banking.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://offer.citibank.com/
Effective URL:
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.g...
Submission: On August 18 via automatic, source certstream-suspicious (August 18th 2021, 9:31:59 am UTC)

Summary HTTP 126 Redirects Behaviour Indicators

Summary

This website contacted 31 IPs in 4 countries across 25 domains to perform 126 HTTP transactions. The main IP is 35.190.22.40, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is banking.citi.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 11th 2020. Valid for: 2 years.

This is the only time banking.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5 12	35.190.22.40 35.190.22.40	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
1 4	52.19.195.165 52.19.195.165	16509 (AMAZON-02) (AMAZON-02)
1	104.111.228.137 104.111.228.137	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:215... 2600:9000:2156:ca00:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
2 3	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
3	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	99.80.210.73 99.80.210.73	16509 (AMAZON-02) (AMAZON-02)
2	34.107.138.236 34.107.138.236	15169 (GOOGLE) (GOOGLE)
1	54.170.22.84 54.170.22.84	16509 (AMAZON-02) (AMAZON-02)
1	13.224.96.96 13.224.96.96	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:1800:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1 1	143.204.98.95 143.204.98.95	16509 (AMAZON-02) (AMAZON-02)
2 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
4	192.193.200.243 192.193.200.243	32287 (SOLANA-CI...) (SOLANA-CITIPLEX)
1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 3	34.206.110.32 34.206.110.32	14618 (AMAZON-AES) (AMAZON-AES)
1 2	13.224.96.37 13.224.96.37	16509 (AMAZON-02) (AMAZON-02)
1 6	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1 11	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.13.175 151.101.13.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
126	31

12 35.190.22.40 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 40.22.190.35.bc.googleusercontent.com

offer.citibank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citi.bridgetrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
banking.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.19.195.165 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-195-165.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.228.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-137.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:ca00:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20822230p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.210.73 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-210-73.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.138.236 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 236.138.107.34.bc.googleusercontent.com

sec-citi.bridgetrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.170.22.84 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-22-84.eu-west-1.compute.amazonaws.com

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-96.zrh50.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:1800:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.95 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-95.fra50.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

fcmatch.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fcmatch.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.193.200.243 (United States)

ASN32287 (SOLANA-CITIPLEX, US)

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.206.110.32 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-110-32.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.96.37 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-37.zrh50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	googletagmanager.com www.googletagmanager.com	603 KB
21	ensighten.com nexus.ensighten.com	400 KB
16	google.com 3 redirects fcmatch.google.com www.google.com	2 KB
16	doubleclick.net 3 redirects cm.g.doubleclick.net googleads.g.doubleclick.net	17 KB
15	google.de www.google.de	1 KB
14	citi.com 1 redirects banking.citi.com metrics1.citi.com prod.report.nacustomerexperience.citi.com	231 KB
4	rlcdn.com 2 redirects sr.rlcdn.com idsync.rlcdn.com	943 B
4	tvpixel.com 1 redirects c.tvpixel.com p.tvpixel.com	33 KB
4	demdex.net 1 redirects dpm.demdex.net citi.demdex.net Failed	4 KB
4	crazyegg.com script.crazyegg.com	25 KB
4	bridgetrack.com 1 redirects citi.bridgetrack.com sec-citi.bridgetrack.com	36 KB
3	rfihub.com 2 redirects 20766699p.rfihub.com 20822230p.rfihub.com p.rfihub.com	2 KB
3	citibank.com 3 redirects offer.citibank.com	439 B
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	1013 B
2	googleadservices.com www.googleadservices.com	27 KB
2	medallia.com resources.digital-cloud-citi.medallia.com	85 KB
1	bluekai.com stags.bluekai.com	338 B
1	youtube.com fcmatch.youtube.com	546 B
1	rezync.com 1 redirects live.rezync.com	782 B
1	pbbl.co cdn.pbbl.co
1	omtrdc.net citicorpcreditservic.tt.omtrdc.net	1 KB
1	everesttech.net 1 redirects cm.everesttech.net	517 B
1	rfihub.net c1.rfihub.net	6 KB
1	bkrtx.com tags.bkrtx.com	16 KB
126	25

	Domain	Requested by
21	www.googletagmanager.com	nexus.ensighten.com www.googletagmanager.com
21	nexus.ensighten.com	banking.citi.com nexus.ensighten.com
15	www.google.de
15	www.google.com	2 redirects
15	googleads.g.doubleclick.net	2 redirects www.googleadservices.com
7	banking.citi.com	1 redirects banking.citi.com
4	prod.report.nacustomerexperience.citi.com	nexus.ensighten.com
4	dpm.demdex.net	1 redirects banking.citi.com nexus.ensighten.com
4	script.crazyegg.com	banking.citi.com script.crazyegg.com
3	p.tvpixel.com	1 redirects nexus.ensighten.com
3	idsync.rlcdn.com	2 redirects
3	metrics1.citi.com	nexus.ensighten.com
3	offer.citibank.com	3 redirects
2	sb.scorecardresearch.com	1 redirects
2	www.googleadservices.com	www.googletagmanager.com
2	resources.digital-cloud-citi.medallia.com	nexus.ensighten.com resources.digital-cloud-citi.medallia.com
2	sec-citi.bridgetrack.com	banking.citi.com
2	citi.bridgetrack.com	1 redirects banking.citi.com
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	stags.bluekai.com	tags.bkrtx.com
1	fcmatch.youtube.com
1	fcmatch.google.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	p.rfihub.com	1 redirects
1	live.rezync.com	1 redirects
1	20822230p.rfihub.com	1 redirects
1	sr.rlcdn.com	nexus.ensighten.com
1	c.tvpixel.com	nexus.ensighten.com
1	cdn.pbbl.co	nexus.ensighten.com
1	citicorpcreditservic.tt.omtrdc.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	20766699p.rfihub.com	c1.rfihub.net
1	c1.rfihub.net	nexus.ensighten.com
1	tags.bkrtx.com	nexus.ensighten.com
0	citi.demdex.net Failed	nexus.ensighten.com
126	36

This site contains no links.

Subject Issuer	Validity	Valid
banking.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-02-11` - `2022-04-09`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-09` - `2022-05-08`	a year	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2021-04-02` - `2022-04-07`	a year	crt.sh
*.rfihub.net Sectigo RSA Domain Validation Secure Server CA	`2021-02-10` - `2022-02-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-07-02` - `2022-08-30`	2 years	crt.sh
citi.bridgetrack.com Thawte EV RSA CA 2018	`2021-05-06` - `2022-06-06`	a year	crt.sh
*.bridgetrack.com Thawte RSA CA 2018	`2019-10-25` - `2021-11-21`	2 years	crt.sh
*.tt.omtrdc.net DigiCert SHA2 Secure Server CA	`2020-11-02` - `2021-11-09`	a year	crt.sh
*.pbbl.co Amazon	`2020-12-04` - `2022-01-02`	a year	crt.sh
*.tvpixel.com Amazon	`2021-02-13` - `2022-03-14`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-05-05` - `2022-07-04`	2 years	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Frame ID: CA7510F1B61ABBF1CD1AAB9EA0B06EB1
Requests: 121 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=1702&rb=648&ca=20766699&_o=17169175&_t=2019checkingrewardsoffers&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=2019checkingrewardsoffers&pe=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&pf=&ra=7008122035171613
Frame ID: C9155253EAD19C55E784299C7E070D5B
Requests: 1 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 18897871B62D97BC44436FCF9A44CE32
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 4630FF4DD5D3DE5844F9B809D89CD5C5
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product&phint=event&phint=category%3Dlanding%20page&phint=page%3D2019_checking_rewards_offers&phint=section1%3DSapient&phint=section2%3DACQ&phint=section3%3DBANK&phint=section4%3DAffiliate&phint=bankappstatus&phint=productID&phint=__bk_t%3DEnjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&phint=__bk_v%3D3.1.10&limit=10&r=47110167
Frame ID: 2C67801DF63FE115E8C3B24751E6C6BB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://offer.citibank.com/ HTTP 302
https://offer.citibank.com/cbol/default.htm HTTP 302
https://offer.citibank.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q... Page URL

Detected technologies

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Google Cloud (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /^1\.1 google$/i

Page Statistics

126
Requests

99 %
HTTPS

35 %
IPv6

25
Domains

36
Subdomains

31
IPs

4
Countries

1492 kB
Transfer

4146 kB
Size

19
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://offer.citibank.com/ HTTP 302
https://offer.citibank.com/cbol/default.htm HTTP 302
https://offer.citibank.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1629279100596 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1629279100596

Request Chain 39

https://cm.everesttech.net/cm/dd?d_uuid=54939603123277182101915490858239233298 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YRzTfQAAAG0KrQO1

Request Chain 40

https://banking.citi.com/track/?id=62614&r=29048468.961193975 HTTP 302
https://citi.bridgetrack.com/track/Default.asp?id=62614&r=29048468.961193975

Request Chain 57

https://20822230p.rfihub.com/ca.html?rb=648&ca=20822230&ra=307026869&_o=17169175&_t=zx-cookie-match HTTP 302
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1870471597508382751 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=94e41b29-5c2b-41a2-b53e-24d08b8e50e9%3A1629279101.77&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D94e41b29-5c2b-41a2-b53e-24d08b8e50e9%253A1629279101.77 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=94e41b29-5c2b-41a2-b53e-24d08b8e50e9%3A1629279101.77 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CM3PHhI8CjgIARAFGjI5NGU0MWIyOS01YzJiLTQxYTItYjUzZS0yNGQwOGI4ZTUwZTk6MTYyOTI3OTEwMS43NxAAGg0I_qbziAYSBQjoBxAAQgBKAA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwM05lZ3dWQ0wwRG15Rk5kd0VoX0dCRUw0Q3phdDk4dlF2bXVVcUIzSXEwdw==&google_cm HTTP 302
https://fcmatch.google.com/pixel?google_gm=AMnCDopab5FX52_uXIOAmyZNPTgxIVtM3iNFTsgqV0EJxcqjSwFJ507GIfAa56amnHN3OEa7-Y3A8HNAnTYPSUvYh1sQ4Lvw9RDUhh8yUrOg71vMCfiobaGynyuPLxOlrYuvNyhhFEsy4oXcTzWDkdqUIyPIu5QIfQ HTTP 302
https://fcmatch.youtube.com/pixel?google_gm=AMnCDopab5FX52_uXIOAmyZNPTgxIVtM3iNFTsgqV0EJxcqjSwFJ507GIfAa56amnHN3OEa7-Y3A8HNAnTYPSUvYh1sQ4Lvw9RDUhh8yUrOg71vMCfiobaGynyuPLxOlrYuvNyhhFEsy4oXcTzWDkdqUIyPIu5QIfQ

Request Chain 69

https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c8=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&c9=&rn=1629279101504 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c8=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&c9=&rn=1629279101504

Request Chain 81

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1629279101588&cv=9&fst=1629279101588&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=708638538&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=708638538&resp=GooglemKTybQhCsO&ipr=y

Request Chain 84

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1629279101590&cv=9&fst=1629279101590&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=1429869685&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=1429869685&resp=GooglemKTybQhCsO&ipr=y

Request Chain 119

https://p.tvpixel.com/r/tp2?aid=cs_liveramp&u=https%3A%2F%2Fidsync.rlcdn.com%2F468226.gif%3Fpartner_uid%3D[NUID] HTTP 302
https://idsync.rlcdn.com/468226.gif?partner_uid=e1614295-44b3-4a9e-bfc9-f2ff1c398390

126 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request default.htm Show response
banking.citi.com/cbol/checking/rewards/offers/
Redirect Chain

https://offer.citibank.com/
https://offer.citibank.com/cbol/default.htm
https://offer.citibank.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9...

122 KB
51 KB

303ms
162ms

Document
text/html

35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

40.22.190.35.bc.googleusercontent.com

Software

Resource Hash

1e6509f4849d0a7b9c36f288c4cd55e4854ecb591ba64c11b130668de59961b7

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

:method: GET
:authority: banking.citi.com
:scheme: https
:path: /cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: private
content-type: text/html
content-encoding: gzip
expires: Tue, 17 Aug 2021 09:31:40 GMT
vary: Accept-Encoding
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
x-frame-options: DENY
set-cookie: CitiBTSES=SID=353F9166C899480AA291934CA03D499C; path=/
date: Wed, 18 Aug 2021 09:31:40 GMT
content-length: 51771
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

cache-control: private
content-type: text/html
expires: Tue, 17 Aug 2021 09:31:40 GMT
location: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
set-cookie: ATC1=50186|VtnOs.B.iAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.C.E; expires=Sat, 13-Aug-2022 9:31:40 GMT; path=/; domain=citi.bridgetrack.com; CitiBT%5F1=SID=102DAE2D769D4F66823A2A1AA9DC954F; expires=Sat, 13-Aug-2022 04:00:00 GMT; domain=citi.bridgetrack.com; path=/ CitiBT=GUID=7D7062D0E4E64DD0B59D1BAE67A7B4A0; expires=Sat, 13-Aug-2022 04:00:00 GMT; domain=citi.bridgetrack.com; path=/ CitiBTSES=SID=7268939B663C4AE5A529E4F70D138C68; domain=citi.bridgetrack.com; path=/
date: Wed, 18 Aug 2021 09:31:39 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 1567.js Show response
script.crazyegg.com/pages/scripts/0090/ 5 KB
2 KB 61ms
39ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f931d8b83ca5f0de77824d86e0e9665be3c285d242682e6d13c08cb672982de8

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 130411
cf-polished: origSize=4899
cf-ray: 680a2169ff8b4ecd-FRA
ce-version: 11.1.323
last-modified: Mon, 16 Aug 2021 21:18:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-bgj: minify

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 281 KB
92 KB 112ms
54ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f8157850ec3a35a1b423891878b5ea8c9ca403dbd0539d28d4e0021ed915e89b

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 18:41:47 GMT
server: nginx
etag: W/"611c02eb-462ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300

GET
H2 200 1567.json Show response
script.crazyegg.com/pages/data-scripts/0090/ 8 KB
2 KB 26ms
12ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f23b26c43cbea5370f20f2842ca05662e6e09053154c87abc175b9e41af7898

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 130832
ce-version: 11.1.323
content-length: 1590
timing-allow-origin: *
last-modified: Mon, 16 Aug 2021 21:11:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 680a216a49544db2-FRA

GET
H2 200 11.1.323.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 64 KB
21 KB 17ms
17ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.323.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 714cafff07c401d54cda0b09af30d81dd5e3e2bc5891556168366fcc771a5bc4

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Jul 2021 13:13:31 GMT
server: cloudflare
age: 1880994
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
cf-ray: 680a216a686e4ecd-FRA
content-length: 21471

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1629279100596
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1629279100596

363 B
1 KB

54ms
54ms

XHR
application/json

52.19.195.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1629279100596

Requested by

Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.195.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-195-165.eu-west-1.compute.amazonaws.com

Software

Resource Hash

4c1b2166c2bbdea1aacd57b3f8bc0b4818bcb423f67b95d3d9c4f55c5e2c8f6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-0a778d318.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: CQI6AsNmTkI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://banking.citi.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 308
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v012-044ab1bbb.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://banking.citi.com
X-TID: gTSxgMdjRZE=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1629279100596
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3-29 200 13.bundle.js Show response
banking.citi.com/cbol/checking/rewards/offers/js/ 2 KB
1 KB 168ms
139ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://banking.citi.com/cbol/checking/rewards/offers/js/13.bundle.js
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 83a879b39bfb0f1d7d69a7a644f858c7408a76b8934a6d8267804eca843cb2e1

Request headers

:path: /cbol/checking/rewards/offers/js/13.bundle.js
pragma: no-cache
cookie: CitiBTSES=SID=353F9166C899480AA291934CA03D499C; AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18858%7CvVersion%7C3.1.2; check=true; mbox=session#899d139ab4fc4268830e41b058eb29a0#1629280961
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: banking.citi.com
referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 20:38:19 GMT
etag: "80af16341466d71:0"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1029

GET
H2 200 1567.json Show response
script.crazyegg.com/pages/sampling-data-scripts/0090/ 302 B
252 B 26ms
26ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/sampling-data-scripts/0090/1567.json?t=452577
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.323.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49929d3d5e0928379e079ddba8727487fd424e36aa1c510dc9192802e469ea92

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 130832
ce-version: 11.1.323
content-length: 186
timing-allow-origin: *
last-modified: Mon, 16 Aug 2021 21:11:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 680a216b2b634db2-FRA

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
885 B 42ms
42ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Aug%2017%2018:41:47%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 73982002711bc0cec99ff7c1202a6f6145441f2e9c6a4d93584501ad4d813c83

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
cache-control: no-cache, no-store
content-type: text/javascript
server: nginx
content-encoding: gzip
vary: Accept-Encoding
expires: Wed, 18 Aug 2021 09:31:39 GMT

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
737 B 28ms
28ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4854904
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 9088b0ceb01ee51a9f99e8c023ebe24c.js Show response
nexus.ensighten.com/citi/na_prod/code/ 374 KB
115 KB 39ms
38ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 38a5fb932ee9e5d28ed19cc58c785fd248b51940a2560e952c34699bc3592d1e

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 18:13:31 GMT
server: nginx
etag: W/"611bfc4b-5d889"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 93935a4096516447172d9d3f1d23710d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
739 B 28ms
28ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93935a4096516447172d9d3f1d23710d.js?conditionId0=433072
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 02 Jul 2019 16:42:08 GMT
server: nginx
etag: W/"5d1b8960-5c7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 58ms
57ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 fed07591fd822c6ce331124aa2d87d1a.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 29ms
28ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fed07591fd822c6ce331124aa2d87d1a.js?conditionId0=4897099
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 70067e1110d5c2932925b5d07eac5d6a8c530a18e4d2f3d4d452709a30b1aa20

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 29 Jun 2021 18:32:00 GMT
server: nginx
etag: W/"60db6720-d5f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 29ms
28ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 3ae5401499ebbfa990c60e4063f9b6af.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
861 B 29ms
28ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/3ae5401499ebbfa990c60e4063f9b6af.js?conditionId0=480881
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 381755f71c74f975a9ac540fe1ede4a3fc9b1fab96d800b86d635d526d27b8a4

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Fri, 21 May 2021 19:58:30 GMT
server: nginx
etag: W/"60a810e6-631"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 bbca77cf7414f2670ac689069fdd7bbf.js Show response
nexus.ensighten.com/citi/na_prod/code/ 133 KB
31 KB 34ms
32ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/bbca77cf7414f2670ac689069fdd7bbf.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a197904b98e3d435ee777559c9bc82e0b51f36ed31da69138f13000ab0790a07

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 27 Jul 2021 17:00:05 GMT
server: nginx
etag: W/"61003b95-21421"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
737 B 38ms
36ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 9256a99325e3c2682fc95deacb56cf6a.js Show response
nexus.ensighten.com/citi/na_prod/code/ 4 KB
1 KB 38ms
36ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9256a99325e3c2682fc95deacb56cf6a.js?conditionId0=4854834
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 60abe67c77d5a580d5b2bf690be5ccf519653ac62de0bc3650366ee838fcfd23

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 29 Jun 2021 18:32:00 GMT
server: nginx
etag: W/"60db6720-f0a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 55cb18d20c4d5aec37c02a5d7eb33eaf.js Show response
nexus.ensighten.com/citi/na_prod/code/ 114 KB
32 KB 47ms
45ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/55cb18d20c4d5aec37c02a5d7eb33eaf.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cfa4a97630e612b8516a6b784800d0409c8be694506951dd6127c8b5933475c2

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Fri, 21 May 2021 19:58:30 GMT
server: nginx
etag: W/"60a810e6-1c8da"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 16815c08f42f8563f2223401e69c35ae.js Show response
nexus.ensighten.com/citi/na_prod/code/ 19 KB
5 KB 41ms
40ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/16815c08f42f8563f2223401e69c35ae.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: aec24d3681dc71d8dc225956adcfcd6f5263ba340e01f8eda6d745ea78570cea

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Wed, 26 May 2021 15:27:23 GMT
server: nginx
etag: W/"60ae68db-4a5b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 9088b0ceb01ee51a9f99e8c023ebe24c.js Show response
nexus.ensighten.com/citi/na_prod/code/ 374 KB
115 KB 50ms
49ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=3013337
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 38a5fb932ee9e5d28ed19cc58c785fd248b51940a2560e952c34699bc3592d1e

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Tue, 17 Aug 2021 18:13:31 GMT
server: nginx
etag: W/"611bfc4b-5d889"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 80f9f953a9a15824f851eb8e8f9ce1a2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 340 B
522 B 41ms
41ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/80f9f953a9a15824f851eb8e8f9ce1a2.js?conditionId0=4906371
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bd810e3e44e2831625684ea9b5dd40dab43b6d06308a563b8c1809c119fadce1

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
last-modified: Tue, 29 Jun 2021 18:32:00 GMT
server: nginx
etag: "60db6720-154"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 340

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 51 KB
16 KB 141ms
52ms Script
application/javascript 104.111.228.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/bbca77cf7414f2670ac689069fdd7bbf.js?conditionId0=421908

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.228.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-137.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 21 May 2021 19:14:21 GMT
Server: nginx/1.15.8
ETag: W/"60a8068d-cbc2"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Wed, 18 Aug 2021 09:31:40 GMT
Connection: keep-alive
Content-Length: 16078
Expires: Wed, 25 Aug 2021 09:31:40 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 50ms
12ms Script
application/x-javascript 2600:9000:2156:ca00:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/16815c08f42f8563f2223401e69c35ae.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ca00:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 08:54:51 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 08:54:41 GMT
server: Jetty(9.3.29.v20201019)
age: 2209
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: _dCs91PwRAQAiWv-3GFTBsHX-Fa9k7tSkHhE42yxqc48tDhhBkmGkA==
expires: Wed, 18 Aug 2021 09:54:51 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6048bb47811019e987c490118875ed9fe947cce0b07f3a8cbae488c9030ca129

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37666
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c516572f43105c4a7b3a91ecb44a680de8d843110808bf14b638cb42ec4f5477

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37664
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 28ms
27ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2532573&did=551970&errorName=ReferenceError
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 18 Aug 2021 09:31:39 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 28ms
27ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=jQuery%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2670712&did=571630&errorName=ReferenceError
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 18 Aug 2021 09:31:39 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 28ms
27ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2670634&did=572752&errorName=ReferenceError
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 18 Aug 2021 09:31:39 GMT

GET
H3-29 200 0.bundle.js Show response
banking.citi.com/cbol/checking/rewards/offers/js/ 35 KB
14 KB 150ms
149ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://banking.citi.com/cbol/checking/rewards/offers/js/0.bundle.js
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 27e4931721e513282b6aa75885d3b8c8e1eace6e0cdd7acd2585001af6968ab9

Request headers

:path: /cbol/checking/rewards/offers/js/0.bundle.js
pragma: no-cache
cookie: CitiBTSES=SID=353F9166C899480AA291934CA03D499C; AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18858%7CvVersion%7C3.1.2; check=true; mbox=session#899d139ab4fc4268830e41b058eb29a0#1629280961; 7830=error; 7018=; 64072=; _cls_v=f8a4b90a-dfb2-4c28-b026-daf896ac3e0a; _cls_s=c8fc6a08-a066-4212-b4b5-3b4d257800a8:0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: banking.citi.com
referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:39 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 20:38:19 GMT
etag: "80af16341466d71:0"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14457

GET
H3-29 200 1.bundle.js Show response
banking.citi.com/cbol/checking/rewards/offers/js/ 34 KB
9 KB 143ms
143ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://banking.citi.com/cbol/checking/rewards/offers/js/1.bundle.js
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 885c5f2432eaa2f0bd593be2af4904f0691df24b1b00360a8b361a4f4f406fad

Request headers

:path: /cbol/checking/rewards/offers/js/1.bundle.js
pragma: no-cache
cookie: CitiBTSES=SID=353F9166C899480AA291934CA03D499C; AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18858%7CvVersion%7C3.1.2; check=true; mbox=session#899d139ab4fc4268830e41b058eb29a0#1629280961; 7830=error; 7018=; 64072=; _cls_v=f8a4b90a-dfb2-4c28-b026-daf896ac3e0a; _cls_s=c8fc6a08-a066-4212-b4b5-3b4d257800a8:0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: banking.citi.com
referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:39 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 17:47:11 GMT
etag: "8079fec1a184d71:0"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9237

GET
H3-29 200 7.bundle.js Show response
banking.citi.com/cbol/checking/rewards/offers/js/ 36 KB
10 KB 144ms
143ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://banking.citi.com/cbol/checking/rewards/offers/js/7.bundle.js
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0113986e6a60f776fb9ad741020e432926c08963dc5f5a6e03b8699af5ce19c1

Request headers

:path: /cbol/checking/rewards/offers/js/7.bundle.js
pragma: no-cache
cookie: CitiBTSES=SID=353F9166C899480AA291934CA03D499C; AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18858%7CvVersion%7C3.1.2; check=true; mbox=session#899d139ab4fc4268830e41b058eb29a0#1629280961; 7830=error; 7018=; 64072=; _cls_v=f8a4b90a-dfb2-4c28-b026-daf896ac3e0a; _cls_s=c8fc6a08-a066-4212-b4b5-3b4d257800a8:0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: banking.citi.com
referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 17:47:11 GMT
etag: "8079fec1a184d71:0"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9814

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 25ms
23ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae5e16b1c196e358177a525ff16b7e8896928fa63753bc5567c28bae0e975a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37675
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 29ms
27ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

461e52f6f307fee0e97d50ed6556141cb13c08cd5c371f0b8bb2a4d392a06b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37675
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

32ae9a7c3158f9a9266e0169a065f5a5093f3ea5b6f386c3dfdaa6287f8c1732

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37674
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4434e91c484aad8d345e4eb4ba80d70ed517f2ace227658bc324a3e4c4a80103

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37677
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H/1.1 200
OK Cookie set ca.html Show response
20766699p.rfihub.com/ Frame C915 118 B
703 B 187ms
50ms Document
text/html 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=1702&rb=648&ca=20766699&_o=17169175&_t=2019checkingrewardsoffers&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=2019checkingrewardsoffers&pe=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&pf=&ra=7008122035171613
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Host: 20766699p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://banking.citi.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://banking.citi.com/

Response headers

Date: Wed, 18 Aug 2021 09:31:41 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDc1sDC2MDI3NRTiM9T1dk3Lt8zK9vELTc6V4jU0M7I0Mrc0NABCSwBEhC9QNAAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 12 Sep 2022 09:31:41 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDc1sDC2MDI3NRTiM9T1dk3Lt8zK9vELTc4FALZqyQElAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

GET dest5.html
citi.demdex.net/ Frame 1889 0
0

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
675 B 177ms
37ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=50164271840342499531384481886658737329&ts=1629279100903

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

13c69109021f37cebdf0ba2a447f6c77bf48f790ad2cfec9ef4b0d614d1ebe52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5446df8c45-vq2gc
vary: Origin
x-c: main-1500.I51075a.M0-511
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://banking.citi.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YRzTfQAAAG0KrQO1
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=54939603123277182101915490858239233298
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YRzTfQAAAG0KrQO1

42 B
958 B

61ms
61ms

Image
image/gif

52.19.195.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YRzTfQAAAG0KrQO1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.195.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-195-165.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-037df3aea.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: zvkqlnUZRKI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YRzTfQAAAG0KrQO1
Date: Wed, 18 Aug 2021 09:31:41 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3-29

200

Default.asp
citi.bridgetrack.com/track/
Redirect Chain

https://banking.citi.com/track/?id=62614&r=29048468.961193975
https://citi.bridgetrack.com/track/Default.asp?id=62614&r=29048468.961193975

43 B
62 B

173ms
145ms

Image
image/gif

35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi.bridgetrack.com/track/Default.asp?id=62614&r=29048468.961193975
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
via: 1.1 google
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
cache-control: private
content-type: image/GIF
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
expires: Tue, 17 Aug 2021 09:31:41 GMT

Redirect headers

date: Wed, 18 Aug 2021 09:31:40 GMT
via: 1.1 google
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
location: https://citi.bridgetrack.com/track/Default.asp?id=62614&r=29048468.961193975
cache-control: private
set-cookie: CitiBT=GUID=1A9756ADAF6847E0853CCC5F8FBDB25B; expires=Sat, 13-Aug-2022 04:00:00 GMT; path=/
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Tue, 17 Aug 2021 09:31:41 GMT

GET
H3-29 200 hero_w_form-kitchen_dsk.jpg
banking.citi.com/cbol/checking/rewards/offers/images/ 129 KB
130 KB 139ms
139ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banking.citi.com/cbol/checking/rewards/offers/images/hero_w_form-kitchen_dsk.jpg
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0611da532bb7c03fb897e96e41b5098cc47a58333fb226aafd104d7c5ac2650d

Request headers

:path: /cbol/checking/rewards/offers/images/hero_w_form-kitchen_dsk.jpg
pragma: no-cache
cookie: CitiBTSES=SID=353F9166C899480AA291934CA03D499C; check=true; mbox=session#899d139ab4fc4268830e41b058eb29a0#1629280961; 7830=error; 7018=; 64072=; _cls_v=f8a4b90a-dfb2-4c28-b026-daf896ac3e0a; _cls_s=c8fc6a08-a066-4212-b4b5-3b4d257800a8:0; _gcl_au=1.1.424995944.1629279101; AMCVS_61834D9B5228A7430A490D45%40AdobeOrg=1; AMCV_61834D9B5228A7430A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18858%7CMCMID%7C50164271840342499531384481886658737329%7CMCAAMLH-1629883900%7C6%7CMCAAMB-1629883900%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1629286300s%7CNONE%7CvVersion%7C3.1.2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: banking.citi.com
referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
via: 1.1 google
last-modified: Thu, 17 Sep 2020 15:45:25 GMT
etag: "8018288f98dd61:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132593

GET
H2 200 interstate-light.woff
sec-citi.bridgetrack.com/fonts/ 17 KB
17 KB 114ms
40ms Font
application/x-woff 34.107.138.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sec-citi.bridgetrack.com/fonts/interstate-light.woff
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.138.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.138.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023

Request headers

Origin: https://banking.citi.com
Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 10:20:16 GMT
via: 1.1 google
last-modified: Thu, 20 Oct 2016 17:59:03 GMT
age: 83485
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public,s-maxage=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17596

GET
H2 200 interstate-bold.woff
sec-citi.bridgetrack.com/fonts/ 17 KB
17 KB 127ms
56ms Font
application/x-woff 34.107.138.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sec-citi.bridgetrack.com/fonts/interstate-bold.woff
Requested by: Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?cmp=pac_acquire_2107_R2CIBTAcheck_Q321DM&BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=102DAE2D769D4F66823A2A1AA9DC954F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.138.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.138.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7

Request headers

Origin: https://banking.citi.com
Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 08:26:34 GMT
via: 1.1 google
last-modified: Thu, 20 Oct 2016 17:59:03 GMT
age: 90307
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public,s-maxage=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17500

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 86ms
55ms XHR
application/json 52.19.195.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=50164271840342499531384481886658737329&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%01308E69BEB3639DC5-6000010D6A64BF74&ts=1629279101082

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.195.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-195-165.eu-west-1.compute.amazonaws.com

Software

Resource Hash

97488f6a08220c391d723937b98aadfb7b168b7b0c5717aacd68e089bdb3aba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcscanary-prod-irl1-1-v018-0d697b020.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: TfjNmPsoSz0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://banking.citi.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 306
Expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H2 200 json Show response
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 537 B
1 KB 480ms
369ms XHR
application/json 54.170.22.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.22.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-22-84.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 664bcd111ba643c83143ee90e9dca5e83b39897a737fb2a17103d56c6381e1d3

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://banking.citi.com
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: 641b59bdf423408998ed393b010441bf

GET
H2 403 1560.js
cdn.pbbl.co/r/ 0
0 125ms
36ms Script
text/html 13.224.96.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/1560.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4854904
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-96.zrh50.r.cloudfront.net
Software: /
Resource Hash

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

73269f1dd7b6844b901871663f32de05a7c9923c024c41df63918e540c393619

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39098
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b942bf0dfaf660fe5fac9b30d22dccdf55f08e12d147da698c005fe17b6beea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39082
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ec50d087703b4b15a43e3a299d2a4ceb7e046e6ef2aa975145eef9d1928b06a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39105
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1b31a5dd3759b7b693eb1d9f5b4df68bae39386b485ce8e66859d496eb96f4f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39105
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

08d230cd29fd94e2dc2b9156c7e162a8f16ef9f44542bf5ad860300b5dfe359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39080
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-677332377&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f77a3028248d8eab776f92ebc24cbae0dc743fb49d661b013a7a560776e680a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39105
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
32 KB 51ms
13ms Script
application/javascript 2600:9000:2156:1800:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1800:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5a0c6c19746e8568a7254c78be9ddcc38e6fa384cbf6bd6b049ac2e04bf9e369

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 1VUCXxw4fU487vNx2TcVAR2SgNyni4Zb
content-encoding: gzip
last-modified: Tue, 11 May 2021 15:20:36 GMT
server: AmazonS3
age: 18869
etag: W/"f2e7c6b138d70b9070610601ad828378"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Wed, 18 Aug 2021 04:17:13 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 0INOxPGIR1Dho2AC2K87AA0nqos0Rfkku2eE8pq3TpopUea4e0kd0g==

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 4630 0
66 B 209ms
144ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/16815c08f42f8563f2223401e69c35ae.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://banking.citi.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://banking.citi.com/

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 724ms
628ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9b536e246dcaaa0a4d87fc33b99cb6f412a956775a4b3c23ec10d58fcc6b4ced

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ABsttEmeW9OHQzoKYz7hZ8QY.Hl3e8jA
content-encoding: gzip
etag: "349a43cd8c1e6d07d1a67b0649691d83"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 676
x-amz-id-2: cTo/ZMAxwtWkCcEpGoKzVZYYISL8bH5/pSOVWQ8GEvO0EsWE5cVPR8ioaeLGu6CWv12LqVciy+k=
x-served-by: cache-cdg20780-CDG
last-modified: Thu, 12 Aug 2021 12:13:44 GMT
server: AmazonS3
x-timer: S1629279101.472229,VS0,VE590
date: Wed, 18 Aug 2021 09:31:42 GMT
vary: Accept-Encoding
x-amz-request-id: H645MA66Y7RPCY8B
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 s91686845371151
metrics1.citi.com/b/ss/citiuscombprod/1/JS-2.9.0/ 43 B
465 B 37ms
36ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics1.citi.com/b/ss/citiuscombprod/1/JS-2.9.0/s91686845371151?AQB=1&ndh=1&pf=1&t=18%2F7%2F2021%2011%3A31%3A41%203%20-120&sdid=717CCC2EDD3A067F-2E1522857601B294&mid=50164271840342499531384481886658737329&aid=308E69BEB3639DC5-6000010D6A64BF74&aamlh=6&ce=UTF-8&g=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c.&evarPageName_0=us&evarPageName_1=web&evarPageName_2=public&evarPageName_3=microsite&evarPageName_4=checking%20rewards%20offers&site_hierarchy_0=us&site_hierarchy_1=web&site_hierarchy_2=public&site_hierarchy_3=microsite&site_hierarchy_4=checking%20rewards%20offers&form_type=sapient%3A150993%3ACBNA%202019%20R2C%20Q4%20Redesign%20URL&lead_type=bank%7Coffers&prospectID=102DAE2D769D4F66823A2A1AA9DC954F&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&site_name=US&login_status=uknown&domain=banking.citi.com&extrenal_campaign_id=pac_acquire_2107_r2cibtacheck_q321dm&guid=5f850ed5-28c7-477c-948a-f19f9c12ca03&action_type=page%20view&evarpagename=us%7Cweb%7Cpublic%7Cmicrosite%7Cchecking%20rewards%20offers%7Clanding&app_hierarchy=public%7Cmicrosite%7Cchecking%20rewards%20offers%7Clanding&evarPageName_5=landing&test_id=198_35%20a%20Checking%20Rewards%20Offers%20-%20Landing&.c&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c7=5%3A31%20AM%7CWednesday&v7=5%3A31%20AM%7CWednesday&v11=New&c65=2019_checking_rewards_offers&v85=5f850ed5-28c7-477c-948a-f19f9c12ca03&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
x-c: main-1500.I51075a.M0-511
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 19 Aug 2021 09:31:41 GMT
server: jag
xserver: anedge-5446df8c45-gt8nm
etag: 3498850229118042112-4619923048970840272
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 17 Aug 2021 09:31:41 GMT

GET
H2

200

pixel
fcmatch.youtube.com/
Redirect Chain

https://20822230p.rfihub.com/ca.html?rb=648&ca=20822230&ra=307026869&_o=17169175&_t=zx-cookie-match
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1870471597508382751
https://p.rfihub.com/cm?pub=39342&in=0&userid=94e41b29-5c2b-41a2-b53e-24d08b8e50e9%3A1629279101.77&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D94e41b29-5c2b-41a2-b53e-24d08b8e50e9...
https://idsync.rlcdn.com/501709.gif?partner_uid=94e41b29-5c2b-41a2-b53e-24d08b8e50e9%3A1629279101.77
https://idsync.rlcdn.com/1000.gif?memo=CM3PHhI8CjgIARAFGjI5NGU0MWIyOS01YzJiLTQxYTItYjUzZS0yNGQwOGI4ZTUwZTk6MTYyOTI3OTEwMS43NxAAGg0I_qbziAYSBQjoBxAAQgBKAA
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwM05lZ3dWQ0wwRG15Rk5kd0VoX0dCRUw0Q3phdDk4dlF2bXVVcUIzSXEwdw==&google_cm
https://fcmatch.google.com/pixel?google_gm=AMnCDopab5FX52_uXIOAmyZNPTgxIVtM3iNFTsgqV0EJxcqjSwFJ507GIfAa56amnHN3OEa7-Y3A8HNAnTYPSUvYh1sQ4Lvw9RDUhh8yUrOg71vMCfiobaGynyuPLxOlrYuvNyhhFEsy4oXcTzWDkdqUIy...
https://fcmatch.youtube.com/pixel?google_gm=AMnCDopab5FX52_uXIOAmyZNPTgxIVtM3iNFTsgqV0EJxcqjSwFJ507GIfAa56amnHN3OEa7-Y3A8HNAnTYPSUvYh1sQ4Lvw9RDUhh8yUrOg71vMCfiobaGynyuPLxOlrYuvNyhhFEsy4oXcTzWDkdqUI...

170 B
546 B

34ms
14ms

Image
image/png

2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fcmatch.youtube.com/pixel?google_gm=AMnCDopab5FX52_uXIOAmyZNPTgxIVtM3iNFTsgqV0EJxcqjSwFJ507GIfAa56amnHN3OEa7-Y3A8HNAnTYPSUvYh1sQ4Lvw9RDUhh8yUrOg71vMCfiobaGynyuPLxOlrYuvNyhhFEsy4oXcTzWDkdqUIyPIu5QIfQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:42 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:42 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://fcmatch.youtube.com/pixel?google_gm=AMnCDopab5FX52_uXIOAmyZNPTgxIVtM3iNFTsgqV0EJxcqjSwFJ507GIfAa56amnHN3OEa7-Y3A8HNAnTYPSUvYh1sQ4Lvw9RDUhh8yUrOg71vMCfiobaGynyuPLxOlrYuvNyhhFEsy4oXcTzWDkdqUIyPIu5QIfQ
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 403
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 28ms
28ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3413395&did=633148&errorName=ReferenceError
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 28ms
28ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 18 Aug 2021 09:31:40 GMT

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 0
661 B 744ms
151ms XHR
text/plain 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?_cls_s=c8fc6a08-a066-4212-b4b5-3b4d257800a8%3A0&_cls_v=f8a4b90a-dfb2-4c28-b026-daf896ac3e0a&pv=2&f_cls_s=true

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 09:31:42 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains;
vary: origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: https://banking.citi.com
access-control-allow-credentials: true
Connection: close
Content-Length: 0

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 2C67 71 B
338 B 255ms
176ms Document
text/html 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product&phint=event&phint=category%3Dlanding%20page&phint=page%3D2019_checking_rewards_offers&phint=section1%3DSapient&phint=section2%3DACQ&phint=section3%3DBANK&phint=section4%3DAffiliate&phint=bankappstatus&phint=productID&phint=__bk_t%3DEnjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&phint=__bk_v%3D3.1.10&limit=10&r=47110167
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-191.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://banking.citi.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://banking.citi.com/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 5365
Date: Wed, 18 Aug 2021 09:31:41 GMT
Connection: keep-alive
X-N: S

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 54ms
54ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
server: cafe
etag: 6132654052448080839
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b7854c0f23e8048acd5c5271ce28ad7b50776d97e583c656a3cbba00b13195e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39108
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e272806ee13d32626c9fb0a4b0b6ac37726261f250bf2d81b88a0ba538a72af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39141
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7052bbb49bd4290a2a609893246640ed4b1a54cab07ca952c57457d5b5df4213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39080
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 22ms
21ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cde330ce54a987c73ab8cb6fd29545b9bce3ab5efae7f22776815e1016e95a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39108
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 18 Aug 2021 09:31:41 GMT

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 376ms
123ms Preflight 34.206.110.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Server: 34.206.110.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-110-32.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://banking.citi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-length: 0
access-control-allow-origin: https://banking.citi.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 5
server: akka-http/10.1.12

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
336 B 371ms
123ms XHR
text/plain 34.206.110.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.110.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-110-32.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://banking.citi.com
date: Wed, 18 Aug 2021 09:31:42 GMT
access-control-allow-credentials: true
server: akka-http/10.1.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length: 2
content-type: text/plain; charset=UTF-8

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Fof...
https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Fo...

64 B
331 B

40ms
39ms

Image
image/gif

13.224.96.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c8=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&c9=&rn=1629279101504
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-37.zrh50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: Iypk7wwSyYh41GVWVWCmx9PGldCmWrQ0ZCgCBlV-5CKNb3Z8CK012A==

Redirect headers

date: Wed, 18 Aug 2021 09:31:41 GMT
via: 1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c8=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&c9=&rn=1629279101504
content-length: 480
x-amz-cf-id: 91o7L9OMLRNC1zXWIyMM7BS8viyg0b9elUkjyHbZ12gSvLron6rQQA==

GET
H3-29 204 a
www.googletagmanager.com/ 0
17 B 17ms
15ms Image
image/gif 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-830907969&cv=1&v=3&t=t&pid=412322041&rv=8g0&es=1&e=gtm.init_consent&eid=41&tc=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 a
www.googletagmanager.com/ 0
17 B 26ms
24ms Image
image/gif 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-830907969&cv=1&v=3&t=t&pid=412322041&rv=8g0&es=1&e=gtm.init&eid=42&tc=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 a
www.googletagmanager.com/ 0
17 B 35ms
33ms Image
image/gif 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-830907969&cv=1&v=3&t=t&pid=412322041&rv=8g0&es=1&e=gtm.js&eid=3&tc=1&tr=1rep&ti=1rep&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 a
www.googletagmanager.com/ 0
17 B 37ms
36ms Image
image/gif 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-830907969&cv=1&v=3&t=t&pid=412322041&rv=8g0&es=1&e=*&eid=4&tc=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 a
www.googletagmanager.com/ 0
17 B 40ms
39ms Image
image/gif 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-830907969&cv=1&v=3&t=t&pid=412322041&rv=8g0&es=1&e=*&eid=5&tc=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 59ms
58ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
server: cafe
etag: 6132654052448080839
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 18 Aug 2021 09:31:41 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1629279101581&cv=9&fst=1629279101581&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86e5b1fda34f328df77b1f0a9518e2e1eae09a0db4fc8f0c68db738900a6c8c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1201
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1629279101584&cv=9&fst=1629279101584&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d090cf78c9e5c8a85002b530e468a03f43551a1dde9b4a88b9821d9f937a356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1197
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1629279101586&cv=9&fst=1629279101586&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb26dca02def73160ee807fa97d9b6807055ff8c96e314d7127690aceab39d29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1201
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1629279101587&cv=9&fst=1629279101587&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e061dec6b8d68d511c24c66d9c025c5fe76cbd32cb8efebfbb63f5266260b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1197
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 3 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1629279101588&cv=9&fst=1629279101588&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d40bb58a47145fb0ccb1d3f155a2ab04865eaea2be644ff4192e79d5aadef3ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1200
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-user-list/819500023/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1629279101588&cv=9&fst=1629279101588&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
64 B

34ms
27ms

Image
image/gif

2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=708638538&resp=GooglemKTybQhCsO&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=708638538&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1629279101589&cv=9&fst=1629279101589&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17489830f7beed35424dfb0cb879568162578d6939d110dd68ac19842fe0af3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1198
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1629279101590&cv=9&fst=1629279101590&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4496605dfc41143d6a63bed2f3707ed88f051a749b43090ebd67e058a1ffde8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1197
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1629279101590&cv=9&fst=1629279101590&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
64 B

19ms
18ms

Image
image/gif

2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=1429869685&resp=GooglemKTybQhCsO&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=1429869685&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/ 3 KB
1 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/?random=1629279101591&cv=9&fst=1629279101591&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93e614313921fd83bf9ce9c30d94eadd9f6914fb940016704fef697f1369c6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1200
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/ 3 KB
1 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/?random=1629279101592&cv=9&fst=1629279101592&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a481709e4a6e933fe53d1339e1714b6bbd5a64c8314b54ecc3aad97817b476da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1194
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
115 B 20ms
19ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1629279101581&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3929471766&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 18ms
17ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1629279101581&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3929471766&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
115 B 19ms
19ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1629279101587&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=994446297&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1629279101587&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=994446297&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
115 B 22ms
20ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1629279101586&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1338877513&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 20ms
19ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1629279101586&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1338877513&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
64 B 35ms
29ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1788273503&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
64 B 32ms
26ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1629279101588&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1788273503&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
64 B 30ms
24ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1629279101584&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=939815967&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
64 B 33ms
26ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1629279101584&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=939815967&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1629279101625&cv=9&fst=1629279101625&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f2581c6e554dd5ab95f7ca9d1d57590e42f084049d52b150b3606fd211aeb54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1197
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 3 KB
1 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1629279101627&cv=9&fst=1629279101627&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd8088c12521e749d1f6c768839f8877c5f240a72544d404bd323bb3257d1b2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1195
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 3 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1629279101629&cv=9&fst=1629279101629&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e2a2e25458affa0db923587a7110200909fb5d5e0788cd9dfec002c56cd9ca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1194
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 3 KB
1 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1629279101630&cv=9&fst=1629279101630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0397115344601f382cb2ed5cb4ddd6395312ddfbf70a7d624594396da34207

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1198
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/677332377/ 42 B
64 B 22ms
21ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/677332377/?random=1629279101592&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=74887488&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/677332377/ 42 B
64 B 24ms
24ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/677332377/?random=1629279101592&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=74887488&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1587341860&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
64 B 22ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1629279101590&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1587341860&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
64 B 21ms
20ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1629279101589&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=105162713&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
64 B 26ms
26ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1629279101589&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=105162713&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1629279101625&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=884893046&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
64 B 21ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1629279101625&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=884893046&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1629279101629&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1698575433&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
64 B 25ms
24ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1629279101629&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1698575433&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
64 B 24ms
23ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1629279101630&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1113445668&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1629279101630&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1113445668&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/677332377/ 42 B
64 B 19ms
18ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/677332377/?random=1629279101591&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3561486671&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/677332377/ 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/677332377/?random=1629279101591&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3561486671&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
64 B 18ms
18ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1629279101627&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1760796527&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
64 B 23ms
23ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1629279101627&cv=9&fst=1629277200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1760796527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s99007275588190
metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/ 43 B
264 B 37ms
37ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s99007275588190?AQB=1&ndh=1&pf=1&t=18%2F7%2F2021%2011%3A31%3A41%203%20-120&fid=4650A2EE3D43895B-38A07EAD6CEDC49C&ce=UTF-8&pageName=2019_checking_rewards_offers&g=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c.&visitStart=1&.c&cc=USD&ch=BANKPublic&v0=pac_acquire_2107_R2CIBTAcheck_Q321DM&c1=Sapient&h1=BANKPublic%2FSapient%2FACQ%2FBANK%2FAffiliate&c2=ACQ&c3=BANK&c4=Affiliate&c8=landing%20page&c9=US&c11=english&v22=102DAE2D769D4F66823A2A1AA9DC954F&c25=%5BCS%5Dv1%7C308E69BEB3639DC5-6000010D6A64BF74%5BCE%5D&c26=no%20value&v38=2019_checking_rewards_offers&v52=no%20value&c59=Sapient_cbol_checking_rewards_offers&c61=11&c63=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3Fcmp%3Dpac_acquire_2107_R2CIBTAcheck_Q321DM%26BTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D102DAE2D769D4F66823A2A1AA9DC954F&c64=5%3A31AM&v64=5%3A31AM&c65=Wednesday&v65=Wednesday&c66=Wednesday%7C5%3A31AM&v67=New&v68=1&c73=354602%2C578278%2C358910%2C552021%2C624610%2C373773%2C490004%2C622672%2C677895%2C492048%2C492049%2C652314%2C593700%2C495376%2C495377%2C663315%2C584566%2C495374%2C495375%2C573017%2C522574%2C588511%2C542251%2C670807%2C632449%2C663310%2C522572%2C490141%2C580663%2C626438%2C663313%2C515853%2C522576%2C562734%2C551962%2C582775%2C494437%2C507276%2C531459%2C593103%2C600937%2C684300%2C639140%2C555592%2C551970%2C571630%2C385436%2C572752%2C565689%2C606935%2C609396%2C662152%2C637871%2C512346%2C521100%2C669327%2C669381%2C578262%2C669322%2C666421%2C578343%2C685268%2C633148%2C609397%2C388219%2C569456%2C359218%2C528144%2C488122%2C572750%2C359214%2C486892%2C510670%2C369351&v73=medium%7C1600&v78=Yes&v79=5f850ed5-28c7-477c-948a-f19f9c12ca03&v87=banking.citi.com&v96=cl%7Cbos%3Ana%7Cdsa%3Ana%7Cax%3Ano%20call%7Cdsr%3Ana%7Crf%3A-%7Ccms%3A-&v114=198_35%20a%20Checking%20Rewards%20Offers%20-%20Landing&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:41 GMT
x-content-type-options: nosniff
x-c: main-1500.I51075a.M0-511
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 19 Aug 2021 09:31:41 GMT
server: jag
xserver: anedge-5446df8c45-pcfdp
etag: 3498850228852883456-4619772134020422623
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 17 Aug 2021 09:31:41 GMT

GET
H2 200 generic1628770423482.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 457 KB
84 KB 627ms
627ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1628770423482.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4ceb321e1b8a87ec700d6db09a73bc9fe7135f1fcaf33c0effd8f3feff4c181d

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: szeIKUd60SS2vwYsPJetVj4SmhvEIU.2
content-encoding: gzip
etag: "97134aa1095c407af2e18f3e6aa9d8d3"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 85858
x-amz-id-2: 7njI/TwDADgxANod9QfnXWKqc2596rGnGgraw34kPUN3+gO8S4Psitwe/ojxTQFSgGxy7Y0pF18=
x-served-by: cache-cdg20780-CDG
last-modified: Thu, 12 Aug 2021 12:13:44 GMT
server: AmazonS3
x-timer: S1629279102.100294,VS0,VE590
date: Wed, 18 Aug 2021 09:31:42 GMT
vary: Accept-Encoding
x-amz-request-id: AAR5WDWQF0PTYPM7
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2

451

468226.gif
idsync.rlcdn.com/
Redirect Chain

https://p.tvpixel.com/r/tp2?aid=cs_liveramp&u=https%3A%2F%2Fidsync.rlcdn.com%2F468226.gif%3Fpartner_uid%3D[NUID]
https://idsync.rlcdn.com/468226.gif?partner_uid=e1614295-44b3-4a9e-bfc9-f2ff1c398390

0
42 B

48ms
47ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/468226.gif?partner_uid=e1614295-44b3-4a9e-bfc9-f2ff1c398390
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 18 Aug 2021 09:31:42 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

date: Wed, 18 Aug 2021 09:31:42 GMT
server: akka-http/10.1.12
location: https://idsync.rlcdn.com/468226.gif?partner_uid=e1614295-44b3-4a9e-bfc9-f2ff1c398390
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 106ms
32ms Script
application/javascript 151.101.13.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1628770423482.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 0
via: 1.1 varnish
x-cache: HIT
x-amz-request-id: R8BG5GP8N89W8Z3A
x-amz-id-2: WdEqhurUlx7NVVkzTPqyPs0do77B0u8ZWrqkIKT3FZgni63QtwYfQ4nyif+yeepM5xdRyIs3Cpc=
x-served-by: cache-fra19127-FRA
accept-ranges: bytes
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1629279103.848795,VS0,VE0
date: Wed, 18 Aug 2021 09:31:42 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 172189

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 195ms
129ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg5LjAuNDM4OS43MiBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTYyOTI3OTEwMjg3MCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDIsInVzZXJfaWQiOiAiMTdiNTg5YTI3OTQ1MzYtMGEyMzY2MDI0ZGZjOTktNTc3MWUzMy0xZDRjMDAtMTdiNTg5YTI3OTU3YjUiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly9iYW5raW5nLmNpdGkuY29tL2Nib2wvY2hlY2tpbmcvcmV3YXJkcy9vZmZlcnMvZGVmYXVsdC5odG0/Y21wPXBhY19hY3F1aXJlXzIxMDdfUjJDSUJUQWNoZWNrX1EzMjFETSZCVERhdGE9UFdXLkIuZ0FCNGYuQi5CdmguU0RFYi5kaVUuazNSLndaQS5Cai5TTC4wVC5FJlByb3NwZWN0SUQ9MTAyREFFMkQ3NjlENEY2NjgyM0EyQTFBQTlEQzk1NEYiLCJ3ZWJzaXRlSWQiOiA1MCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiOTI3OC05Y2Y0LTVmMTUtNGY4YS1jN2U0LWRlYjgtMDBjMy1iMDlhIiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE2MjkyNzkxMDI3NjQiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMjAxNCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDAuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTYyOTI3OTEwMjc2OCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-q644
date: Wed, 18 Aug 2021 09:31:42 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 34 KB
5 KB 850ms
320ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?clsjsv=6.3.126B13&_cls_s=c8fc6a08-a066-4212-b4b5-3b4d257800a8:0&_cls_v=f8a4b90a-dfb2-4c28-b026-daf896ac3e0a&pid=9c90a4cc-0ec3-4924-bdc1-e6af1b217a92&sn=1&cfg&pv=2&aid=

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

08cb6a5fa84d04e523fee2ebeca945873d237e339a68d9f32edf5d4066c7b70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Wed, 18 Aug 2021 09:31:52 GMT
content-encoding: gzip
vary: origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
access-control-allow-origin: https://banking.citi.com
access-control-allow-credentials: true
Connection: close
content-length: 4322

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 34 KB
5 KB 627ms
171ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

a09f0b9d4c6ac25c9ba5dc9376ea928abec9f4e4a743d95180dc8752ebaa7577

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Wed, 18 Aug 2021 09:31:52 GMT
content-encoding: gzip
vary: origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
access-control-allow-origin: https://banking.citi.com
access-control-allow-credentials: true
Connection: close
content-length: 4326

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 34 KB
5 KB 601ms
151ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

e51ff99a2aa387835c825e8bd7cfd6a066028c783ed8021e410623ebf98a85ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://banking.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Wed, 18 Aug 2021 09:31:52 GMT
content-encoding: gzip
vary: origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
access-control-allow-origin: https://banking.citi.com
access-control-allow-credentials: true
Connection: close
content-length: 4320

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: citi.demdex.net
URL: https://citi.demdex.net/dest5.html?d_nsid=0

Verdicts & Comments Add Verdict or Comment

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDc1sDC2MDI3NRTiM9T1dk3Lt8zK9vELTc4FALZqyQElAAAA
.citi.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.citi.com/	1970-01-19 20:34:40	Name: gpv_pn Value: public%7Cmicrosite%7Cchecking%20rewards%20offers%7Clanding
.citi.com/	1970-01-20 14:05:51	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C18858%7CMCMID%7C50164271840342499531384481886658737329%7CMCAAMLH-1629883901%7C6%7CMCAAMB-1629883901%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1629286300s%7CNONE%7CMCAID%7C308E69BEB3639DC5-6000010D6A64BF74%7CMCSYNCSOP%7C411-18865%7CvVersion%7C3.1.2
banking.citi.com/	1970-01-20 05:12:43	Name: CitiBT Value: GUID=1A9756ADAF6847E0853CCC5F8FBDB25B
.citi.com/	1970-01-20 14:05:51	Name: s_ecid Value: MCMID%7C50164271840342499531384481886658737329
banking.citi.com/	1970-01-19 20:34:40	Name: 7830 Value: error
.citi.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.citi.com/	1970-01-19 22:44:15	Name: _gcl_au Value: 1.1.424995944.1629279101
.citi.com/	1970-01-20 14:05:51	Name: s_vi Value: [CS]v1\|308E69BEB3639DC5-6000010D6A64BF74[CE]
.citi.com/	1970-01-19 21:17:51	Name: s_nr Value: 1629279101350-New
.citi.com/	1969-12-31 23:59:59	Name: check Value: true
.citi.com/	1970-01-21 16:22:39	Name: _cls_v Value: f8a4b90a-dfb2-4c28-b026-daf896ac3e0a
.citi.com/	1969-12-31 23:59:59	Name: _cls_s Value: c8fc6a08-a066-4212-b4b5-3b4d257800a8:0
banking.citi.com/	1970-01-19 22:44:15	Name: 64072 Value:
banking.citi.com/	1970-01-19 20:34:40	Name: 7018 Value:
.rfihub.com/	1970-01-20 05:56:15	Name: rud Value: H4sIAAAAAAAAAOMSNrQwNzAxNzS1NDc1sDC2MDI3NRTiM9T1dk3Lt8zK9vELTc6V4jU0M7I0Mrc0NABCSwBEhC9QNAAAAA
.citi.com/	1970-01-19 20:34:40	Name: mbox Value: session#899d139ab4fc4268830e41b058eb29a0#1629280961
banking.citi.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=353F9166C899480AA291934CA03D499C

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js(Line 152) Message: Loading at.js
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/code/9088b0ceb01ee51a9f99e8c023ebe24c.js?conditionId0=4823827(Line 321) Message: [object HTMLDivElement]
console-api	log	(Line 13) Message: test 12
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/code/55cb18d20c4d5aec37c02a5d7eb33eaf.js?conditionId0=486757(Line 215) Message: hptt set eVar96 triggered
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/code/55cb18d20c4d5aec37c02a5d7eb33eaf.js?conditionId0=486757(Line 218) Message: hptt set eVar96 ended
console-api	log	(Line 3) Message: Activity Link new BAU Link --> undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
20822230p.rfihub.com
banking.citi.com
c.tvpixel.com
c1.rfihub.net
cdn.pbbl.co
citi.bridgetrack.com
citi.demdex.net
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
fcmatch.google.com
fcmatch.youtube.com
googleads.g.doubleclick.net
idsync.rlcdn.com
live.rezync.com
metrics1.citi.com
nebula-cdn.kampyle.com
nexus.ensighten.com
offer.citibank.com
p.rfihub.com
p.tvpixel.com
prod.report.nacustomerexperience.citi.com
resources.digital-cloud-citi.medallia.com
sb.scorecardresearch.com
script.crazyegg.com
sec-citi.bridgetrack.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
udc-neb.kampyle.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
citi.demdex.net
104.111.215.191
104.111.228.137
13.224.96.37
13.224.96.96
13.36.218.177
142.250.184.194
142.250.186.34
143.204.98.95
151.101.13.175
151.101.194.133
18.195.42.228
192.193.200.243
193.0.160.128
2600:9000:2156:1800:1d:bf0a:0:93a1
2600:9000:2156:ca00:1:76cf:fe80:93a1
2606:4700::6813:9308
2a00:1450:4001:800::2002
2a00:1450:4001:802::2004
2a00:1450:4001:803::2008
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:812::200e
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
34.107.138.236
34.206.110.32
35.190.22.40
35.190.60.146
35.241.45.82
35.244.174.68
52.19.195.165
54.170.22.84
99.80.210.73
0113986e6a60f776fb9ad741020e432926c08963dc5f5a6e03b8699af5ce19c1
0611da532bb7c03fb897e96e41b5098cc47a58333fb226aafd104d7c5ac2650d
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
08cb6a5fa84d04e523fee2ebeca945873d237e339a68d9f32edf5d4066c7b70a
08d230cd29fd94e2dc2b9156c7e162a8f16ef9f44542bf5ad860300b5dfe359d
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d090cf78c9e5c8a85002b530e468a03f43551a1dde9b4a88b9821d9f937a356
0e2a2e25458affa0db923587a7110200909fb5d5e0788cd9dfec002c56cd9ca8
13c69109021f37cebdf0ba2a447f6c77bf48f790ad2cfec9ef4b0d614d1ebe52
17489830f7beed35424dfb0cb879568162578d6939d110dd68ac19842fe0af3b
1b31a5dd3759b7b693eb1d9f5b4df68bae39386b485ce8e66859d496eb96f4f1
1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e
1e6509f4849d0a7b9c36f288c4cd55e4854ecb591ba64c11b130668de59961b7
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27e4931721e513282b6aa75885d3b8c8e1eace6e0cdd7acd2585001af6968ab9
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
2e061dec6b8d68d511c24c66d9c025c5fe76cbd32cb8efebfbb63f5266260b57
2f77a3028248d8eab776f92ebc24cbae0dc743fb49d661b013a7a560776e680a
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
32ae9a7c3158f9a9266e0169a065f5a5093f3ea5b6f386c3dfdaa6287f8c1732
381755f71c74f975a9ac540fe1ede4a3fc9b1fab96d800b86d635d526d27b8a4
38a5fb932ee9e5d28ed19cc58c785fd248b51940a2560e952c34699bc3592d1e
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4434e91c484aad8d345e4eb4ba80d70ed517f2ace227658bc324a3e4c4a80103
4496605dfc41143d6a63bed2f3707ed88f051a749b43090ebd67e058a1ffde8f
461e52f6f307fee0e97d50ed6556141cb13c08cd5c371f0b8bb2a4d392a06b8c
49929d3d5e0928379e079ddba8727487fd424e36aa1c510dc9192802e469ea92
4c1b2166c2bbdea1aacd57b3f8bc0b4818bcb423f67b95d3d9c4f55c5e2c8f6c
4ceb321e1b8a87ec700d6db09a73bc9fe7135f1fcaf33c0effd8f3feff4c181d
4f2581c6e554dd5ab95f7ca9d1d57590e42f084049d52b150b3606fd211aeb54
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5a0c6c19746e8568a7254c78be9ddcc38e6fa384cbf6bd6b049ac2e04bf9e369
6048bb47811019e987c490118875ed9fe947cce0b07f3a8cbae488c9030ca129
60abe67c77d5a580d5b2bf690be5ccf519653ac62de0bc3650366ee838fcfd23
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
664bcd111ba643c83143ee90e9dca5e83b39897a737fb2a17103d56c6381e1d3
70067e1110d5c2932925b5d07eac5d6a8c530a18e4d2f3d4d452709a30b1aa20
7052bbb49bd4290a2a609893246640ed4b1a54cab07ca952c57457d5b5df4213
714cafff07c401d54cda0b09af30d81dd5e3e2bc5891556168366fcc771a5bc4
73269f1dd7b6844b901871663f32de05a7c9923c024c41df63918e540c393619
73982002711bc0cec99ff7c1202a6f6145441f2e9c6a4d93584501ad4d813c83
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
7f23b26c43cbea5370f20f2842ca05662e6e09053154c87abc175b9e41af7898
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
83a879b39bfb0f1d7d69a7a644f858c7408a76b8934a6d8267804eca843cb2e1
86e5b1fda34f328df77b1f0a9518e2e1eae09a0db4fc8f0c68db738900a6c8c4
885c5f2432eaa2f0bd593be2af4904f0691df24b1b00360a8b361a4f4f406fad
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
93e614313921fd83bf9ce9c30d94eadd9f6914fb940016704fef697f1369c6ef
97488f6a08220c391d723937b98aadfb7b168b7b0c5717aacd68e089bdb3aba4
9b536e246dcaaa0a4d87fc33b99cb6f412a956775a4b3c23ec10d58fcc6b4ced
a09f0b9d4c6ac25c9ba5dc9376ea928abec9f4e4a743d95180dc8752ebaa7577
a197904b98e3d435ee777559c9bc82e0b51f36ed31da69138f13000ab0790a07
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a481709e4a6e933fe53d1339e1714b6bbd5a64c8314b54ecc3aad97817b476da
ae5e16b1c196e358177a525ff16b7e8896928fa63753bc5567c28bae0e975a70
aec24d3681dc71d8dc225956adcfcd6f5263ba340e01f8eda6d745ea78570cea
b7854c0f23e8048acd5c5271ce28ad7b50776d97e583c656a3cbba00b13195e7
b942bf0dfaf660fe5fac9b30d22dccdf55f08e12d147da698c005fe17b6beea7
bb26dca02def73160ee807fa97d9b6807055ff8c96e314d7127690aceab39d29
bd810e3e44e2831625684ea9b5dd40dab43b6d06308a563b8c1809c119fadce1
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c516572f43105c4a7b3a91ecb44a680de8d843110808bf14b638cb42ec4f5477
cb0397115344601f382cb2ed5cb4ddd6395312ddfbf70a7d624594396da34207
cde330ce54a987c73ab8cb6fd29545b9bce3ab5efae7f22776815e1016e95a8a
cfa4a97630e612b8516a6b784800d0409c8be694506951dd6127c8b5933475c2
d40bb58a47145fb0ccb1d3f155a2ab04865eaea2be644ff4192e79d5aadef3ae
dd8088c12521e749d1f6c768839f8877c5f240a72544d404bd323bb3257d1b2c
e272806ee13d32626c9fb0a4b0b6ac37726261f250bf2d81b88a0ba538a72af8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51ff99a2aa387835c825e8bd7cfd6a066028c783ed8021e410623ebf98a85ab
ec50d087703b4b15a43e3a299d2a4ceb7e046e6ef2aa975145eef9d1928b06a6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49
f8157850ec3a35a1b423891878b5ea8c9ca403dbd0539d28d4e0021ed915e89b
f931d8b83ca5f0de77824d86e0e9665be3c285d242682e6d13c08cb672982de8

banking.citi.com Open in urlscan Pro 35.190.22.40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

126 Requests

99 %HTTPS

35 %IPv6

25 Domains

36 Subdomains

31 IPs

4 Countries

1492 kBTransfer

4146 kBSize

19 Cookies

0 Outgoing links

Page URL History

Redirected requests

126 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

banking.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Screenshot
Live screenshot

Full Image

126
Requests

99 %
HTTPS

35 %
IPv6

25
Domains

36
Subdomains

31
IPs

4
Countries

1492 kB
Transfer

4146 kB
Size

19
Cookies

126 HTTP transactions
0 data transactions