andrejhauptman.info Open in urlscan Pro
185.222.203.10  Malicious Activity! Public Scan

URL: http://andrejhauptman.info/online.citi.com/
Submission: On April 16 via api from CA

Summary

This website contacted 14 IPs in 4 countries across 7 domains to perform 78 HTTP transactions. The main IP is 185.222.203.10, located in and belongs to UVL2-ASN, UA. The main domain is andrejhauptman.info.
This is the only time andrejhauptman.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

IP Address AS Autonomous System
2 185.222.203.10 204725 (UVL2-ASN)
53 104.111.235.119 16625 (AKAMAI-AS)
4 23.21.84.39 14618 (AMAZON-AES)
3 23.21.107.93 14618 (AMAZON-AES)
1 104.109.87.116 20940 (AKAMAI-ASN1)
2 66.117.29.4 15224 (OMNITURE)
2 52.129.74.11 395492 (IOVATION3)
1 4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 172.82.228.19 15224 (OMNITURE)
2 216.250.63.5 22758 (SAPIENT-DCO)
1 2a03:2880:f0f... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
78 14
Domain Requested by
53 online.citi.com andrejhauptman.info
online.citi.com
4 www.google.com 1 redirects cse.google.com
4 steps.citi.com online.citi.com
andrejhauptman.info
3 paper.citi.com andrejhauptman.info
paper.citi.com
2 citi.bridgetrack.com online.citi.com
2 metrics.citi.com 1 redirects andrejhauptman.info
2 cse.google.com andrejhauptman.info
www.google.com
2 mpsnare.iesnare.com online.citi.com
mpsnare.iesnare.com
2 citicorpcreditservic.tt.omtrdc.net online.citi.com
2 andrejhauptman.info online.citi.com
1 clients1.google.com
1 view.atdmt.com online.citi.com
1 cdn.tt.omtrdc.net online.citi.com
78 13
Subject Issuer Validity Valid
online.citibank.com
DigiCert SHA2 Extended Validation Server CA
2018-03-14 -
2020-05-14
2 years crt.sh
mpsnare.iesnare.com
DigiCert SHA2 High Assurance Server CA
2018-01-08 -
2019-05-28
a year crt.sh
*.google.com
Google Internet Authority G3
2019-03-01 -
2019-05-24
3 months crt.sh
www.google.com
Google Internet Authority G3
2019-03-01 -
2019-05-24
3 months crt.sh
*.atlassolutions.com
DigiCert SHA2 High Assurance Server CA
2019-02-26 -
2019-05-26
3 months crt.sh

This page contains 3 frames:

Primary Page: http://andrejhauptman.info/online.citi.com/
Frame ID: 44BC8634D0E74A2A53DACBB87842B53E
Requests: 76 HTTP requests in this frame

Frame: http://paper.citi.com/127893/CWrT.html?si=1&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=xframe&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&icid=155539307313813030
Frame ID: 7461448F9424C365AB5B7084A29FA5BA
Requests: 1 HTTP requests in this frame

Frame: http://paper.citi.com/127893/h7H.html/discovercard.com/dfs/accounthome/summary/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///https://snsbank.nl/mijnsns/secure/login/httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/?cid=5&si=1&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=xframe&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&icid=155539307314112941
Frame ID: 36E761792DBF18A892B0B51FA3EADC7B
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 20%
Detected patterns
  • env /^Rx$/i

Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Overall confidence: 100%
Detected patterns
  • script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

78
Requests

77 %
HTTPS

31 %
IPv6

7
Domains

13
Subdomains

14
IPs

4
Countries

1109 kB
Transfer

3096 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61
  • http://www.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP 302
  • https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Request Chain 62
  • http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s72438799510131?AQB=1&ndh=1&pf=1&t=16%2F3%2F2019%205%3A37%3A52%202%200&fid=52D1AE27763BAFF4-2C88FBBA4F65373E&ce=UTF-8&pageName=Non%20Cookied%20Username%20Password&g=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&c1=Public&h1=BANKRIAWebEnglish%2FPublic%2FSignOn%2FSignOn%2FSelect&c2=SignOn&c3=SignOn&c4=Select&v38=Non%20Cookied%20Username%20Password&v41=0&v42=en_US_USPTL&v43=NNN&v44=0&c50=0&v50=NNNNN&c51=NNNNN&c52=NNNNNNNNNNYNNNNNNNNNNNNNNNNNNNNNNNNNN0000&c53=NNNNNNNNNNNNNNNNNN&v53=Bank%7C&c55=Bank%7C&c56=NNN&c57=0&c59=JSOSIGNON_200&c63=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c64=1%3A37AM&v64=1%3A37AM&c65=Tuesday&v65=Tuesday&c66=Tuesday%7C1%3A37AM&v67=New&v68=1&v69=UnAuth&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s72438799510131?AQB=1&pccr=true&vidn=2E5AB5180531054D-4000012DA0028AA4&&ndh=1&pf=1&t=16%2F3%2F2019%205%3A37%3A52%202%200&fid=52D1AE27763BAFF4-2C88FBBA4F65373E&ce=UTF-8&pageName=Non%20Cookied%20Username%20Password&g=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&c1=Public&h1=BANKRIAWebEnglish%2FPublic%2FSignOn%2FSignOn%2FSelect&c2=SignOn&c3=SignOn&c4=Select&v38=Non%20Cookied%20Username%20Password&v41=0&v42=en_US_USPTL&v43=NNN&v44=0&c50=0&v50=NNNNN&c51=NNNNN&c52=NNNNNNNNNNYNNNNNNNNNNNNNNNNNNNNNNNNNN0000&c53=NNNNNNNNNNNNNNNNNN&v53=Bank%7C&c55=Bank%7C&c56=NNN&c57=0&c59=JSOSIGNON_200&c63=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c64=1%3A37AM&v64=1%3A37AM&c65=Tuesday&v65=Tuesday&c66=Tuesday%7C1%3A37AM&v67=New&v68=1&v69=UnAuth&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

78 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
andrejhauptman.info/online.citi.com/
87 KB
87 KB
Document
General
Full URL
http://andrejhauptman.info/online.citi.com/
Protocol
HTTP/1.1
Server
185.222.203.10 -, , ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software
Apache /
Resource Hash
86106c19d08ee85f18662177ea573919358c1393795c2abd17e8874ba91d462d

Request headers

Host
andrejhauptman.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:50 GMT
Server
Apache
Last-Modified
Wed, 18 Jan 2017 13:56:16 GMT
Accept-Ranges
bytes
Content-Length
89225
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
amw.js
online.citi.com/JFP/amw/
1 KB
1 KB
Script
General
Full URL
https://online.citi.com/JFP/amw/amw.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
823db1b6cf4fe34956773f03a9b3e1c36d3a1fe1b609b1c1bd8730475bc6b81c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 17:24:52 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
816
expires
Tue, 16 Apr 2019 11:37:50 GMT
jquery-combined.min.js
online.citi.com/CBOL/portal/layout/js/
318 KB
90 KB
Script
General
Full URL
https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2e4c2f7305f3821aafe52390f18c573039ce62911aea27a1ba0f8342ce918b90
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 08 May 2018 04:46:52 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
91608
expires
Tue, 16 Apr 2019 11:37:50 GMT
jfp.branding.js
online.citi.com/JFP/js/widgets/
87 KB
28 KB
Script
General
Full URL
https://online.citi.com/JFP/js/widgets/jfp.branding.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ef4a3c4de139f5acffbea6b0ea75fb5f167a892fe98b7c324c5bdefb82a16e98
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 05:38:48 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
28766
expires
Tue, 16 Apr 2019 11:37:50 GMT
cssPref.js
online.citi.com/JPS/portal/js/
1 KB
849 B
Script
General
Full URL
https://online.citi.com/JPS/portal/js/cssPref.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8824e4738ff9ccec6f5a45884909cdb71e44ee55d1b1d7cf6344d63ebcb32e9c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
519
expires
Tue, 16 Apr 2019 11:37:50 GMT
jfp.widgets.js
online.citi.com/JFP/js/widgets/
357 KB
86 KB
Script
General
Full URL
https://online.citi.com/JFP/js/widgets/jfp.widgets.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
309dac7cbda06a462999840955afb0b6e08587e246455efc34fac90935daf5f9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 05:38:48 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
87281
expires
Tue, 16 Apr 2019 11:37:50 GMT
SitecatCampaigns.js
online.citi.com/JPS/portal/js/
5 KB
2 KB
Script
General
Full URL
https://online.citi.com/JPS/portal/js/SitecatCampaigns.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3365c6707b11af11e075eb8fc391bc5112836047b278191d10ab568a9bf65172
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
1678
expires
Tue, 16 Apr 2019 11:37:51 GMT
citi_Common.js
online.citi.com/GFC/common/js/
278 KB
52 KB
Script
General
Full URL
https://online.citi.com/GFC/common/js/citi_Common.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
18e8793d86b704d55e31f29ebe6b27907ecf5c5b7495996049d45cfd664fe72b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 02 Apr 2019 05:38:48 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
52571
expires
Tue, 16 Apr 2019 11:37:51 GMT
JFPNav.js
online.citi.com/JPS/portal/js/
21 KB
6 KB
Script
General
Full URL
https://online.citi.com/JPS/portal/js/JFPNav.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
345059a341cdf6fb013751ba01a3810ce3f42697157616174fc75c02fcb49c6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
5305
expires
Tue, 16 Apr 2019 11:37:50 GMT
jquery.autocomplete.js
online.citi.com/JFP/js/jquery/plugins/
17 KB
5 KB
Script
General
Full URL
https://online.citi.com/JFP/js/jquery/plugins/jquery.autocomplete.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b63dce0094ea3c2b03d2dc0205507faaa364d2b686cf32d7090f80d87e9cccf9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 10 Jul 2018 12:14:02 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
5196
expires
Tue, 16 Apr 2019 11:37:51 GMT
verisign.js
online.citi.com/JRS/js/
2 KB
1 KB
Script
General
Full URL
https://online.citi.com/JRS/js/verisign.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4f5dfedb6a8ef6b3124d5b7f37df4e2f1b83d3560f24ea81ade062331d624c2c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
965
expires
Tue, 16 Apr 2019 11:37:51 GMT
JPPTemp.css
online.citi.com/JFP/css/common/
245 KB
35 KB
Stylesheet
General
Full URL
https://online.citi.com/JFP/css/common/JPPTemp.css
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6cc415ff6c7e1c19761a0ea19ece60e6e8a59725188f57474a0a81d2e1cdb366
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
text/css
content-length
35061
expires
Tue, 16 Apr 2019 11:37:50 GMT
US-Regional.css
online.citi.com/JRS/css/
48 KB
10 KB
Stylesheet
General
Full URL
https://online.citi.com/JRS/css/US-Regional.css
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b256194e43343f5c19794cdc252cab31e88d6abada730497248e3f4dd3d6ebbc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Mar 2019 06:19:08 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
text/css
content-length
9944
expires
Tue, 16 Apr 2019 11:37:50 GMT
branding_main_citi.css
online.citi.com/GFC/branding/css/
38 KB
7 KB
Stylesheet
General
Full URL
https://online.citi.com/GFC/branding/css/branding_main_citi.css
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fea2ce318fe3e06af7549e140581f16de9801c39cdb33edbbd4293a505a3eb3b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Mon, 12 Nov 2018 04:06:58 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
text/css
content-length
6550
expires
Tue, 16 Apr 2019 11:37:50 GMT
Bootstrap.js
online.citi.com//nexus.ensighten.com/citi/na_prod/
0
0
Script
General
Full URL
https://online.citi.com//nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

mbox.js
online.citi.com/JRS/js/
45 KB
13 KB
Script
General
Full URL
https://online.citi.com/JRS/js/mbox.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
39c0e17dfddea21b1d2adacff83bb9498309fe3588cae2dd4a32ef491b713009
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Wed, 25 Apr 2018 19:08:48 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
13062
expires
Tue, 16 Apr 2019 11:37:50 GMT
Citi-BB.png
online.citi.com/GFC/branding/img/cobrand/
3 KB
4 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/img/cobrand/Citi-BB.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
955e287d905855f65031a3f7f98912cdb98e04690df255daaad2270421f4d047
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
3388
search-white.png
online.citi.com/GFC/branding/img/
429 B
639 B
Image
General
Full URL
https://online.citi.com/GFC/branding/img/search-white.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e2812b1e3529e5f39e3b0586e82c7ad0dfc3fc61cfa0107edfac16483d0547d7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Wed, 14 Jun 2017 18:29:07 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:51 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
429
BrowserUpgrade.css
online.citi.com/JPS/portal/css/
2 KB
990 B
Stylesheet
General
Full URL
https://online.citi.com/JPS/portal/css/BrowserUpgrade.css
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
522d8553b114774ec08b1fe8f0004510368c3070cc26a17cf7a200e0e9a55d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
text/css
content-length
671
expires
Tue, 16 Apr 2019 11:37:50 GMT
signon.js
online.citi.com/JSO/js/
14 KB
4 KB
Script
General
Full URL
https://online.citi.com/JSO/js/signon.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6c5a71e3845d683151e55f217ba43a8da4c97718cc854ec08a67d119f3625d40
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
3397
expires
Tue, 16 Apr 2019 11:37:51 GMT
jfpm.autocomplete.off.js
online.citi.com/JFP/js/modules/
1 KB
614 B
Script
General
Full URL
https://online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
344
expires
Tue, 16 Apr 2019 11:37:51 GMT
signon.css
online.citi.com/JRS/css/marketing/
50 KB
8 KB
Stylesheet
General
Full URL
https://online.citi.com/JRS/css/marketing/signon.css
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9180b5e987462dac7966e5a962393ad08b5b89ad97989d7689f94667bdde4c93
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:50 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
text/css
content-length
8246
expires
Tue, 16 Apr 2019 11:37:50 GMT
welcome.js
online.citi.com/JRS/js/
17 KB
4 KB
Script
General
Full URL
https://online.citi.com/JRS/js/welcome.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e21f11da6d00993b678d95e17d9357fef64d1523c19a67cb7146299becd3a7be
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
3865
expires
Tue, 16 Apr 2019 11:37:51 GMT
fieldValidation.js
online.citi.com/JFP/js/jquery/plugins/
3 KB
894 B
Script
General
Full URL
https://online.citi.com/JFP/js/jquery/plugins/fieldValidation.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
335b41b5ca8836510180fc9f369227e8cc6be4ec9f8b46061bb9018c28400dfc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
624
expires
Tue, 16 Apr 2019 11:37:51 GMT
SCFormElementReporting.js
online.citi.com/JSO/js/
1 KB
821 B
Script
General
Full URL
https://online.citi.com/JSO/js/SCFormElementReporting.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1a10a3758a8da80eaa7261fd312bb0ef5ac5c97f59d407b8a3acc60bf96aa6e3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
551
expires
Tue, 16 Apr 2019 11:37:51 GMT
signonUnamePwdMyCiti.js
online.citi.com/JSO/js/
6 KB
1 KB
Script
General
Full URL
https://online.citi.com/JSO/js/signonUnamePwdMyCiti.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
814f4156757aefae12ec4ec27ed1e9e5634d7431a9129cf68cd1a59f3b0d6970
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
803
expires
Tue, 16 Apr 2019 11:37:52 GMT
fp.js
online.citi.com/JSO/js/
30 KB
8 KB
Script
General
Full URL
https://online.citi.com/JSO/js/fp.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fd1ef7bbb200c5931e5e7e342b68939c874b32d041e6fd7529c5af2261f93818
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 10 Jul 2018 12:14:02 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
7952
expires
Tue, 16 Apr 2019 11:37:52 GMT
navigation.js
steps.citi.com/us/
47 KB
20 KB
XHR
General
Full URL
http://steps.citi.com/us/navigation.js
Requested by
Host: online.citi.com
URL: https://online.citi.com/JFP/amw/amw.js
Protocol
HTTP/1.1
Server
23.21.84.39 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-84-39.compute-1.amazonaws.com
Software
haile /
Resource Hash
c43da00acce584c0a3307b8ec4e08fd3ad41d527490ca93c2051e72dec5d29cd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://andrejhauptman.info/online.citi.com/
Origin
http://andrejhauptman.info

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:51 GMT
Content-Encoding
gzip
Server
haile
transfer-encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
http://andrejhauptman.info
Expires
0
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
style4.js
paper.citi.com/127893/
34 KB
15 KB
Script
General
Full URL
http://paper.citi.com/127893/style4.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
HTTP/1.1
Server
23.21.107.93 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-107-93.compute-1.amazonaws.com
Software
haile /
Resource Hash
5e6230d582495dacc0a333f67ca63d1f78e711bc6913922286618c53411c410e

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:52 GMT
Content-Encoding
gzip
Server
haile
transfer-encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires
0
pixel.gif
online.citi.com/JRS/images/
42 B
251 B
Image
General
Full URL
https://online.citi.com/JRS/images/pixel.gif
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5b27cb8a843da7b4f70f68d669798596541491654185df0bd45867d951a31947
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/gif
content-length
42
Android_Awareness_Citicards_SM_V3_logos.png
online.citi.com/JRS/images/
3 KB
3 KB
Image
General
Full URL
https://online.citi.com/JRS/images/Android_Awareness_Citicards_SM_V3_logos.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d62034faef6190f309ea68be1bd8a115133b76d0cd0a16ed34fba1211ae29807
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
2612
MFAOverlay.js
online.citi.com/JPS/portal/js/
2 KB
1 KB
Script
General
Full URL
https://online.citi.com/JPS/portal/js/MFAOverlay.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
65980d692a75b30a18de261f85398dd5e3b9ecca2b8c3e6943c6c45b77a57567
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
770
expires
Tue, 16 Apr 2019 11:37:51 GMT
citi-logo-footer.png
online.citi.com/CBOL/common/ddl/1.1.0/images/catalogue/
2 KB
2 KB
Image
General
Full URL
https://online.citi.com/CBOL/common/ddl/1.1.0/images/catalogue/citi-logo-footer.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c03c473373b74ec78cd18149c63791f1879e0521776846e6ffd9dcfecd413b1e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1705
memberfdic.png
online.citi.com/GFC/branding/responsivebranding/img/
2 KB
2 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/responsivebranding/img/memberfdic.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fde2419dbb975ba13ee435b8e15b754a11569815f6ef87a68b9984b99cd607cf
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Wed, 14 Jun 2017 18:30:23 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1784
EqualHousing.png
online.citi.com/JRS/images/
416 B
627 B
Image
General
Full URL
https://online.citi.com/JRS/images/EqualHousing.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
705f1ccbf32b8ebd6c4a04262ca5c320c50aa324f80a34fb3b160a8138257e14
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Wed, 14 Jun 2017 18:38:37 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
416
tealeaf.test.3.1.0.1520.W3C.Sizzle.js
online.citi.com/TeaLeaf/js/
134 KB
41 KB
Script
General
Full URL
https://online.citi.com/TeaLeaf/js/tealeaf.test.3.1.0.1520.W3C.Sizzle.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d7f753898b34f8c5b7838b693561be358fac28891b99a5fb260c844a9dd520d7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 10 Jul 2018 12:14:02 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
41668
expires
Tue, 16 Apr 2019 11:37:51 GMT
oo_engine.min.js
online.citi.com/GFC/branding/olab/js/
42 KB
12 KB
Script
General
Full URL
https://online.citi.com/GFC/branding/olab/js/oo_engine.min.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
11704
expires
Tue, 16 Apr 2019 11:37:51 GMT
linkCapture.js
online.citi.com/GFC/branding/js/
1 KB
896 B
Script
General
Full URL
https://online.citi.com/GFC/branding/js/linkCapture.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d33c3580a6f74918cb48b98df98c9d7bb24dffe18938325ba9327459dd0ce424
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
626
expires
Tue, 16 Apr 2019 11:37:51 GMT
branding_universal_megaMenu.js
online.citi.com/GFC/branding/js/
75 KB
17 KB
Script
General
Full URL
https://online.citi.com/GFC/branding/js/branding_universal_megaMenu.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2f843b3db1023806d56cb580f86984e1c3785f06c8fe5234beec505f17ade6b2
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
17222
expires
Tue, 16 Apr 2019 11:37:51 GMT
citi_search.js
online.citi.com/GFC/branding/js/
6 KB
2 KB
Script
General
Full URL
https://online.citi.com/GFC/branding/js/citi_search.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
76de53a0f24a3a3b24aace9beae716118a121afb3a39bf920cd94133939037f8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Wed, 23 Aug 2017 20:24:24 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
1431
expires
Tue, 16 Apr 2019 11:37:51 GMT
btAdServe.js
online.citi.com/JRS/js/
1 KB
850 B
Script
General
Full URL
https://online.citi.com/JRS/js/btAdServe.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4d09cfb5ba7471be2d35405a0510a67a3a6825e1e0337aca7dd94256e6c107d8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
580
expires
Tue, 16 Apr 2019 11:37:51 GMT
BkDmp.js
online.citi.com/DMP/
5 KB
2 KB
Script
General
Full URL
https://online.citi.com/DMP/BkDmp.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
66f4efff67c8da6b84e2259405f3ff4db59b8617b9622b6d0f9ccdf8ffbe557b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
1542
expires
Tue, 16 Apr 2019 11:37:51 GMT
s_code.js
online.citi.com/JRS/js/
89 KB
25 KB
Script
General
Full URL
https://online.citi.com/JRS/js/s_code.js
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
38fc9d43e39598220446850e09fffb5ed1959aa78de4bd95764a7c7282508dec
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Fri, 08 Feb 2019 13:30:51 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
application/x-javascript
content-length
25647
expires
Tue, 16 Apr 2019 11:37:51 GMT
branding_main.css
online.citi.com/GFC/branding/css/
111 KB
17 KB
Stylesheet
General
Full URL
https://online.citi.com/GFC/branding/css/branding_main.css
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
98b51f738c188b1b429337470e64a958d0aa86d6cefd8a5a9dc1ed6c6cabeda8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Mon, 04 Mar 2019 22:29:58 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:51 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
cache-control
max-age=21600
content-type
text/css
content-length
16847
expires
Tue, 16 Apr 2019 11:37:51 GMT
LOInm
steps.citi.com/us/
109 B
771 B
Script
General
Full URL
http://steps.citi.com/us/LOInm?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI0JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnMlMjIlM0ElMjJDQk9MJTNBMTcwMTA2MTUxMDU1MzU4NTM2MTIzMDA2JTIyJTdEJTdEJTVE&cid=4&si=2&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=jsonp&c=setgxnahh_wsxifk&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
HTTP/1.1
Server
23.21.84.39 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-84-39.compute-1.amazonaws.com
Software
haile /
Resource Hash
588e7f8fc3122ea4f8fc8f0e89c1e7d9a73cb736b3f839d1315ba1c5335fbf82

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:51 GMT
Server
haile
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript
Content-Length
109
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires
0
hsb
steps.citi.com/us/
256 B
944 B
XHR
General
Full URL
http://steps.citi.com/us/hsb?si=2&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=jsonpi&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
HTTP/1.1
Server
23.21.84.39 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-84-39.compute-1.amazonaws.com
Software
haile /
Resource Hash
938103283235f354265b4a620cef1df3745d8161ed3d47f572366ad59e456a5f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://andrejhauptman.info/online.citi.com/
Origin
http://andrejhauptman.info

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:51 GMT
Server
haile
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
http://andrejhauptman.info
Expires
0
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
256
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
target.js
cdn.tt.omtrdc.net/cdn/
43 KB
14 KB
Script
General
Full URL
http://cdn.tt.omtrdc.net/cdn/target.js
Requested by
Host: online.citi.com
URL: https://online.citi.com/JRS/js/mbox.js
Protocol
HTTP/1.1
Server
104.109.87.116 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-87-116.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
41a3100782686fcd7e788615236a3d734ee87a7096b537210f7c7215f400e16c

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 16 Apr 2019 05:37:51 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Mar 2019 05:44:02 GMT
Server
Apache
ETag
"1fcda-aa23-5853528782178"
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
must-revalidate, max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14173
ajax
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/
142 B
828 B
Script
General
Full URL
http://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=andrejhauptman.info&mboxPage=bf228ed50e46416f9107fd10d1b986bd&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=bf228ed50e46416f9107fd10d1b986bd&mboxXDomain=enabled&mboxCount=1&mboxTime=1555393071853&mbox=target-global-mbox&mboxId=0&mboxURL=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&mboxReferrer=&mboxVersion=63
Requested by
Host: online.citi.com
URL: https://online.citi.com/JRS/js/mbox.js
Protocol
HTTP/1.1
Server
66.117.29.4 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:51 GMT
Content-Type
text/javascript;charset=utf-8
P3P
CP="NOI DSP CURa OUR STP COM", CP="NOI DSP CURa OUR STP COM"
Cache-Control
no-cache
Timing-Allow-Origin
*
Content-Length
142
X-Request-ID
940d2e62-f6a4-438b-bdd5-6480277ec193
standard
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/
130 B
595 B
Script
General
Full URL
http://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/standard?mboxHost=andrejhauptman.info&mboxPage=bf228ed50e46416f9107fd10d1b986bd&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=bf228ed50e46416f9107fd10d1b986bd&mboxXDomain=enabled&mboxCount=2&mboxTime=1555393071921&mbox=OCB_HP&mboxId=0&mboxURL=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&mboxReferrer=&mboxVersion=63
Requested by
Host: online.citi.com
URL: https://online.citi.com/JRS/js/mbox.js
Protocol
HTTP/1.1
Server
66.117.29.4 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
5bfb985b0d0538e1861523083bbf70ee150a6f0b06fe0d720c605b0a34984b9b

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:51 GMT
Content-Type
text/javascript;charset=utf-8
P3P
CP="NOI DSP CURa OUR STP COM"
Cache-Control
no-cache
Timing-Allow-Origin
*
Content-Length
130
X-Request-ID
596da3a0-51bb-462b-a836-e9c9597e726e
hsb
steps.citi.com/us/
299 B
987 B
XHR
General
Full URL
http://steps.citi.com/us/hsb?si=2&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=jsonpi&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
HTTP/1.1
Server
23.21.84.39 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-84-39.compute-1.amazonaws.com
Software
haile /
Resource Hash
c59ce3aa56805401720f31c98201c30629c21c1164762afd8bea32e00e568933

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://andrejhauptman.info/online.citi.com/
Origin
http://andrejhauptman.info

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:52 GMT
Server
haile
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
http://andrejhauptman.info
Expires
0
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
299
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
bg-branding-banner.jpg
online.citi.com/GFC/branding/img/
5 KB
5 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/img/bg-branding-banner.jpg
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b47060147f820f4721134724e1a38cab5fcc6960091389f6b4587769c4d2c313
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/GFC/branding/css/branding_main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/jpeg
content-length
4857
jfpw.overlay.stripe.bg.png
online.citi.com/JFP/images/widgets/
152 B
361 B
Image
General
Full URL
https://online.citi.com/JFP/images/widgets/jfpw.overlay.stripe.bg.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
07759a8c16aaf61f4428763c7ea3756d31164933e7c5a6081fe6ab9bc3e5fdba
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/JPS/portal/css/BrowserUpgrade.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
152
Interstate-Light.woff
online.citi.com/GFC/branding/fonts/
74 KB
74 KB
Font
General
Full URL
https://online.citi.com/GFC/branding/fonts/Interstate-Light.woff
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://online.citi.com/GFC/branding/css/branding_main_citi.css
Origin
http://andrejhauptman.info

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
content-type
text/plain
access-control-allow-origin
*
content-length
75483
snare.js
mpsnare.iesnare.com/
38 KB
13 KB
Script
General
Full URL
https://mpsnare.iesnare.com/snare.js?_=1555393072076
Requested by
Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.129.74.11 Portland, United States, ASN395492 (IOVATION3 - iovation, Inc., US),
Reverse DNS
mpsnare.iesnare.com
Software
nginx /
Resource Hash
d248b57112c882895aa0837d6e55a38312b5e609c6a51d60fe4eb1611135bb92
Security Headers
Name Value
Strict-Transport-Security max-age=30; includeSubDomains

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:52 GMT
Content-Encoding
gzip
Server
nginx
Strict-Transport-Security
max-age=30; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
0
bottom-shade.png
online.citi.com/JRS/images/
1 KB
1 KB
Image
General
Full URL
https://online.citi.com/JRS/images/bottom-shade.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e7e2072bba9c55af8da06e0205da3c83d79f14999215b35ecbe374661bbce0a9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/JRS/css/marketing/signon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1210
sign-on-bg.png
online.citi.com/JRS/images/
118 B
327 B
Image
General
Full URL
https://online.citi.com/JRS/images/sign-on-bg.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44b3ecb9ceeb9a3a4b278f24dacee0a27028004cb22edd57a890ea671ba2d9e7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/JRS/css/marketing/signon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
118
interstate.woff
online.citi.com/JRS/fonts/
17 KB
17 KB
Font
General
Full URL
https://online.citi.com/JRS/fonts/interstate.woff?v=4.0.3
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
280252aa3047ce2d55dcb1ea863da875574502d37509365b2936b06ac12adfa6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://online.citi.com/JRS/css/marketing/signon.css
Origin
http://andrejhauptman.info

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 17:24:52 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
content-type
text/plain
access-control-allow-origin
*
content-length
17571
global_sprite.png
online.citi.com/JFP/images/
6 KB
6 KB
Image
General
Full URL
https://online.citi.com/JFP/images/global_sprite.png
Requested by
Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5afcdfea737deff383e30811d357bf0a93c818b0495cb0e3194b5b87bfda0cb4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/GFC/branding/css/branding_main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Wed, 14 Jun 2017 18:32:08 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
5751
interstatebold.woff
online.citi.com/JRS/fonts/
17 KB
17 KB
Font
General
Full URL
https://online.citi.com/JRS/fonts/interstatebold.woff?v=4.0.3
Requested by
Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
78973b3779090b1cfac3b1cd507d1fdf249852180c31bc929d0fe5f1d37af600
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://online.citi.com/JRS/css/marketing/signon.css
Origin
http://andrejhauptman.info

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
content-type
text/plain
access-control-allow-origin
*
content-length
17485
sprite_social_icons.png
online.citi.com/GFC/branding/img/
358 B
568 B
Image
General
Full URL
https://online.citi.com/GFC/branding/img/sprite_social_icons.png
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c3c02bcaca12da1a9ce27e3760e479fface7a05319c2708088cceb05af286eb1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/GFC/branding/css/branding_main_citi.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Wed, 14 Jun 2017 18:29:10 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
358
oo_icon_retina.gif
online.citi.com/GFC/branding/olab/images/
2 KB
2 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/olab/images/oo_icon_retina.gif
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://online.citi.com/GFC/branding/css/branding_main_citi.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite
GTDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/gif
content-length
2204
Interstate-Bold.woff
online.citi.com/GFC/branding/fonts/
70 KB
71 KB
Font
General
Full URL
https://online.citi.com/GFC/branding/fonts/Interstate-Bold.woff
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://online.citi.com/GFC/branding/css/branding_main_citi.css
Origin
http://andrejhauptman.info

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
content-type
text/plain
access-control-allow-origin
*
content-length
71859
cse.js
cse.google.com/cse/
Redirect Chain
  • http://www.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
  • https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
10 KB
4 KB
Script
General
Full URL
https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
gws /
Resource Hash
a93468f04285a8c632d457a74a4a774f494836792dcfe7ede53999c12f1c06be
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 16 Apr 2019 05:37:52 GMT
content-encoding
br
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
3219
x-xss-protection
0
expires
Tue, 16 Apr 2019 05:37:52 GMT

Redirect headers

Date
Tue, 16 Apr 2019 05:37:52 GMT
X-Content-Type-Options
nosniff
Server
sffe
Content-Type
text/html; charset=UTF-8
Location
https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Cache-Control
private
Content-Length
267
X-XSS-Protection
0
s72438799510131
metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/
Redirect Chain
  • http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s72438799510131?AQB=1&ndh=1&pf=1&t=16%2F3%2F2019%205%3A37%3A52%202%200&fid=52D1AE27763BAFF4-2C88FBBA4F65373E&ce=UTF-8&pageName=Non%20Cookied%20Use...
  • http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s72438799510131?AQB=1&pccr=true&vidn=2E5AB5180531054D-4000012DA0028AA4&&ndh=1&pf=1&t=16%2F3%2F2019%205%3A37%3A52%202%200&fid=52D1AE27763BAFF4-2C88...
43 B
647 B
Image
General
Full URL
http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s72438799510131?AQB=1&pccr=true&vidn=2E5AB5180531054D-4000012DA0028AA4&&ndh=1&pf=1&t=16%2F3%2F2019%205%3A37%3A52%202%200&fid=52D1AE27763BAFF4-2C88FBBA4F65373E&ce=UTF-8&pageName=Non%20Cookied%20Username%20Password&g=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&c1=Public&h1=BANKRIAWebEnglish%2FPublic%2FSignOn%2FSignOn%2FSelect&c2=SignOn&c3=SignOn&c4=Select&v38=Non%20Cookied%20Username%20Password&v41=0&v42=en_US_USPTL&v43=NNN&v44=0&c50=0&v50=NNNNN&c51=NNNNN&c52=NNNNNNNNNNYNNNNNNNNNNNNNNNNNNNNNNNNNN0000&c53=NNNNNNNNNNNNNNNNNN&v53=Bank%7C&c55=Bank%7C&c56=NNN&c57=0&c59=JSOSIGNON_200&c63=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c64=1%3A37AM&v64=1%3A37AM&c65=Tuesday&v65=Tuesday&c66=Tuesday%7C1%3A37AM&v67=New&v68=1&v69=UnAuth&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: andrejhauptman.info
URL: http://andrejhauptman.info/online.citi.com/
Protocol
HTTP/1.1
Server
172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:52 GMT
Last-Modified
Wed, 17 Apr 2019 05:37:52 GMT
Server
Omniture DC
xserver
www309
ETag
"3340181188419584000-4707177699746155179"
Vary
*
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 15 Apr 2019 05:37:52 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 16 Apr 2019 05:37:52 GMT
Last-Modified
Wed, 17 Apr 2019 05:37:52 GMT
Server
Omniture DC
xserver
www309
Location
http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s72438799510131?AQB=1&pccr=true&vidn=2E5AB5180531054D-4000012DA0028AA4&&ndh=1&pf=1&t=16%2F3%2F2019%205%3A37%3A52%202%200&fid=52D1AE27763BAFF4-2C88FBBA4F65373E&ce=UTF-8&pageName=Non%20Cookied%20Username%20Password&g=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&c1=Public&h1=BANKRIAWebEnglish%2FPublic%2FSignOn%2FSignOn%2FSelect&c2=SignOn&c3=SignOn&c4=Select&v38=Non%20Cookied%20Username%20Password&v41=0&v42=en_US_USPTL&v43=NNN&v44=0&c50=0&v50=NNNNN&c51=NNNNN&c52=NNNNNNNNNNYNNNNNNNNNNNNNNNNNNNNNNNNNN0000&c53=NNNNNNNNNNNNNNNNNN&v53=Bank%7C&c55=Bank%7C&c56=NNN&c57=0&c59=JSOSIGNON_200&c63=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&c64=1%3A37AM&v64=1%3A37AM&c65=Tuesday&v65=Tuesday&c66=Tuesday%7C1%3A37AM&v67=New&v68=1&v69=UnAuth&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Connection
keep-alive
Content-Type
text/plain
Content-Length
0
Expires
Mon, 15 Apr 2019 05:37:52 GMT
/
citi.bridgetrack.com/a/s/
0
752 B
Script
General
Full URL
http://citi.bridgetrack.com/a/s/?BT_CON=1&BT_PID=1696939&r=541692664&masterID=&_jfp=https://online.citi.com&BT_EXT=&rateSheetId=null&target=CBOLAdBanner
Requested by
Host: online.citi.com
URL: https://online.citi.com/JRS/js/btAdServe.js
Protocol
HTTP/1.1
Server
216.250.63.5 Miami, United States, ASN22758 (SAPIENT-DCO - Sapient Corporation, US),
Reverse DNS
citi.bridgetrack.com
Software
Microsoft-IIS/7.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:52 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
P3P
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
Cache-Control
private
Content-Type
application/x-javascript
Content-Length
119
Expires
Mon, 15 Apr 2019 05:37:52 GMT
/
andrejhauptman.info/JRS/images/
328 B
328 B
Image
General
Full URL
http://andrejhauptman.info/JRS/images/
Requested by
Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol
HTTP/1.1
Server
185.222.203.10 -, , ASN204725 (UVL2-ASN, UA),
Reverse DNS
Software
Apache /
Resource Hash
bb67948c6080636f700c0b3edc95ce22bef389b37ba75c817b0ae33bb96ca4ad

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
andrejhauptman.info
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://andrejhauptman.info/online.citi.com/
Cookie
mbox=check#true#1555393132|session#bf228ed50e46416f9107fd10d1b986bd#1555394932; s_fid=52D1AE27763BAFF4-2C88FBBA4F65373E; s_pers=%20gpv_p7%3DNon%2520Cookied%2520Username%2520Password%7C1555394872145%3B%20s_visit%3D1%7C1555394872146%3B%20s_vnum%3D1556668800147%2526vn%253D1%7C1556668800147%3B%20s_invisit%3Dtrue%7C1555394872147%3B%20s_nr%3D1555393072148-New%7C1713073072148%3B; s_sess=%20SC_LINKS%3D%3B%20s_vstart%3D1555393072150%3B; s_cc=true
Connection
keep-alive
Cache-Control
no-cache
Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:52 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
328
Content-Type
text/html; charset=iso-8859-1
mktbgEN9.jpg
online.citi.com/JRS/images/
107 KB
107 KB
Image
General
Full URL
https://online.citi.com/JRS/images/mktbgEN9.jpg
Requested by
Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e77d37ad2371f1b1c13192c69c795d3b8b2e0a9b463b6e465cfa39aed4933d56
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Tue, 16 Apr 2019 05:37:52 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/jpeg
content-length
109332
logo.js
mpsnare.iesnare.com/script/
96 B
508 B
Script
General
Full URL
https://mpsnare.iesnare.com/script/logo.js
Requested by
Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js?_=1555393072076
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.129.74.11 Portland, United States, ASN395492 (IOVATION3 - iovation, Inc., US),
Reverse DNS
mpsnare.iesnare.com
Software
nginx /
Resource Hash
792d7f43756c4080c3348d6a9a84730fc0316cc6e356fcc4d3f9a2421d1b770f
Security Headers
Name Value
Strict-Transport-Security max-age=30; includeSubDomains

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:52 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 May 2014 00:01:40 GMT
Server
nginx
Strict-Transport-Security
max-age=30; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
Wed, 15 Apr 2020 05:37:52 GMT
cse_element__de.js
www.google.com/cse/static/element/d35a6008cf40f285/
245 KB
78 KB
Script
General
Full URL
https://www.google.com/cse/static/element/d35a6008cf40f285/cse_element__de.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3d2aa79882ad3c6a6a1af67ee6530287d15c7fc75feccdda3e94ca0552df576e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 12 Apr 2019 12:26:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Apr 2019 14:21:33 GMT
server
sffe
age
321089
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
79683
x-xss-protection
0
expires
Sat, 11 Apr 2020 12:26:23 GMT
default+de.css
www.google.com/cse/static/element/d35a6008cf40f285/
44 KB
10 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/element/d35a6008cf40f285/default+de.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a295bcfa91664e0dfac547516febc524302c24be2ddb9cf90ceda80b1e8f19aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 08 Apr 2019 16:44:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Apr 2019 14:21:33 GMT
server
sffe
age
651188
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
9940
x-xss-protection
0
expires
Tue, 07 Apr 2020 16:44:44 GMT
default.css
www.google.com/cse/static/style/look/v2/
14 KB
3 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/style/look/v2/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8cda73e6a0e5533a80c6bf94cf5a7b2a0e399ea1c482399b11a21096a8081faa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 16 Apr 2019 05:01:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 15 Oct 2018 12:00:00 GMT
server
sffe
age
2168
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
3112
x-xss-protection
0
expires
Tue, 16 Apr 2019 05:51:44 GMT
CITI_CBOL_HP_LOGIN_v3
view.atdmt.com/jaction/
2 B
386 B
Script
General
Full URL
https://view.atdmt.com/jaction/CITI_CBOL_HP_LOGIN_v3?_=1555393073115
Requested by
Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f0ff:2:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 16 Apr 2019 05:37:53 GMT
x-atlas-debug
AYKHv-asOErNd_XJBn5nMKaGqNQb9bc9x6JTOAk32GppdlMrSywexzNkDLBvuG9ggKRo-tVwqmSdeqC8lEJDZiMT
p3p
CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
status
200
cache-control
private, no-cache, no-store, must-revalidate
content-type
text/javascript
content-length
2
expires
0
/
citi.bridgetrack.com/track/s/
0
793 B
Script
General
Full URL
http://citi.bridgetrack.com/track/s/?id=44715&PageID=JSOSIGNON_200&masterID=undefined&ref=&p=http%3A//andrejhauptman.info/online.citi.com/&random=977090998
Requested by
Host: online.citi.com
URL: https://online.citi.com/GFC/branding/js/linkCapture.js
Protocol
HTTP/1.1
Server
216.250.63.5 Miami, United States, ASN22758 (SAPIENT-DCO - Sapient Corporation, US),
Reverse DNS
citi.bridgetrack.com
Software
Microsoft-IIS/7.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:52 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/7.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
P3P
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
Cache-Control
private
Content-Type
application/x-javascript
Content-Length
119
Expires
Mon, 15 Apr 2019 05:37:53 GMT
async-ads.js
cse.google.com/adsense/search/
171 KB
59 KB
Script
General
Full URL
http://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/d35a6008cf40f285/cse_element__de.js?usqp=CAI%3D
Protocol
HTTP/1.1
Server
2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2af574b01a30db4d4fb301e0a9f325838c6828ad88fd848269e32423f20a410a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:53 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
sffe
ETag
"8672225924171704016"
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
private, max-age=3600
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-XSS-Protection
0
Expires
Tue, 16 Apr 2019 05:37:53 GMT
generate_204
clients1.google.com/
0
83 B
Image
General
Full URL
http://clients1.google.com/generate_204
Protocol
HTTP/1.1
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://andrejhauptman.info/online.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 16 Apr 2019 05:37:53 GMT
Content-Length
0
CWrT.html
paper.citi.com/127893/ Frame 7461
0
0
Document
General
Full URL
http://paper.citi.com/127893/CWrT.html?si=1&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=xframe&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&icid=155539307313813030
Requested by
Host: paper.citi.com
URL: http://paper.citi.com/127893/style4.js
Protocol
HTTP/1.1
Server
23.21.107.93 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-107-93.compute-1.amazonaws.com
Software
haile /
Resource Hash

Request headers

Host
paper.citi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://andrejhauptman.info/online.citi.com/
Accept-Encoding
gzip, deflate
Cookie
s_vi=[CS]v1|2E5AB5180531054D-4000012DA0028AA4[CE]
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://andrejhauptman.info/online.citi.com/

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 16 Apr 2019 05:37:53 GMT
Expires
0
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Pragma
no-cache
Server
haile
transfer-encoding
chunked
Connection
keep-alive
/
paper.citi.com/127893/h7H.html/discovercard.com/dfs/accounthome/summary/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///http... Frame 36E7
0
0
Document
General
Full URL
http://paper.citi.com/127893/h7H.html/discovercard.com/dfs/accounthome/summary/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///https://snsbank.nl/mijnsns/secure/login/httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/?cid=5&si=1&e=http%3A%2F%2Fandrejhauptman.info&LSESSIONID=jLd1p6Ic5oUjdSyLLhgv0DgMovuSpHrZXEuxEXavFtPX08UvN8F3682k&t=xframe&eu=http%3A%2F%2Fandrejhauptman.info%2Fonline.citi.com%2F&icid=155539307314112941
Requested by
Host: paper.citi.com
URL: http://paper.citi.com/127893/style4.js
Protocol
HTTP/1.1
Server
23.21.107.93 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-21-107-93.compute-1.amazonaws.com
Software
haile /
Resource Hash

Request headers

Host
paper.citi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://andrejhauptman.info/online.citi.com/
Accept-Encoding
gzip, deflate
Cookie
s_vi=[CS]v1|2E5AB5180531054D-4000012DA0028AA4[CE]
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://andrejhauptman.info/online.citi.com/

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 16 Apr 2019 05:37:53 GMT
Expires
0
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Pragma
no-cache
Server
haile
transfer-encoding
chunked
Connection
keep-alive
TeaLeaf.action
andrejhauptman.info/US/NCCS/tealeaf/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
andrejhauptman.info
URL
http://andrejhauptman.info/US/NCCS/tealeaf/TeaLeaf.action?JFP_TOKEN=W9RLT7A3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

1041 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| citiData string| SubPortfolioWithSessionID function| getData2 string| HOST string| PATH_FOLDERNAME string| PAGE_NAME function| getParentLocation function| isSelfLoc function| isXFSWhiteListed string| parentLocation boolean| XFSWhitelisted string| domainName string| JFP_CSRF_TOKEN object| OBJ_JFP_CSRF_TOKEN boolean| isCSRFAutomationEnabled string| jfp_token_ambersand string| jfp_token_question string| pageName string| isCinlessUser string| pageDef function| $R function| launchSendMsgPopup string| _server string| _site boolean| _jfp string| _j string| _jcontext string| _d string| _a string| _c string| _pgi string| _pid string| _u string| _f string| _sid string| _ssid string| _pn boolean| mobile string| deviceType string| _locale string| _tyWinID string| _byg string| _regionspecific string| _regionspecificAttr string| _rsid boolean| isRainbowOffersFallback boolean| isNPSMakePymtInFallback string| BTlink string| OfferPageContent string| OfferPageCode string| pageDef_MBAR string| contextPath string| initialPageDef string| isSPFMigrated string| dtacssPh4FallbackVal function| $ function| jQuery function| DP_jQuery_1555393071008 object| JFPWClass object| JFPAJAXCSRF string| normalDomain object| CJW function| doNothing function| mustOverrideMe object| JFP function| JFPObject object| _subscribe_topics object| _subscribe_handlers function| _subscribe_getDocumentWindow undefined| mixin function| $jq function| isSubappBusy string| warnType string| lockType string| displayType string| displayPhrase string| displayPhrase2 string| LOCK string| WARN string| logOffWhenCancelled string| suppressWarn string| suppressLock boolean| isE2e object| openWins number| openWinsCount string| execFuncName function| addWinToList function| closeOpenWins function| confirmGo function| ConfirmGo function| setSubappBusy function| setSubappBusy2 function| ConfirmGo2 function| submitLinkPostForm function| submitLinkPostForm2 function| encryptE2e function| validateToken function| validateCredential function| validateCredentialOnClient function| validateRequired function| validateRequired2 function| validateMaxLength function| validateInputText function| getCookie function| setCookie function| isEmpty function| isWhitespace function| displayHelp function| OnClickHandler function| NS6OnClickHandler object| _evt function| winMouseDown function| winSize function| popupWinSize function| getClickPos function| showPopup_W_XY function| showPopup_L_XY function| showPopup function| doPopup function| linkParentAndCloseSelf function| trim function| openPrintWin string| navClass string| L1 undefined| L2 undefined| L3 undefined| L4 function| hlMenu number| TimerId number| NumExt boolean| bTimerId object| img function| TimeStamp function| clrScrTOwinp function| setScrTO function| TerminateTO function| GetTimeDiff function| getmoretime function| doOnload function| doUnload function| unloadCookie object| xmlhttp object| urlToSubmit string| KBAconfirmPhrase function| createAjaxObject function| checkKBA function| processStateChange function| grayOut function| btn_continue function| btn_noThanks function| GBhide object| child_win function| launchPopupForTY undefined| xmlhttpWindow function| udpateTYWindowHandle function| loadCookie function| loadCSS function| createCookie function| readCookie function| loadPrefCSS function| showPrefCSS boolean| foundFirstErrorTooltip object| firstErrorTooltipId boolean| firstFieldHasCSError object| jQuery172016241603884367883 function| DP_jQuery_1555393071033 function| vrsn_splash object| VerisignControl string| seal_gif_url string| dn string| sap string| splash_url string| tpt string| language string| u1 object| ___so127893 number| CLIWHIT string| PSESSIONID string| SSESSIONID object| regex object| match string| LSESSIONID object| __tp number| __gt function| setgxnahh_wsxifk function| somOfferSiteCatTracking object| somTrackingObj function| tv function| format2Digits object| qs object| qv undefined| cookie undefined| cs undefined| cv object| today number| d undefined| prm undefined| s_cook object| mbarpositions string| currentMBPosition object| currentMBOfferNames string| cnfTxt function| stmtWarn function| decypherProfile string| KAcookieName string| KAcookiePath number| KAmsgInterval number| KAfsTimeout string| KAdestURL number| KAnow number| KAtimerId function| KAstart function| KAsend function| bookmark function| createJAMP function| loadContent function| adjustHeader string| unlinkingmortgageInstanceId function| openOverlayForMortgageFunctionality function| closingOverlay function| forwardToUnlinkFromAccSum function| continueUnlinkConfirm function| fireJAXRSUnlinkFromAccSum function| enableIcon function| disableIcon function| clickEvent function| showAll function| collapseAll function| togglePanel undefined| isFlashSupported number| fmnv number| fmav object| n number| noOfItems string| totHyperLink number| tempcounter number| maincounter string| ss function| launchPopupHHonors object| chld_win object| sendMsgChldWin function| launchPopup function| launchPopupForExpensify function| isflashsupported function| fc function| changeParamValueOfUrl function| formatFieldsValue function| handleDefaultOffers function| nextMBPosition function| prevMBPosition function| carouselMBar_itemVisibleInCallbackAfterAnimation function| getOffset function| handleCMSDrivenScrollOption function| resetCarouselButton function| resetCarouselButtons function| isEmptyString function| launchPopupForRDSADATY object| realHref number| debug function| editLocation function| saveLocation function| clearLocation function| checkLocationInfo function| showModalNoBorder function| saveLocationChanged function| regionChanged function| setRPCookie function| stateChanged function| findVariable function| showModal function| GetXmlHttpObject function| setModalHandlers function| setAjaxHandlers function| sendAlert function| editLocationForm function| submitRPSelectStateForm boolean| isHeightOfRegionalPricingReset number| locationErrorHeight function| showError function| getHeightOfRegionalPricingDialogSnapshot function| getLocationErrorHeight function| openModalWindow function| clearLocationForm function| openModalWindowSLP function| showpdf function| submitRPSelectStateFormSLP function| openModalWindowSLPAda function| loadToolTip function| loadToolTipForAcctSummary function| MBarLaunchPage function| populatePreQualParams function| MBarLaunchPageCOR function| fireOfferURL object| dashboard object| alertHTML function| handleAccountLinkCall function| handleRtuAccountCall function| fireJAXRS function| offerService function| processJSONDataForDashboardOffers function| openOverlay function| openOverlayForOfferSeeMore function| openQuotesSnapshotOverlay function| openUnlinkRequestMortagageOverlay function| openUnlinkAccountMortgageOverlay function| openApplicationMortgage function| openViewDetails function| openOMRDetails function| openOMRStatusDetails function| openContinueRequest function| continueUnlink function| checkStatus function| closeIconClick function| link function| showClosedAccountOverlay object| tooltipInitializer function| acctPanelToolTip object| productLevelTooltip function| alertSeeMoreOverlay function| closeAcctAlertOverlay object| htmlTruncator string| checkingCatCode string| savingsCatCode string| investmentCatCode string| loansCatCode string| cardsCatCode string| retirementCatCode number| dashboardTTC number| acctInfoTTC number| adaTTC number| count function| fireOffersJAXRS function| mBarWidget_itemVisibleInCallbackAfterAnimation function| mBarWidget_itemVisibleAfterAnimation function| processJSONDataForMBarOffers function| handleBackScrollOption function| resetWidgetButton function| formOfferDom object| alertToggle function| inc function| showRecentActivityInDialog function| showAccountPanelAppInDialog function| getSelectedCreditCardAccountForTrans function| showMTApp function| getFormattedText function| isNegativeBalance function| unlinkAccount function| linkAccount string| instanceID function| showClosedAccountDialog function| cancelClosedAccnt function| unlinkClosedAccnt string| alertIndex string| alertMessage string| __timerAlert function| showAlertDialog function| showAlertDialogOverlay function| closeOverlay string| TERM_OPTION_FINAL_DATE string| TERM_OPTION_NO_OF_TFRS string| TERM_OPTION_TOTAL_AMT string| TERM_OPTION_UNTIL_CANCELLED string| TERM_OPTION_EXPIRY_DATE string| FREQ_ONE_TIME function| sfBack function| sfAfterCheck function| setFocusOnAmountField function| ConfirmGoLock function| isSRTFieldPresent function| loader function| amountRadioClicked function| dateRadioClicked function| selectAmountInput function| selectAmountOption function| setOthersToBlank function| getSelectedIndex function| radioAmountOptionWOText function| radioAmountOptionWText function| populateTransferAmount function| populateEmptyTransferAmount function| selectDateInput function| disableNonSelected function| enableNonSelected function| focusAndSelect function| disableOptionalFields function| enableAllFields function| ltrim function| rtrim function| trimForOverlays function| FormatAmt function| FormatAmtWithoutCurrCode function| appendThousandSeperator function| removeLeadingZero function| replace boolean| firstError_selectAccts boolean| selectFromLabel_selectAccts boolean| selectToLabel_selectAccts function| processSrcAcct_selectAccts function| processToAcct_selectAccts function| processInfoBubble_selectAccts function| selectFormatForTo function| selectFormat function| submitTransferDetailsOnChange undefined| ccAccount function| submitTransferDetails function| checkTransfer function| dateEnteredByCalendarHook function| executeForShowConfirmation function| submitTransferDetailsCall function| amountEntryOverlayRecap function| toggleInfoBubble function| showHelpForProduct function| openHelpWin function| selectFormatMT function| selectFormatMTEnterAmount function| showTruncatedValueOnTFR function| toggleErrorBubble function| srcCopsCheck function| destCopsCheck function| executeOnSuccess function| payAnotherBill function| submitConfirmation function| executeOnPaymentConfirm function| back function| executeBackActionOnSuccess function| submitPayeeSelection function| memoOptional function| submitPayeeDetails function| submitPaymentToRecap function| summary function| executeOnSuccessSummary function| cancelReEnrollment function| continueReEnrollment function| executeOnSuccessBP function| getOverlay function| loadFlash function| initializeFinapp function| makePFMAjaxCall boolean| editFormField function| goToPaymentsLanding function| cancelOverlayLanding function| redirectWithInstanceId function| redirectWithoutInstanceId function| redirectPastWithoutInstanceId function| detailedNRIActivate function| makePaymentCreditCard function| rewardsLogoLink function| renderMortgageTable function| refreshSliders function| forwardToTempDelay function| openMortgageURL function| getCreditCardLinks function| hideServiceCCHeading function| getCardsPaymentLinks function| hidePaymentsCCHeading function| showClosedAcctOverlayDialog function| cancelClosedAccntOverlay function| unlinkClosedAccntOverlay undefined| isTYCall string| selectedAccountIndex string| selectedDestinationAccountIndex function| loadSomOfferData function| displaySomOffer function| displayDealOffers function| displayContextualOffer function| updateSOMImgForSPFCO function| displayBTSpotOffers function| displayMBAROffers function| updateSOMForMBAR function| updateSOMForCO function| updateSOMImgForCO function| handleOfferForMBAR function| modifyPreQualUrl function| launchPageForMBAR function| SvcHubFireUrl function| SaltOfferUpdate function| updateSOMForSPFSALT function| SvcGlobalAppFireURL undefined| xmlhttpSOMAcceptance function| updateSOMOfferAccept function| updateOfferStatus function| updateSOMForCOPostSubmit function| updateSOMSubmitEvent function| launchPopupForDR function| submitForSSOToDR function| LinkMisLog function| overlaycallus function| displayQTOOffer function| siteCatalystTrackingForAlert function| alertSeeMoreOverlayLink function| SubmitForECSSO function| refreshingDashboard function| submitForCheckImage function| closeAmexSpeedBumpWindow function| openADAPrintWindow function| updateUserEvent function| reportSC function| doMakePaymentFromADA function| goToCitiWallet function| processOfferClicked function| processOfferDeclined function| processDefaultOfferClicked function| pageReload function| goToICTFR function| launchOWTOffer function| fraudLink function| updateSOMForOWT function| updateEventForLTO function| updateAOMCORForMBAR function| updateAOMCORImgForCO function| updateAOMCORImgForSPFCO function| makePaymentCreditCardForADA function| makePaymentCreditCardForSTMT function| seeAllStatementsNew function| getYodleefastLinkOverlay function| copsredirect function| aoCopsRedirect function| updatecontactinforedirecteditatpay function| updatecontactinforedirectdelatpay function| updatecontactinfoForSeedrw function| updatecontactinfoForAdddra function| REWDBarLaunchPage function| redirectTraNotSPF function| redirectTraNotMRC function| activateNRIblockedCard function| reversePositionID object| carsecclo object| proserconSiteCatalyst function| formSubmitForEnroll function| formSubmitforEBill function| executeOnSuccessEbill function| POSSpeedBumpLaunch function| viewEbillSubmit function| recentTransNavLnk string| printWindowProp function| printSnapShot function| toggleSecureMessageInFlyOut function| ngaKA function| Statements function| Click_To_Pay string| topDM string| startOverUrl number| L boolean| isResponsive string| mboxCopyright object| TNT function| se function| we function| ye function| Re function| mboxUrlBuilder function| mboxStandardFetcher function| mboxAjaxFetcher function| mboxMap function| mboxList function| mboxSignaler function| mboxLocatorDefault function| mboxLocatorNode function| mboxOfferContent function| mboxOfferAjax function| mboxOfferDefault function| mboxCookieManager function| mboxSession function| mboxPC function| mboxGetPageParameter function| mboxCookiePageDomain function| mboxShiftArray function| mboxGenerateId function| mboxScreenHeight function| mboxScreenWidth function| mboxBrowserWidth function| mboxBrowserHeight function| mboxBrowserTimeOffset function| mboxScreenColorDepth function| mbox function| mboxFactory function| mboxScPluginFetcher object| mboxFactories object| mboxFactoryDefault number| mboxVersion function| mboxCreate function| mboxDefine function| mboxUpdate function| mboxVizTargetUrl function| mboxSetCookie function| mboxGetCookie function| mboxLoadSCPlugin object| _AT function| getSizzleForTarget string| hasMbox string| cinLessUser function| focusIfNotVIP object| cinPattern number| cinMinLength number| cinMaxLength object| pinPattern number| pinMinLength number| pinMaxLength string| logonIDTypeName undefined| logonIDTypeParams undefined| lgonIDTypePreselected boolean| vkbSupported boolean| pinPadSupported undefined| currentForm undefined| currentSignonUI undefined| currentLogonIDType string| RANGE boolean| clearFormOnError object| alphaPattern object| alphaNumPattern object| numPattern object| expDatePattern number| ALPHA_TYPE number| ALPHANUMERIC_TYPE number| NUMERIC_TYPE number| DATE_TYPE string| FERR string| EERR string| LERR string| LRERR number| MMDDYYYY number| DDMMYYYY number| YYYYMMDD undefined| addlCharsAllowed string| whitespace boolean| mtSupported function| displayNickname function| accessLayer function| getLogonIDType function| initVars function| preselectItem function| onSelectLogonID function| clearForm function| selectRegForm function| clearRegForm function| closeKeyPad function| isAdditionalItemValid function| validateExpDate function| validateAlpha function| validateAlphaNumeric function| validateNumeric function| getDatePattern function| isValidDate string| SEP function| getTimeZone function| getResolution function| getColorDepth function| fingerprint_resolution function| fingerprint_timezone function| fingerprint_display function| fingerprint_userlang function| fingerprint_syslang function| fingerprint_lang function| populateClientData function| replaceSubmit function| populateEFDParams boolean| validate string| gpPlsMyCitiUsrId string| gpPlsMyCitiPass string| gpDashOnCookiedScreen string| gpErrorOnUserIDSelect string| gpMyCitiCond string| gpMyCitiPassCond function| doSubmit function| enterkeySubmit function| unblock function| onDelete number| unameMinLength number| pwdMinLength string| nextPage object| imgNames object| adServeFunction function| loadAdServe function| linkTrack function| $autocomplete function| disableAutocomplete function| noError boolean| signonLock undefined| callbackFunction function| dosubmit function| hideTooltipWidget function| clearInputBox boolean| enterUserIDTooltip boolean| enterPwdTooltip boolean| minUIdTooltip boolean| minPwdTooltip boolean| flag function| userIDErrorBubble function| pwdErrorBubble function| minUserIDErrorBubble function| minPwdErrorBubble function| processInfoBubble boolean| io_install_flash boolean| io_install_stm string| io_bbout_element_id number| io_exclude_stm string| iovationUrl string| iovationTimeout string| iovationNotAvailable function| setIOBlackBox function| deviceprint_blackbox boolean| isWin function| checkUidComplete string| locale function| processBubble function| setChkFous function| removeSignonLock string| StyleTag object| SCFormElementReporting boolean| signonError boolean| displaySignonError number| sentForm function| signOnUnamePwd function| clearSignonScreen function| pwdValidation function| usernameValidation function| signOnUnamePwdError function| JSOOnload boolean| callJSOOnload string| attv function| doOnloadNew string| BranchAppointment function| OnlineBranchpeedBumpLaunch function| redirectToBB boolean| dashboardoverlay boolean| machTagfirstHit boolean| callCyotaFlag function| checkStatusCsq function| closeIconClickCsq function| checkKBAInterdictionOverlay function| showCSQOverlay function| showOTPOverlay function| checkKBAInterdictionResetPasswordOverlay function| executeOnLoad function| hideDiv string| ua number| msie function| rewireClick function| linkOTC function| createOverlay function| asdpFormSubmit object| pako object| TLT object| OOo undefined| bv_masterID function| btPixelBeacon undefined| __address undefined| __zipcode undefined| __city undefined| __state undefined| __st string| __cszipmsg undefined| __ekw string| __ekwmsg number| lpinterval number| lpWait undefined| sendMessageWindow undefined| isBrandingSessionMapped function| lpAvailabilityCheckInit function| footer function| displayOverlay function| sof function| getBrandingData function| getFinalURL function| lnk function| citiSearch function| checkForEnter function| searchLocations function| moreSrchLocations function| restoreSearchLocationsDefaults function| lnkCiti function| lnkChat function| psdetail function| trackdetail function| uidTrim function| onMessageClick function| topV string| PRODUCTS string| PROFILE function| isSSOFromSB function| isCitiGoldCore function| isCitiGold function| isIPB function| isPBG function| qstrparam function| isGEB function| isCPC function| isEnrolledInEquinox function| isBPActivate function| isNewUser function| hasProductOwned function| isBillPresentment function| isPaperless function| isIIT function| isThankYou function| isMBEligible function| isMBEnrolled function| isCheckingPlusEligible function| isMyFi function| isSB function| isCCinTY function| isAMEXselect function| isAMEXatm function| isAMEXtravel function| isAMEXtktAccess function| AOpromo function| isVANelig function| isTSCBOLEI function| isHiltonCC function| isCashbackCC function| isRIAMigrated function| hasChecking function| hasCheckingPlus function| hasBrokerage function| hasMarginAcct function| hasIRA function| hasCD function| hasCC function| hasMortgage function| hasSavings function| hasIMMA function| hasOtherRetmnt function| hasUnsecCrdt function| hasSecCrdt function| hasUnsecLoan function| hasSecuredLoan function| hasBusinessAcct function| hasMiscAcct function| isCitigold function| isCustomer function| isBanker function| isInvestor function| isFriend function| isRegisteredUser function| isVisitor function| isMember number| cntMessages string| _uid string| _dta string| _ll string| _mid string| _pbg string| classIE string| mainnavFlyoutIE string| useragent function| initMLC function| displayServerName function| isTestDomain function| msgToolTip number| num_of_display object| helpers function| signonHover object| pageTimer function| setPageTimeout object| delayTimer function| delayPageTimeout function| resetPageTimeout undefined| branding_sc_p3 function| sessionRecovery function| callSessionCheck function| sessionCheckReturn function| beforeYouGo function| lpShowButtonBranding function| lpAvailabilityCheck function| constructPFMURL function| gssCallback object| requestURL object| params object| element undefined| h1Element undefined| newElement function| gsearch2 function| scEventL function| scEvent function| gsearch function| searchComplete string| serverPath function| renderSearchControls function| POSSpeedBumpLaunchTimeTrade object| oldElementID function| showSubNav boolean| isCitibank boolean| isAO string| _dh object| __gcse boolean| searchIconToggle boolean| isSearchBoxActive boolean| isBB function| gsearchNew function| gsearchNewPre function| gsearchNewPost function| setSearchBarLabel function| toggleSearchBox function| toggleCoBrandPre number| pgi_r string| pgi_masterID string| pgi_v function| adServe function| BTScriptLoad string| s_account object| parsing_bk_results string| parsed_bk_result_format undefined| bkPhints undefined| ecmCampaign undefined| ecmCookie undefined| mktDomain undefined| aoDomain undefined| bkDomain undefined| bkTimeout undefined| updateTimeout undefined| ecmNames object| bk function| s_getLoadTime function| AppMeasurement function| s_gi function| s_pgicq function| c_r function| c_rspers function| c_w object| s_c_il number| s_c_in object| s number| s_loadT number| s_objectID number| s_giq string| wa_BB_Acct string| wa_TY_Acct string| wa_PP_Acct string| wa_siteCat_Domain string| pageNameExtn string| pageNameExtn1 string| rateSalePageName string| eVar undefined| s_code object| rs string| r object| rx object| eo number| y string| s_tnt object| s_i_citinaprod function| isValidDomain function| isValidUrl function| addExtraField function| f5EtG4aAdvdB3 function| ZAWyAFTYXnVGtDeC function| vaVfz0rtnhOfi function| nullCheck string| isBKDMPDeleted string| defaultStyle object| v string| lHX4KNQ3VSobCN1JuQCTa string| p1Ijx8sO32RpJh6mTq9A string| zzT1OL2jpfVEnojzq string| _i_a string| localObjectName function| __if_a function| __if_b function| __if_c object| _i_d object| _i_o object| _i_z object| _i_aa object| _i_ac object| _i_cr function| __if_d object| io_adp function| __if_e object| _i_dt function| __if_f function| iov_fl_cb function| iov_fl_fn function| iov_fl_get_value function| __if_g object| io_dp function| __if_h function| ioGetBlackbox object| io_cm function| __if_i object| _i_fm object| _i_fn object| _i_fo object| _i_dl object| _i_fp function| __if_j function| __if_k number| _i_fq function| __if_l number| _i_fs function| __if_m string| io_last_error object| IGLOO string| io_stm_cab_url string| io_install_stm_error_handler string| io_flash_needs_update_handler boolean| io_enable_rip object| io_flash_blacklist object| io_flash_whitelist string| io_min_flash_in_firefox_version string| io_min_flash_in_firefox_linux_version string| io_min_flash_version string| _i_dw number| _i_g number| _i_bl object| module$exports$cse$search object| module$exports$cse$CustomImageSearch object| module$exports$cse$CustomWebSearch object| google object| module$exports$cse$searchcontrol object| module$exports$cse$customsearchcontrol function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| detectFields string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint function| asyncpost_deviceprint boolean| pageLoaded function| _googCsa number| nextSearchboxId number| googleNDT_ number| _googCsaAlwaysHttps number| _googCsaExp number| googleAltLoader

6 Cookies

Domain/Path Name / Value
.andrejhauptman.info/ Name: s_cc
Value: true
.andrejhauptman.info/ Name: s_pers
Value: %20gpv_p7%3DNon%2520Cookied%2520Username%2520Password%7C1555394872145%3B%20s_visit%3D1%7C1555394872146%3B%20s_vnum%3D1556668800147%2526vn%253D1%7C1556668800147%3B%20s_invisit%3Dtrue%7C1555394872147%3B%20s_nr%3D1555393072148-New%7C1713073072148%3B
.citi.com/ Name: s_vi
Value: [CS]v1|2E5AB5180531054D-4000012DA0028AA4[CE]
.andrejhauptman.info/ Name: s_sess
Value: %20SC_LINKS%3D%3B%20s_vstart%3D1555393072150%3B
.andrejhauptman.info/ Name: s_fid
Value: 52D1AE27763BAFF4-2C88FBBA4F65373E
.andrejhauptman.info/ Name: mbox
Value: check#true#1555393132|session#bf228ed50e46416f9107fd10d1b986bd#1555394932

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

andrejhauptman.info
cdn.tt.omtrdc.net
citi.bridgetrack.com
citicorpcreditservic.tt.omtrdc.net
clients1.google.com
cse.google.com
metrics.citi.com
mpsnare.iesnare.com
online.citi.com
paper.citi.com
steps.citi.com
view.atdmt.com
www.google.com
andrejhauptman.info
104.109.87.116
104.111.235.119
172.82.228.19
185.222.203.10
216.250.63.5
23.21.107.93
23.21.84.39
2a00:1450:4001:81c::200e
2a00:1450:4001:824::2004
2a00:1450:4001:824::200e
2a03:2880:f0ff:2:face:b00c:0:8c
52.129.74.11
66.117.29.4
07759a8c16aaf61f4428763c7ea3756d31164933e7c5a6081fe6ab9bc3e5fdba
18e8793d86b704d55e31f29ebe6b27907ecf5c5b7495996049d45cfd664fe72b
1a10a3758a8da80eaa7261fd312bb0ef5ac5c97f59d407b8a3acc60bf96aa6e3
1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2
280252aa3047ce2d55dcb1ea863da875574502d37509365b2936b06ac12adfa6
2af574b01a30db4d4fb301e0a9f325838c6828ad88fd848269e32423f20a410a
2e4c2f7305f3821aafe52390f18c573039ce62911aea27a1ba0f8342ce918b90
2f843b3db1023806d56cb580f86984e1c3785f06c8fe5234beec505f17ade6b2
309dac7cbda06a462999840955afb0b6e08587e246455efc34fac90935daf5f9
335b41b5ca8836510180fc9f369227e8cc6be4ec9f8b46061bb9018c28400dfc
3365c6707b11af11e075eb8fc391bc5112836047b278191d10ab568a9bf65172
345059a341cdf6fb013751ba01a3810ce3f42697157616174fc75c02fcb49c6b
38fc9d43e39598220446850e09fffb5ed1959aa78de4bd95764a7c7282508dec
39c0e17dfddea21b1d2adacff83bb9498309fe3588cae2dd4a32ef491b713009
3d2aa79882ad3c6a6a1af67ee6530287d15c7fc75feccdda3e94ca0552df576e
41a3100782686fcd7e788615236a3d734ee87a7096b537210f7c7215f400e16c
44b3ecb9ceeb9a3a4b278f24dacee0a27028004cb22edd57a890ea671ba2d9e7
4d09cfb5ba7471be2d35405a0510a67a3a6825e1e0337aca7dd94256e6c107d8
4f5dfedb6a8ef6b3124d5b7f37df4e2f1b83d3560f24ea81ade062331d624c2c
522d8553b114774ec08b1fe8f0004510368c3070cc26a17cf7a200e0e9a55d6b
588e7f8fc3122ea4f8fc8f0e89c1e7d9a73cb736b3f839d1315ba1c5335fbf82
5afcdfea737deff383e30811d357bf0a93c818b0495cb0e3194b5b87bfda0cb4
5b27cb8a843da7b4f70f68d669798596541491654185df0bd45867d951a31947
5bfb985b0d0538e1861523083bbf70ee150a6f0b06fe0d720c605b0a34984b9b
5e6230d582495dacc0a333f67ca63d1f78e711bc6913922286618c53411c410e
65980d692a75b30a18de261f85398dd5e3b9ecca2b8c3e6943c6c45b77a57567
66f4efff67c8da6b84e2259405f3ff4db59b8617b9622b6d0f9ccdf8ffbe557b
6c5a71e3845d683151e55f217ba43a8da4c97718cc854ec08a67d119f3625d40
6cc415ff6c7e1c19761a0ea19ece60e6e8a59725188f57474a0a81d2e1cdb366
701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484
705f1ccbf32b8ebd6c4a04262ca5c320c50aa324f80a34fb3b160a8138257e14
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
76de53a0f24a3a3b24aace9beae716118a121afb3a39bf920cd94133939037f8
78973b3779090b1cfac3b1cd507d1fdf249852180c31bc929d0fe5f1d37af600
792d7f43756c4080c3348d6a9a84730fc0316cc6e356fcc4d3f9a2421d1b770f
814f4156757aefae12ec4ec27ed1e9e5634d7431a9129cf68cd1a59f3b0d6970
823db1b6cf4fe34956773f03a9b3e1c36d3a1fe1b609b1c1bd8730475bc6b81c
86106c19d08ee85f18662177ea573919358c1393795c2abd17e8874ba91d462d
8824e4738ff9ccec6f5a45884909cdb71e44ee55d1b1d7cf6344d63ebcb32e9c
8cda73e6a0e5533a80c6bf94cf5a7b2a0e399ea1c482399b11a21096a8081faa
9180b5e987462dac7966e5a962393ad08b5b89ad97989d7689f94667bdde4c93
938103283235f354265b4a620cef1df3745d8161ed3d47f572366ad59e456a5f
955e287d905855f65031a3f7f98912cdb98e04690df255daaad2270421f4d047
98b51f738c188b1b429337470e64a958d0aa86d6cefd8a5a9dc1ed6c6cabeda8
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a295bcfa91664e0dfac547516febc524302c24be2ddb9cf90ceda80b1e8f19aa
a93468f04285a8c632d457a74a4a774f494836792dcfe7ede53999c12f1c06be
b256194e43343f5c19794cdc252cab31e88d6abada730497248e3f4dd3d6ebbc
b47060147f820f4721134724e1a38cab5fcc6960091389f6b4587769c4d2c313
b63dce0094ea3c2b03d2dc0205507faaa364d2b686cf32d7090f80d87e9cccf9
bb67948c6080636f700c0b3edc95ce22bef389b37ba75c817b0ae33bb96ca4ad
c03c473373b74ec78cd18149c63791f1879e0521776846e6ffd9dcfecd413b1e
c3c02bcaca12da1a9ce27e3760e479fface7a05319c2708088cceb05af286eb1
c43da00acce584c0a3307b8ec4e08fd3ad41d527490ca93c2051e72dec5d29cd
c59ce3aa56805401720f31c98201c30629c21c1164762afd8bea32e00e568933
d248b57112c882895aa0837d6e55a38312b5e609c6a51d60fe4eb1611135bb92
d33c3580a6f74918cb48b98df98c9d7bb24dffe18938325ba9327459dd0ce424
d62034faef6190f309ea68be1bd8a115133b76d0cd0a16ed34fba1211ae29807
d7f753898b34f8c5b7838b693561be358fac28891b99a5fb260c844a9dd520d7
dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2
e21f11da6d00993b678d95e17d9357fef64d1523c19a67cb7146299becd3a7be
e2812b1e3529e5f39e3b0586e82c7ad0dfc3fc61cfa0107edfac16483d0547d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77d37ad2371f1b1c13192c69c795d3b8b2e0a9b463b6e465cfa39aed4933d56
e7e2072bba9c55af8da06e0205da3c83d79f14999215b35ecbe374661bbce0a9
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ef4a3c4de139f5acffbea6b0ea75fb5f167a892fe98b7c324c5bdefb82a16e98
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
fd1ef7bbb200c5931e5e7e342b68939c874b32d041e6fd7529c5af2261f93818
fde2419dbb975ba13ee435b8e15b754a11569815f6ef87a68b9984b99cd607cf
fea2ce318fe3e06af7549e140581f16de9801c39cdb33edbbd4293a505a3eb3b