 GMT
ETag: "832e-5e3db046d1fb0-gzip"
Last-Modified: Fri, 15 Jul 2022 17:04:55 GMT
Server: nginx
Vary: Accept-Encoding

GET
H2 404 Bootstrap.js
www3.citizensbankonline.com//nexus.ensighten.com/citizensbank/olbprod/ 0
0 425ms
307ms Script
text/html 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www3.citizensbankonline.com//nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-136-64.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 pm_fp.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/ 23 KB
6 KB 293ms
175ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5739
x-olb-req-received: t=1657696951724752
last-modified: Wed, 13 Jul 2022 07:23:38 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "5cbf-5e14a8518aaea"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:03 GMT
cache-control: max-age=34851
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=1097

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
3 KB 133ms
15ms Stylesheet
text/css 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3118
x-olb-req-received: t=1657696965471371
last-modified: Wed, 13 Jul 2022 07:24:18 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "4a56-5e14a8518e430"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=670

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 143ms
25ms Stylesheet
text/css 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2300
x-olb-req-received: t=1657696948359972
last-modified: Wed, 13 Jul 2022 11:32:16 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "26c2-5e14a80783b84"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=555

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
11 KB 156ms
39ms Stylesheet
text/css 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 10382
x-olb-req-received: t=1657696964452599
last-modified: Wed, 13 Jul 2022 07:54:48 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "f405-5e14a8518e430"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=2221

GET
H2 200 flows.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
2 KB 166ms
49ms Stylesheet
text/css 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1975
x-olb-req-received: t=1657696948587915
last-modified: Wed, 13 Jul 2022 07:31:15 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "21ce-5e14a80782be4"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=579

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 7 KB
2 KB 181ms
64ms Stylesheet
text/css 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1227
x-olb-req-received: t=1657696948342480
last-modified: Wed, 13 Jul 2022 08:43:49 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "1dd4-5e14a80782be4"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=388

GET
H2 200 modernizr-2.6.2.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 15 KB
6 KB 254ms
137ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5535
x-olb-req-received: t=1657696992129437
last-modified: Wed, 13 Jul 2022 08:10:56 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "3c36-5e14a8078473c"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=750

GET
H2 200 plugins.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 199 KB
38 KB 266ms
150ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 38875
x-olb-req-received: t=1657696964502321
last-modified: Wed, 13 Jul 2022 07:47:00 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "31d24-5e14a8078473c"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=8309

GET
H2 200 main.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 19 KB
4 KB 233ms
116ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3967
x-olb-req-received: t=1657698035561860
last-modified: Wed, 13 Jul 2022 10:24:27 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "4c03-5e14a80784354"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=823

GET
H2 200 placeholders.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 4 KB
2 KB 214ms
97ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1394
x-olb-req-received: t=1657696964476938
last-modified: Wed, 13 Jul 2022 07:23:30 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "10aa-5e14a8518b6a2"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=481

GET
H2 200 citizens-logo-sm.png
www3.citizensbankonline.com//efs/efs/grafx/ 3 KB
3 KB 94ms
94ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com//efs/efs/grafx/citizens-logo-sm.png

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657904847208554
last-modified: Sat, 29 Jan 2022 03:00:50 GMT
etag: "ae9-5d6afc2402c6a"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=591912
x-olb-req-duration: D=120
server-timing: cdn-cache; desc=HIT, edge; dur=65
content-length: 2793
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Fri, 22 Jul 2022 17:06:24 GMT

GET
H2 200 citizens-logo-sm.png
www3.citizensbankonline.com/efs/efs/grafx/ 3 KB
3 KB 94ms
93ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/citizens-logo-sm.png

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657904847208554
last-modified: Sat, 29 Jan 2022 03:00:50 GMT
etag: "ae9-5d6afc2402c6a"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=591979
x-olb-req-duration: D=120
server-timing: cdn-cache; desc=HIT, edge; dur=71
content-length: 2793
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Fri, 22 Jul 2022 17:07:31 GMT

GET
H2 200 citizensHeaderFooter-citizensns2574.js Show response
www3.citizensbankonline.com/efs/hhf/js/ 428 KB
108 KB 20ms
20ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/hhf/js/citizensHeaderFooter-citizensns2574.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

61cd9d38106687c56e2e69e5100c8aa56c64dd4e479033a02a2e332e5ddeebec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 109962
x-olb-req-received: t=1657696964412559
last-modified: Wed, 13 Jul 2022 07:51:48 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "6b00d-5dbf2848be1ef"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=8359

GET
H2 200 wuEjoFLFQ Show response
www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/ 130 KB
50 KB 22ms
22ms Script
application/javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

fe4608305f72a1d92ca64aae9007cce1296b28c455676e3a70e810c67a2531d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: gzip
last-modified: Thu, 28 Apr 2022 16:28:03 GMT
etag: "34b8c157617706a28566ace966b535019fe296c8b939e39a7e0d54b6d6a5148e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
content-length: 50045
lb-action: None
expires: Tue, 09 Aug 2022 23:59:56 GMT, 0

GET
H/1.1 404
Not Found sec-3-6.css
citizenswell.dray-dns.de/_sec/cp_challenge/ 0
0 140ms
140ms Stylesheet
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://citizenswell.dray-dns.de/_sec/cp_challenge/sec-3-6.css
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 sec-cpt-3-6.js Show response
www3.citizensbankonline.com/_sec/cp_challenge/ 10 KB
4 KB 60ms
59ms Script
application/javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/_sec/cp_challenge/sec-cpt-3-6.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

05b1cf5bf5ccce6868ffd66fb866bbaa3083ee1960776ed96fc7ad73edc15f83

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 22:46:44 GMT
etag: "4724a5413e7eeb6a7ea3e708b5ec5140344e1b2beaefe78ca56625b328570ee0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
server-timing: cdn-cache; desc=HIT, edge; dur=24
strict-transport-security: max-age=15768000
content-length: 3547
lb-action: None
expires: Sat, 16 Jul 2022 20:41:12 GMT

GET
H2 200 common.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 5 KB
2 KB 16ms
15ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/common.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1356
x-olb-req-received: t=1657696948691701
last-modified: Wed, 13 Jul 2022 09:25:04 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "12f5-5e14a80783b84"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=346

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 44ms
22ms Font
application/octet-stream 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://citizenswell.dray-dns.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697011364773
last-modified: Mon, 13 Jun 2022 01:51:00 GMT
etag: "7ce0-5e14a8518e430"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=384110
x-olb-req-duration: D=187
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:23:02 GMT

GET
H2 200 jquery-1.9.1.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 90 KB
29 KB 18ms
17ms Script
application/x-javascript 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://citizenswell.dray-dns.de/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 29409
x-olb-req-received: t=1657696948642148
last-modified: Wed, 13 Jul 2022 09:30:14 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "169d6-5e14a8518e818"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sat, 16 Jul 2022 06:22:02 GMT
cache-control: max-age=34850
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=4789

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 289ms
19ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/tag/tag.js?site=89632304

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H2 200 A9397-AA2WQ-WQN9E-BBVTK-Y8BXE Show response
s.go-mpulse.net/boomerang/ Frame 1D14 205 KB
49 KB 33ms
7ms Script
application/javascript 2a02:26f0:480:297::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:480:297::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: br
last-modified: Wed, 29 Jun 2022 01:51:20 GMT
x-n: S
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
DATA 200
OK truncated
/ 723 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1699319d1a0e97bc5dab1f23467264b58c0ae190c5554892b675ae348e2b88e0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 icon-secure.png
www3.citizensbankonline.com/efs/efs/grafx/ 292 B
605 B 84ms
84ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697012526281
last-modified: Sat, 29 Jan 2022 03:02:19 GMT
etag: "124-5d6afc794472b"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=384047
x-olb-req-duration: D=147
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 292
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:21:59 GMT

GET
H2 200 flows-tooltip.png
www3.citizensbankonline.com/efs/efs/grafx/ 364 B
677 B 92ms
92ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697012558765
last-modified: Sat, 29 Jan 2022 03:00:50 GMT
etag: "16c-5d6afc240e017"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=384131
x-olb-req-duration: D=119
server-timing: cdn-cache; desc=HIT, edge; dur=6
content-length: 364
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:23:23 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 28ms
28ms Font
application/octet-stream 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://citizenswell.dray-dns.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697011368387
last-modified: Mon, 13 Jun 2022 01:51:00 GMT
etag: "485c-5e14a85189b4a"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=384128
x-olb-req-duration: D=175
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:23:20 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 48ms
47ms Font
application/octet-stream 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://citizenswell.dray-dns.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697011357882
last-modified: Mon, 13 Jun 2022 01:49:42 GMT
etag: "7c78-5e14a807833b4"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=384177
x-olb-req-duration: D=165
server-timing: cdn-cache; desc=HIT, edge; dur=12
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:24:09 GMT

GET
H2 200 arrow-button-white.png
www3.citizensbankonline.com/efs/efs/grafx/ 1017 B
1 KB 104ms
103ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657696951950764
last-modified: Sat, 29 Jan 2022 03:00:50 GMT
etag: "3f9-5d6afc23fb73c"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=384040
x-olb-req-duration: D=158
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 1017
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:21:52 GMT

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 117ms
116ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697012545804
last-modified: Sat, 29 Jan 2022 03:02:19 GMT
etag: "41e-5d6afc790e7e4"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=384133
x-olb-req-duration: D=122
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:23:25 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
478 B 122ms
122ms Image
image/png 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657696951974610
last-modified: Sat, 29 Jan 2022 03:00:50 GMT
etag: "a5-5d6afc23fb73c"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=383975
x-olb-req-duration: D=129
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:20:47 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 69ms
69ms Font
application/octet-stream 104.90.136.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-136-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://citizenswell.dray-dns.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
x-olb-req-received: t=1657697013697334
last-modified: Mon, 13 Jun 2022 01:49:42 GMT
etag: "6ccc-5e14a807833b4"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=384160
x-olb-req-duration: D=180
server-timing: cdn-cache; desc=HIT, edge; dur=17
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Wed, 20 Jul 2022 07:23:52 GMT

POST wuEjoFLFQ
www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/ 0
0

GET
H/1.1 404
Not Found citizensns.min.2574.css
citizenswell.dray-dns.de/efs/hhf/css/ 0
0 140ms
140ms Stylesheet
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://citizenswell.dray-dns.de/efs/hhf/css/citizensns.min.2574.css
Requested by: Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/hhf/js/citizensHeaderFooter-citizensns2574.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found CTZ_Green-01.png
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 273ms
143ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/CTZ_Green-01.png
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found equal-housing.gif
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 415ms
142ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/equal-housing.gif
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found footer-follow-facebook.png
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 413ms
139ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-facebook.png
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found footer-follow-twitter.png
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 421ms
140ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-twitter.png
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found footer-follow-linkedin.png
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 421ms
140ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-linkedin.png
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found footer-follow-youtube.png
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 299ms
140ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-youtube.png
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found elh.gif
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 163ms
142ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/elh.gif
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:12 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found fdicFooter.gif
citizenswell.dray-dns.de/efs/hhf/img/ 1 KB
1 KB 138ms
138ms Image
text/html 45.58.52.43
HOSTUS-GLOBAL-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citizenswell.dray-dns.de/efs/hhf/img/fdicFooter.gif
Requested by: Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.58.52.43 Dallas, United States, ASN7489 (HOSTUS-GLOBAL-AS HostUS, HK),
Reverse DNS
Software: nginx /
Resource Hash: fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Fri, 15 Jul 2022 20:41:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 17:02:21 GMT
Server: nginx
ETag: W/"5a7-5e3dafb41554e"
Vary: Accept-Encoding
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 1D14 644 B
917 B 144ms
26ms XHR
application/json 2a02:26f0:fb:187::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=A9397-AA2WQ-WQN9E-BBVTK-Y8BXE&d=citizenswell.dray-dns.de&t=5526392&v=1.720.0&if=&sl=0&si=bafec963-55c8-45ec-a021-e4a69b57e0c7-rf2xgo&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=354307
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:fb:187::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a2f81636a6b284c5afe5fe4bd48f2af14bfda2d0b9fcb7fcfea667a98ab34410

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 15 Jul 2022 20:41:12 GMT
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 644
Content-Type: application/json

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 285 KB
102 KB 44ms
44ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Requested by

Host: citizenswell.dray-dns.de
URL: https://citizenswell.dray-dns.de/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

e256cdfa164389b5cf79ea77a59105eaa40b76db8c7baa4b4ae84fb0fd81a066

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: MISS
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 7 KB
1 KB 162ms
44ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 3
expires: Fri, 15 Jul 2022 20:42:13 GMT

GET
H2 200 ui-framework.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/ 39 KB
15 KB 225ms
37ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/ui-framework.js?version=10.19.0.2-release_5467

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 18 Jun 2022 03:20:03 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 15 Jul 2022 20:51:13 GMT

GET
H2 200 UMSClientAPI.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/ 88 KB
30 KB 255ms
68ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/UMSClientAPI.min.js?version=10.19.0.2-release_5467

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 18 Jun 2022 03:20:03 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 15 Jul 2022 20:51:13 GMT

GET
H2 200 lpChatV3.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/ 92 KB
31 KB 278ms
91ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/lpChatV3.min.js?version=10.19.0.2-release_5467

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 18 Jun 2022 03:20:03 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 15 Jul 2022 20:51:13 GMT

GET
H2 200 surveylogicinstance.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/ 8 KB
3 KB 228ms
104ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/surveylogicinstance.min.js?version=10.19.0.2-release_5467

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 18 Jun 2022 03:20:03 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 15 Jul 2022 20:51:13 GMT

GET
H2 200 desktopEmbedded.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/ 939 KB
293 KB 227ms
110ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.19.0.2-release_5467/desktopEmbedded.js?version=10.19.0.2-release_5467

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

f6514a45108326bfcead8aeeca7f79dfcbdc29a788cd331c570b9325cb615e74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 18 Jun 2022 03:20:03 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 15 Jul 2022 20:51:13 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 5 KB
1 KB 75ms
30ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

1562be442aea4fb3034abaf907ac892ab1f3ac412a9ff285d844c849bbe55125

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 15 Jul 2022 20:42:13 GMT

POST wuEjoFLFQ
www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/ 0
0

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.17.0.0-release_5076/ Frame 3319 39 KB
16 KB 172ms
172ms Document
text/html 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.17.0.0-release_5076/storage.secure.min.html?loc=https%3A%2F%2Fcitizenswell.dray-dns.de&site=89632304&env=prod&isCrossDomain=true

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://citizenswell.dray-dns.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
content-encoding: gzip
content-type: text/html
date: Fri, 15 Jul 2022 20:41:13 GMT
expires: Fri, 15 Jul 2022 20:51:13 GMT
last-modified: Sat, 18 Jun 2022 03:03:15 GMT
server: ws
vary: Origin
x-content-type-options: nosniff

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.17.0.0-release_5076/ 37 KB
15 KB 170ms
170ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.17.0.0-release_5076/storage.secure.min.js?loc=https%3A%2F%2Fcitizenswell.dray-dns.de&site=89632304&force=1&env=prod&isCrossDomain=true

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 18 Jun 2022 03:03:15 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 15 Jul 2022 20:51:13 GMT

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 3319 650 B
503 B 27ms
27ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb96231x41540

Requested by

Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.17.0.0-release_5076/storage.secure.min.html?loc=https%3A%2F%2Fcitizenswell.dray-dns.de&site=89632304&env=prod&isCrossDomain=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

c870a45689ca708fddf71b82342ffb8f55baa825ea9ea721ece59768f56942c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 3
expires: Fri, 15 Jul 2022 20:42:13 GMT

POST
H2 204 /
684dd330.akstat.io/ 0
208 B 205ms
30ms Ping
image/gif 2a02:26f0:480:297::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd330.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/A9397-AA2WQ-WQN9E-BBVTK-Y8BXE

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:480:297::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://citizenswell.dray-dns.de/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 15 Jul 2022 20:41:13 GMT
content-type: image/gif
access-control-allow-origin: https://citizenswell.dray-dns.de
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Fri, 15 Jul 2022 20:41:13 GMT

GET
H2 200 postmessage.min.html Show response
va.idp.liveperson.net/postmessage/ Frame B9AE 11 KB
5 KB 470ms
184ms Document
text/html 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1657917673388&loc=https%3A%2F%2Fcitizenswell.dray-dns.de

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://citizenswell.dray-dns.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
content-encoding: gzip
content-type: text/html
date: Fri, 15 Jul 2022 20:41:13 GMT
etag: W/"5f2ff440-2a51"
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains

POST wuEjoFLFQ
www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/ 0
0

POST
H2 200 authorize Show response
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame B9AE 678 B
1 KB 227ms
226ms XHR
application/json 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=60211

Requested by

Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1657917673388&loc=https%3A%2F%2Fcitizenswell.dray-dns.de

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

70b397da978f87a7b07eb4762d38790b219c083de556a1d24394d116b53ba1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

LP-DOMAIN-REFERER: https://citizenswell.dray-dns.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1657917673388&loc=https%3A%2F%2Fcitizenswell.dray-dns.de
X-Requested-With: XMLHttpRequest
LP-URL: https://citizenswell.dray-dns.de/

Response headers

date: Fri, 15 Jul 2022 20:41:13 GMT
x-content-type-options: nosniff
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
access-control-allow-origin: https://va.idp.liveperson.net
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
content-length: 678

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 238 B
1 KB 755ms
272ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?&cb=lpCb63322x72057&t=sp&ts=1657917673364&pid=4365320713&tid=3128055347&pt=Online%20Banking%20%7C%20Citizens&u=https%3A%2F%2Fcitizenswell.dray-dns.de%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22bedeb802-2fca-486b-9eb8-022fcaa86bca%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 5f16b4db70ce7f3b9530be145aa0bcd3c55e98d16d794142a292716d22533fc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:14 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 111 B
854 B 193ms
193ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?sid=rwOvX4FASL6Jrt_gYdy58w&cb=lpCb95695x50937&t=pl&ts=1657917674115&pid=4365320713&tid=3128055347&vid=RlNThmYmU5ODIxMmI5Yjc4
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 1bd7e5cc3d8782597428196b102175dd8aabb350199d6ab4ef74f296a086f459

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citizenswell.dray-dns.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 15 Jul 2022 20:41:15 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ

Domain: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ

Domain: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

19 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www3.citizensbankonline.com//nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://citizenswell.dray-dns.de/(Line 111) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://citizenswell.dray-dns.de/(Line 111) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://citizenswell.dray-dns.de/_sec/cp_challenge/sec-3-6.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://citizenswell.dray-dns.de/ Message: Access to XMLHttpRequest at 'https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ' from origin 'https://citizenswell.dray-dns.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/css/citizensns.min.2574.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/CTZ_Green-01.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-facebook.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/equal-housing.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-twitter.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-linkedin.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/footer-follow-youtube.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/elh.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://citizenswell.dray-dns.de/ Message: Access to XMLHttpRequest at 'https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ' from origin 'https://citizenswell.dray-dns.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://citizenswell.dray-dns.de/efs/hhf/img/fdicFooter.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://citizenswell.dray-dns.de/ Message: Access to XMLHttpRequest at 'https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ' from origin 'https://citizenswell.dray-dns.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www3.citizensbankonline.com/MfYFsy/boU4_P/Us8w/kvBbtL/fB/auimzmk0/JSlObhhbAQ/dQ/wuEjoFLFQ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd330.akstat.io
accdn.lpsnmedia.net
c.go-mpulse.net
citizenswell.dray-dns.de
lpcdn.lpsnmedia.net
lptag.liveperson.net
s.go-mpulse.net
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
www3.citizensbankonline.com
104.90.136.64
178.249.97.23
178.249.97.98
178.249.97.99
208.89.12.87
208.89.15.170
2a02:26f0:480:297::11a6
2a02:26f0:fb:187::11a6
45.58.52.43
05b1cf5bf5ccce6868ffd66fb866bbaa3083ee1960776ed96fc7ad73edc15f83
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
1562be442aea4fb3034abaf907ac892ab1f3ac412a9ff285d844c849bbe55125
1699319d1a0e97bc5dab1f23467264b58c0ae190c5554892b675ae348e2b88e0
1bd7e5cc3d8782597428196b102175dd8aabb350199d6ab4ef74f296a086f459
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
5f16b4db70ce7f3b9530be145aa0bcd3c55e98d16d794142a292716d22533fc6
61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a
61cd9d38106687c56e2e69e5100c8aa56c64dd4e479033a02a2e332e5ddeebec
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
70b397da978f87a7b07eb4762d38790b219c083de556a1d24394d116b53ba1df
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7b9743f28b2d35a15a6f2249a2933dd11a24a3cfe36f1e07cf46a7c869926600
8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
a2f81636a6b284c5afe5fe4bd48f2af14bfda2d0b9fcb7fcfea667a98ab34410
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
c870a45689ca708fddf71b82342ffb8f55baa825ea9ea721ece59768f56942c4
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e256cdfa164389b5cf79ea77a59105eaa40b76db8c7baa4b4ae84fb0fd81a066
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d
f6514a45108326bfcead8aeeca7f79dfcbdc29a788cd331c570b9325cb615e74
fc3cbd2eba5405bd12e28983a9c1cc9481c784b56e621af021b80b9496e46065
fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73
fe4608305f72a1d92ca64aae9007cce1296b28c455676e3a70e810c67a2531d3
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

citizenswell.dray-dns.de Open in urlscan Pro 45.58.52.43 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

60 Requests

95 %HTTPS

22 %IPv6

6 Domains

10 Subdomains

10 IPs

3 Countries

987 kBTransfer

2967 kBSize

0 Cookies

50 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

citizenswell.dray-dns.de Open in urlscan Pro
45.58.52.43 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

95 %
HTTPS

22 %
IPv6

6
Domains

10
Subdomains

10
IPs

3
Countries

987 kB
Transfer

2967 kB
Size

0
Cookies

60 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!