urlscan.io logo urlscan.io
SecurityTrails logo

citigrand-q2.com Open in urlscan Pro
172.96.191.182  Public Scan

Go To Rescan Add Verdict Report
URL: https://citigrand-q2.com/
Submission: On August 01 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 5 countries across 10 domains to perform 40 HTTP transactions. The main IP is 172.96.191.182, located in Fergus, Canada and belongs to LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG. The main domain is citigrand-q2.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 1st 2020. Valid for: 3 months.
This is the only time citigrand-q2.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 172.96.191.182 59253 (LEASEWEB-...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
4 172.217.16.130 15169 (GOOGLE)
8 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 210.211.116.252 38731 (VTDC-AS-V...)
7 125.212.217.61 7552 (VIETEL-AS...)
40 12
10    172.96.191.182 (Fergus, Canada)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: 172.96.191.182-static.reverse.arandomserver.com
citigrand-q2.com
3    2606:4700:3032::ac43:dea3 (United States)

ASN13335 (CLOUDFLARENET, US)
uhchat.net
1    2a00:1450:4001:816::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net
www.googleadservices.com
8    2606:4700:3033::681c:178a (United States)

ASN13335 (CLOUDFLARENET, US)
c.trazk.com
1    2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    210.211.116.252 (Ho Chi Minh City, Viet Nam)

ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN)
localapi.trazk.com
7    125.212.217.61 (Viet Nam)

ASN7552 (VIETEL-AS-AP Viettel Group, VN)
themes.trazk.com
Domain Requested by
10 citigrand-q2.com citigrand-q2.com
8 c.trazk.com www.googletagmanager.com
c.trazk.com
ajax.googleapis.com
7 themes.trazk.com c.trazk.com
themes.trazk.com
ajax.googleapis.com
4 www.googleadservices.com www.googletagmanager.com
www.googleadservices.com
c.trazk.com
3 uhchat.net citigrand-q2.com
uhchat.net
2 localapi.trazk.com ajax.googleapis.com
2 www.google.de citigrand-q2.com
2 www.google.com 2 redirects
2 googleads.g.doubleclick.net 2 redirects
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 ajax.googleapis.com c.trazk.com
1 stats.g.doubleclick.net citigrand-q2.com
1 www.googletagmanager.com citigrand-q2.com
40 13

This site contains links to these domains. Also see Links.

Domain
www.cosaco.com.vn
zalo.me
Subject Issuer Validity Valid
citigrand-q2.bds24hsaigon.com
Let's Encrypt Authority X3		 2020-06-01 -
2020-08-30		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-31 -
2021-07-31		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
localapi.trazk.com
GoGetSSL RSA DV CA		 2019-10-04 -
2021-10-03		 2 years crt.sh
themes.trazk.com
GoGetSSL RSA DV CA		 2020-06-14 -
2020-09-12		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://citigrand-q2.com/
Frame ID: 64975FA0584A12C74289AA4E5904F846
Requests: 54 HTTP requests in this frame

Frame: https://uhchat.net/chat/?f=ed34e8&title=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&parent=https%3A%2F%2Fcitigrand-q2.com%2F&ref=
Frame ID: 5183B1C25E4CBD5E21B2116748208357
Requests: 1 HTTP requests in this frame

Frame: https://c.trazk.com/v1.syncok.php?regid=&gclid=
Frame ID: AC46E4BE416D028373C7370DBD2FBBA8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

40
Requests

100 %
HTTPS

69 %
IPv6

10
Domains

13
Subdomains

12
IPs

5
Countries

1276 kB
Transfer

2111 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1171704884&t=pageview&_s=1&dl=https%3A%2F%2Fcitigrand-q2.com%2F&ul=en-us&de=UTF-8&dt=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=366396654&gjid=617958889&cid=1992835516.1596310382&tid=UA-144522217-6&_gid=692623484.1596310382&_r=1&gtm=2wg7m1538PQ6M&z=232422854 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-144522217-6&cid=1992835516.1596310382&jid=366396654&_gid=692623484.1596310382&gjid=617958889&_v=j83&z=232422854
Request Chain 30
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7m1&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=bsMlX7H7D8K8lQeBqqXgAw&sscte=1&crd=&eitems=ChAI8KWU-QUQm5qCju2MxPQSEh0AnVdh0OC4N5uRMGAzJbsGp71mYCzzk8enZgqDXA HTTP 302
  • https://www.google.com/pagead/1p-conversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7m1&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=bsMlX7H7D8K8lQeBqqXgAw&eitems=ChAI8KWU-QUQm5qCju2MxPQSEh0AnVdh0GKrcHv5pupp1gQo9TO-n6Wsn6vww0am4g&random=3868226780&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7m1&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=bsMlX7H7D8K8lQeBqqXgAw&eitems=ChAI8KWU-QUQm5qCju2MxPQSEh0AnVdh0GKrcHv5pupp1gQo9TO-n6Wsn6vww0am4g&random=3868226780&resp=GooglemKTybQhCsO&ipr=y
Request Chain 47
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=ccMlX9CDD9eK7_UP74yZ4A0&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ccMlX9CDD9eK7_UP74yZ4A0&cid=CAQSKQCNIrLMoIzT2J_ii2hn_hvYF4FyHA5d_z8ni5zrth4UWqqAX75AReO2&random=2211591421&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ccMlX9CDD9eK7_UP74yZ4A0&cid=CAQSKQCNIrLMoIzT2J_ii2hn_hvYF4FyHA5d_z8ni5zrth4UWqqAX75AReO2&random=2211591421&resp=GooglemKTybQhCsO&ipr=y

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
citigrand-q2.com/ 		86 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed / PHP/7.2.32
Resource Hash
57138094ed256a65425445d056f17a7eae8903dd88974db089af311b0637207b

Request headers

:method
GET
:authority
citigrand-q2.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
x-powered-by
PHP/7.2.32
content-type
text/html; charset=UTF-8
link
<https://citigrand-q2.com/wp-json/>; rel="https://api.w.org/"
content-encoding
br
vary
Accept-Encoding
date
Sat, 01 Aug 2020 19:33:01 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
header-0ed093a25f487c1520cc7e5094a58b9da743e9d7.min.css
citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/ 		188 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/header-0ed093a25f487c1520cc7e5094a58b9da743e9d7.min.css
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
16eb8e8ca68fc9640c7825e2912bc9663880965ea75ece3dd028692bfa7afdd3

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:01 GMT
content-encoding
br
last-modified
Mon, 20 Jul 2020 02:45:34 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
34132
expires
Sat, 08 Aug 2020 19:33:01 GMT
header-f0058641a050d28b94dd899c6780665c0c05dbf9.min.js
citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/ 		105 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/header-f0058641a050d28b94dd899c6780665c0c05dbf9.min.js
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
5aef3a302e5f4a9ac3b4854fe9b37b4114a04589029e3f69a65ea5d260c77a0b

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:01 GMT
content-encoding
br
last-modified
Mon, 20 Jul 2020 02:45:34 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
36301
expires
Sat, 08 Aug 2020 19:33:01 GMT
logo-citigrand.png
citigrand-q2.com/wp-content/uploads/2020/05/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citigrand-q2.com/wp-content/uploads/2020/05/logo-citigrand.png
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
e3481e467134fa6f1f60da87314336e899dcb9481f7879fd447251aadb582935

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Tue, 09 Jun 2020 02:45:02 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
13808
expires
Sat, 08 Aug 2020 19:33:02 GMT
delete-sign.png
citigrand-q2.com/wp-content/plugins/wp-contact-slider/img/ 		838 B
902 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citigrand-q2.com/wp-content/plugins/wp-contact-slider/img/delete-sign.png
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
f17164d39bdf624fd93d1a3ce6f7a50e4848f1ba85abb5abc0e94f5caf79026e

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Wed, 20 May 2020 16:44:56 GMT
server
LiteSpeed
content-type
image/png
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
838
expires
Sat, 08 Aug 2020 19:33:02 GMT
code.php
uhchat.net/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uhchat.net/code.php?f=ed34e8
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dea3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b2dcf638a6080162938835d615ac49eaec12851ea616344713573068bd2982b

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html
status
200
cf-ray
5bc1fd0fb94c637d-FRA
cf-request-id
044d1c7dd40000637db53dd200000001
footer-cd002d47eb3fdc5165ffc5a81385c60d17033285.min.js
citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/ 		232 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/footer-cd002d47eb3fdc5165ffc5a81385c60d17033285.min.js
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
6e118352a7aa5decff98701d6440f4c8c50c57868b55319eb41c8781c4df696a

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
content-encoding
br
last-modified
Mon, 20 Jul 2020 02:45:34 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
66498
expires
Sat, 08 Aug 2020 19:33:02 GMT
gtm.js
www.googletagmanager.com/ 		68 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-538PQ6M
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
844ce3066943e4c7c1f279312b5ee643f5bd2b1f3584bb6bee9cd1265fd177a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27082
x-xss-protection
0
last-modified
Sat, 01 Aug 2020 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 01 Aug 2020 19:33:02 GMT
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89967ffc1b63ebdb8b541d361205ed603b7949d7e3445be94bba2ea77fed6a26

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff65c6a3b716ae696170f17006e5b017751677908e6b56b53a27379f7dc578df

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24d5dd213e8233a226357e6a375f5dbe161d246be65fe75d8536bca5ef18bfe5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33d24481ad9790edaff8e5d9587fb445846ef4d82130d59773e9ed602f5bd3ff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		70 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ac0d4221b3719cc1be1df58e2c57a8821abf37b247c60095374b9c113ae5c515

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c32decf0c5d56b9747d14290edb9d779c234798820ff043272f0834b58c76ca

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cad472735192b57dbd97425e4c1fe844b2b260623b3aa23f990f1699fec2faa4

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d413e7626f3cf55ef507c5b32b514aaafc318a84a2456d2dfdac844b03ab08b5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3489caa49670a556ef320d02cbdb449c15d4f1d93c6697914b8edb810e386d21

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		70 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfbb565655b81d226e060a8c4e88854a406c6d8f739d5c283a3b64c090f9ba73

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		70 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a192f04b288f5177a4fa5d9b378e63ae7ed9b873663609a2fd58e209630f627

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f5af67f3d67b997024fd8983f96ebe2e725dc7a6e93901b2df14459470d21d5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc0b877f420cc481e8499d66d02a97d9e1eef11309db0f03666416132aed22e8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90a25f1c70da859bd8b02ef32bd249523e768b797854a8584ad2d6bdc3da370a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3d7684a8e1cf5d57b58ed3b0cf4c51ef136d851c6955226b0acf2c1ba4bafdb3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef92f6e1fa52b85237de280341403829010d588869f931af932a9fe42d551c4b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
slide3-1024x427.jpg
citigrand-q2.com/wp-content/uploads/2020/05/ 		112 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citigrand-q2.com/wp-content/uploads/2020/05/slide3-1024x427.jpg
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
1db22928209a8298a50f98ae7a3ffb05c9ddbdea1a134ac3bcda958a991e860e

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Tue, 09 Jun 2020 02:39:21 GMT
server
LiteSpeed
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
114842
expires
Sat, 08 Aug 2020 19:33:02 GMT
fl-icons.woff2
citigrand-q2.com/wp-content/themes/flatsome/assets/css/icons/ 		6 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://citigrand-q2.com/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
558968cce04d4dffad0792278f0c14ab5e5b9f828ac3beeb9b900c448243f2da

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/header-0ed093a25f487c1520cc7e5094a58b9da743e9d7.min.css
Origin
https://citigrand-q2.com

Response headers

status
200
date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Fri, 07 Feb 2020 02:12:30 GMT
server
LiteSpeed
accept-ranges
bytes
content-length
6128
content-type
font/woff2
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-538PQ6M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
3561
date
Sat, 01 Aug 2020 18:33:41 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Sat, 01 Aug 2020 20:33:41 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-538PQ6M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
6718a07fa13fa05273a15a3442277d187b1b712d9eccef98fba120ef9442e975
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11328
x-xss-protection
0
server
cafe
etag
4229961699705442162
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 01 Aug 2020 19:33:02 GMT
c.js
c.trazk.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-538PQ6M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c457fdd887fca922cc4047dea0f6ac5b2c11fc6c696d7b672702639cb55ff867
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
content-encoding
br
status
200
cf-cache-status
MISS
server
cloudflare
x-frame-options
ALLOWALL
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
5bc1fd10da5e6437-FRA
cf-request-id
044d1c7e870000643713950200000001
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1171704884&t=pageview&_s=1&dl=https%3A%2F%2Fcitigrand-q2.com%2F&ul=en-us&de=UTF-8&dt=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20T...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-144522217-6&cid=1992835516.1596310382&jid=366396654&_gid=692623484.1596310382&gjid=617958889&_v=j83&z=232422854
35 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-144522217-6&cid=1992835516.1596310382&jid=366396654&_gid=692623484.1596310382&gjid=617958889&_v=j83&z=232422854
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 01 Aug 2020 19:33:02 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-144522217-6&cid=1992835516.1596310382&jid=366396654&_gid=692623484.1596310382&gjid=617958889&_v=j83&z=232422854
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/624979110/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/624979110/?random=1596310382235&cv=9&fst=1596310382235&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7m1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcitigrand-q2.com%2F&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
7c6bf5f6c91701e080cb2411011d720c6a4f73bc909bb20d0efff5fd8438a889
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1246
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/624979110/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah...
  • https://www.google.com/pagead/1p-conversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=...
  • https://www.google.de/pagead/1p-conversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=2...
42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7m1&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=bsMlX7H7D8K8lQeBqqXgAw&eitems=ChAI8KWU-QUQm5qCju2MxPQSEh0AnVdh0GKrcHv5pupp1gQo9TO-n6Wsn6vww0am4g&random=3868226780&resp=GooglemKTybQhCsO&ipr=y
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:02 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/624979110/?random=496539799&cv=9&fst=*&num=1&value=0&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7m1&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=bsMlX7H7D8K8lQeBqqXgAw&eitems=ChAI8KWU-QUQm5qCju2MxPQSEh0AnVdh0GKrcHv5pupp1gQo9TO-n6Wsn6vww0am4g&random=3868226780&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
uhchat.net/chat/ Frame 5183 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://uhchat.net/chat/?f=ed34e8&title=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&parent=https%3A%2F%2Fcitigrand-q2.com%2F&ref=
Requested by
Host: uhchat.net
URL: https://uhchat.net/code.php?f=ed34e8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dea3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
uhchat.net
:scheme
https
:path
/chat/?f=ed34e8&title=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&parent=https%3A%2F%2Fcitigrand-q2.com%2F&ref=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://citigrand-q2.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cf_bm=edeac56e81b0da4abe16ab5d74eb93e356dfb03f-1596310382-1800-AbPIXDKfV9fhz9V/yDKx8drwCRC/3Qjdt/xVBPTLy9naLwy0zO8dTiKCoN/PKYbd0UkTnEe60gTADFq10N7mLbk=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://citigrand-q2.com/

Response headers

status
200
date
Sat, 01 Aug 2020 19:33:03 GMT
content-type
text/html
set-cookie
__cfduid=d547f79338b9773eb06eb46d862c60fe01596310382; expires=Mon, 31-Aug-20 19:33:02 GMT; path=/; domain=.uhchat.net; HttpOnly; SameSite=Lax thoigianvaoed34e8=1596310382; expires=Sun, 02-Aug-2020 19:33:02 GMT chattudonged34e8=1596310382; expires=Sat, 01-Aug-2020 20:33:02 GMT
expires
Sat, 01 Jan 2005 00:00:00 GMT
last-modified
Sat, 01 Aug 2020 19:33:02GMT
cache-control
no-cache, must-revalidate
pragma
no-cache
cf-cache-status
DYNAMIC
cf-request-id
044d1c800a0000637db53f0200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5bc1fd134abf637d-FRA
content-encoding
br
chat-11.png
uhchat.net/themes/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uhchat.net/themes/chat-11.png
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/header-f0058641a050d28b94dd899c6780665c0c05dbf9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dea3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2454d27adafe5b2e2d50f17466ea8ca384780db7b847eabf71c74bcceedb19a

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
cf-cache-status
HIT
age
32274768
status
200
content-length
7784
cf-request-id
044d1c7faa0000637db53ec200000001
last-modified
Mon, 18 Jul 2016 03:54:30 GMT
server
cloudflare
etag
"578c52f6-1e68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
5bc1fd12aa8b637d-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
ajax-loader.gif
citigrand-q2.com/wp-content/plugins/contact-form-7/images/ 		847 B
912 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citigrand-q2.com/wp-content/plugins/contact-form-7/images/ajax-loader.gif
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/footer-cd002d47eb3fdc5165ffc5a81385c60d17033285.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
65b72e15d975f67fbd1cb126d57772c06c21fa016e5651b6ce213b26ce0e6877

Request headers

Referer
https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/header-0ed093a25f487c1520cc7e5094a58b9da743e9d7.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Wed, 20 May 2020 05:46:56 GMT
server
LiteSpeed
content-type
image/gif
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
847
expires
Sat, 08 Aug 2020 19:33:02 GMT
6532865c6dff95a1ccee.jpg
citigrand-q2.com/wp-content/uploads/2020/05/ 		801 KB
802 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citigrand-q2.com/wp-content/uploads/2020/05/6532865c6dff95a1ccee.jpg
Requested by
Host: citigrand-q2.com
URL: https://citigrand-q2.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.96.191.182 Fergus, Canada, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
172.96.191.182-static.reverse.arandomserver.com
Software
LiteSpeed /
Resource Hash
157bcd0a28191c0042b9412849f5bd6d777888efce78adbaa3195672fdedf14c

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:02 GMT
last-modified
Tue, 09 Jun 2020 02:38:41 GMT
server
LiteSpeed
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
820299
expires
Sat, 08 Aug 2020 19:33:02 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 28 Jul 2020 16:08:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
357846
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 Jul 2021 16:08:56 GMT
convert.php
localapi.trazk.com/widgets/api/ 		31 B
399 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://localapi.trazk.com/widgets/api/convert.php?task=all&domain=citigrand-q2.com
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.211.116.252 Ho Chi Minh City, Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),
Reverse DNS
Software
nginx /
Resource Hash
e67fb2ad31203de5a297033097a1442773c823ff6dc71f7fb26353e46270538d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
v1.syncok.php
c.trazk.com/ Frame AC46 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/v1.syncok.php?regid=&gclid=
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

:method
GET
:authority
c.trazk.com
:scheme
https
:path
/v1.syncok.php?regid=&gclid=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://citigrand-q2.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://citigrand-q2.com/

Response headers

status
200
date
Sat, 01 Aug 2020 19:33:03 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=db72b59e3d21e0e44876a3865273964331596310382; expires=Mon, 31-Aug-20 19:33:02 GMT; path=/; domain=.trazk.com; HttpOnly; SameSite=Lax
vary
Accept-Encoding
access-control-allow-credentials
true
access-control-allow-origin
https://c.trazk.com *
x-frame-options
ALLOWALL
cf-cache-status
DYNAMIC
cf-request-id
044d1c805c0000643713972200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5bc1fd13cbc06437-FRA
content-encoding
br
v2.ick.php
c.trazk.com/ 		1 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/v2.ick.php?k=b3duZXJJZD02MzI0MyZ1dWlkPTE0ODY2MTQ4MTMxNTk2MzEwMzgzJnRpdGxlPUNJVEklMjBHUkFORCUyMC0lMjBDaGklQ0MlODklMjBUJUM2JUIwJUNDJTgwJTIwMiUyQzElMjBUeSVDQyU4OSUyMC0lMjBDJUM0JTgzbiUyMEglQzMlQjQlQ0MlQTMlMjBUYSVDQyVBM2klMjAlQzQlOTAlQzMlQjQlMjBUaGklQ0MlQTMlMjBLaSVDMyVBQSVDQyU4MW4lMjBBJUNDJTgxJTIwLSUyMENoaSVDQyU4OSUyMHQlQzYlQjAlQ0MlODAlMjAyJTJDMSUyMHR5JUNDJTg5LiZocmVmPWh0dHBzJTNBJTJGJTJGY2l0aWdyYW5kLXEyLmNvbSUyRiZ0b3BkPWNpdGlncmFuZC1xMi5jb20mbWV0YWRhdGE9JnV0bV9zb3VyY2U9JnV0bV9tZWRpdW09JnV0bV9jYW1wYWlnbj0mZ2NsaWQ9
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Accept
*/*
Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:03 GMT
content-encoding
br
status
200
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
ALLOWALL
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cf-ray
5bc1fd170a27dfef-FRA
cf-request-id
044d1c82690000dfef5f956200000001
widgetLoader.min.js
c.trazk.com/widgets/clients/ 		43 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/widgets/clients/widgetLoader.min.js?uuid=&hostname=citigrand-q2.com
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba1384100563186a5d399248333ddd3ac59a0b39d313b5b7da4f4cf2e5c67915
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:03 GMT
content-encoding
br
cf-cache-status
MISS
status
200
cf-request-id
044d1c82510000643713997200000001
pragma
public
last-modified
Fri, 22 May 2020 06:41:26 GMT
server
cloudflare
x-frame-options
ALLOWALL
etag
W/"5ec77416-ab87"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
5bc1fd16ed456437-FRA
expires
Mon, 31 Aug 2020 19:33:03 GMT
__citigrand-q2.com__.js
c.trazk.com/widgets/clients/cache/analytics/ 		0
73 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/widgets/clients/cache/analytics/__citigrand-q2.com__.js
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:03 GMT
cf-cache-status
HIT
server
cloudflare
age
4
x-frame-options
ALLOWALL
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
301
cache-control
max-age=86400
cf-ray
5bc1fd19cebf6437-FRA
access-control-allow-origin
*
cf-request-id
044d1c841c00006437139af200000001
__citigrand-q2.com__.js
c.trazk.com/widgets/clients/cache/conversion/ 		0
83 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/widgets/clients/cache/conversion/__citigrand-q2.com__.js
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:03 GMT
cf-cache-status
HIT
server
cloudflare
age
4
x-frame-options
ALLOWALL
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
status
301
cache-control
max-age=86400
cf-ray
5bc1fd19cec16437-FRA
access-control-allow-origin
*
cf-request-id
044d1c841d00006437139b0200000001
index.php
localapi.trazk.com/widgets/api/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://localapi.trazk.com/widgets/api/index.php?task=loadOnlineWidgetByDomain&domain=citigrand-q2.com
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.211.116.252 Ho Chi Minh City, Viet Nam, ASN38731 (VTDC-AS-VN Vietel - CHT Compamy Ltd, VN),
Reverse DNS
Software
nginx /
Resource Hash
f6b6960abf91f418f0e9fd7c4f96834f5cc7727a663ac4b1ca8de435b848dff9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
c-c.js
c.trazk.com/ 		299 B
396 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/c-c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f2820d01cf08a8da6f7b0e9319a61096564180ef9ccf167cba63ac5dace4096
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:05 GMT
content-encoding
br
status
200
cf-cache-status
MISS
server
cloudflare
x-frame-options
ALLOWALL
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*, *
cache-control
max-age=86400
access-control-allow-credentials
true
cf-ray
5bc1fd202a0e6437-FRA
access-control-allow-headers
*
cf-request-id
044d1c881700006437139f8200000001
script.js
themes.trazk.com/004/maxLead-v2c/js/ 		49 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://themes.trazk.com/004/maxLead-v2c/js/script.js
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
2cb51f98a0d6862d1a155a8f4f97987bab160fe5976c2724a3e7e175f4abecd4

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:06 GMT
Content-Encoding
gzip
Last-Modified
Thu, 11 Jun 2020 02:39:59 GMT
Server
nginx
ETag
W/"5ee1997f-c335"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
conversion.js
www.googleadservices.com/pagead/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: c.trazk.com
URL: https://c.trazk.com/c-c.js?_key=v6NE91YzFUdSs0b000ZkVjOG9iTkUrYlhFeWVVME9OaVZBZ3k4VWdkcmhnaz0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
3a618f41e9a6030a5c5138fb72757df5692a74923f8ae9adfcb946ded8d06808
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11240
x-xss-protection
0
server
cafe
etag
13501676234757291592
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 01 Aug 2020 19:33:05 GMT
/
www.googleadservices.com/pagead/conversion/624979110/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/624979110/?random=1596310385219&cv=9&fst=1596310385219&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcitigrand-q2.com%2F&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f130.1e100.net
Software
cafe /
Resource Hash
a18669728f96b7be559ace1b510d6daa1c38f5b6ad8ca72e9992e152ff7a0cd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1159
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/624979110/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...
  • https://www.google.com/pagead/1p-conversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_hi...
  • https://www.google.de/pagead/1p-conversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his...
42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ccMlX9CDD9eK7_UP74yZ4A0&cid=CAQSKQCNIrLMoIzT2J_ii2hn_hvYF4FyHA5d_z8ni5zrth4UWqqAX75AReO2&random=2211591421&resp=GooglemKTybQhCsO&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 01 Aug 2020 19:33:05 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/624979110/?random=1618354967&cv=9&fst=*&num=1&label=g6TDCIGpwtMBEKbZgaoC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://citigrand-q2.com/&tiba=CITI%20GRAND%20-%20Chi%CC%89%20T%C6%B0%CC%80%202%2C1%20Ty%CC%89%20-%20C%C4%83n%20H%C3%B4%CC%A3%20Ta%CC%A3i%20%C4%90%C3%B4%20Thi%CC%A3%20Ki%C3%AA%CC%81n%20A%CC%81%20-%20Chi%CC%89%20t%C6%B0%CC%80%202%2C1%20ty%CC%89.&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=ccMlX9CDD9eK7_UP74yZ4A0&cid=CAQSKQCNIrLMoIzT2J_ii2hn_hvYF4FyHA5d_z8ni5zrth4UWqqAX75AReO2&random=2211591421&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
animate.css
themes.trazk.com/005/clickToCall/css/ 		57 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://themes.trazk.com/005/clickToCall/css/animate.css
Requested by
Host: themes.trazk.com
URL: https://themes.trazk.com/004/maxLead-v2c/js/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Jan 2020 06:52:42 GMT
Server
nginx
ETag
W/"5e2159ba-e311"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ctc_styles.css
themes.trazk.com/005/clickToCall/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://themes.trazk.com/005/clickToCall/css/ctc_styles.css
Requested by
Host: themes.trazk.com
URL: https://themes.trazk.com/004/maxLead-v2c/js/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
5cbb8292e4f2286cf49f23bc44e96ad1a780f85c6efca9c55b4dfb0fdb81399d

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:07 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Jan 2020 06:52:42 GMT
Server
nginx
ETag
W/"5e2159ba-e3c"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.super-sidebar.js
themes.trazk.com/005/clickToCall/js/ 		65 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://themes.trazk.com/005/clickToCall/js/jquery.super-sidebar.js
Requested by
Host: themes.trazk.com
URL: https://themes.trazk.com/004/maxLead-v2c/js/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
43744adae985cf04512091d0bfe6a0bb8c8241fa6c0286d6f2c46c1403fb7f12

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:07 GMT
Content-Encoding
gzip
Last-Modified
Mon, 03 Feb 2020 08:28:54 GMT
Server
nginx
ETag
W/"5e37d9c6-10235"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
velocity.min.js
themes.trazk.com/005/clickToCall/js/ 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://themes.trazk.com/005/clickToCall/js/velocity.min.js
Requested by
Host: themes.trazk.com
URL: https://themes.trazk.com/004/maxLead-v2c/js/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
fc878d154f60d539e3f6938aab78c6808536fe488a4beb7543ba70ca6ee6a680

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Jan 2020 09:14:33 GMT
Server
nginx
ETag
W/"5e1ed7f9-aef7"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
phone-alt-solid.svg
themes.trazk.com/master/images/svg/ 		502 B
718 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://themes.trazk.com/master/images/svg/phone-alt-solid.svg
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
3e1e4e919d7e9f9d0b1e03369c43b93822b5f9f8f633e46227b7c601b2849f0a

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Jun 2020 03:38:47 GMT
Server
nginx
ETag
W/"5ed71b47-1f6"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
zalo-logo.png
themes.trazk.com/master/images/svg/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://themes.trazk.com/master/images/svg/zalo-logo.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
125.212.217.61 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
nginx /
Resource Hash
9f0522b9b45af994560bc71931e86da19c11f251f0567b02776b73041ccb6b49

Request headers

Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 01 Aug 2020 19:33:07 GMT
Last-Modified
Wed, 03 Jun 2020 03:38:47 GMT
Server
nginx
ETag
"5ed71b47-4cdc"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
19676
Expires
Thu, 31 Dec 2037 23:55:55 GMT
v1.updateViewWidget.php
c.trazk.com/ 		529 B
568 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.trazk.com/v1.updateViewWidget.php?k=b3duZXJJZD02MzI0MyZ1dWlkPSZocmVmPWh0dHBzJTNBJTJGJTJGY2l0aWdyYW5kLXEyLmNvbSUyRiZ3aWRnZXRUeXBlPXdpZGdldE1heExlYWQmd2lkZ2V0SWQ9NWVkNGRhMGQwODlmZA==
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681c:178a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a67597e1596d239ee1dabf782a7d9bf2c42e42ba2af1d85e15ffe9e315a13b39
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Accept
*/*
Referer
https://citigrand-q2.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 01 Aug 2020 19:33:08 GMT
content-encoding
br
status
200
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
ALLOWALL
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cf-ray
5bc1fd341c9bdfef-FRA
cf-request-id
044d1c948b0000dfef5facb200000001

Verdicts & Comments Add Verdict or Comment

130 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fvmuag undefined| $ function| jQuery object| dataLayer function| wpcs_open_slider_192 function| wpcs_close_slider_192 object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| getuhchatCookie function| setuhchatCookie number| vitridau function| uhchatClick boolean| uhchatduplicate object| wpcf7 object| flatsomeVars function| StickySidebar function| Waypoint object| __core-js_shared__ object| Flatsome string| waypointContextKey object| jQuery112409851055309477634 function| objectFitImages function| cookie object| wp function| jQueryBridget function| getSize function| EvEmitter function| matchesSelector object| fizzyUIUtils function| Outlayer function| Packery function| getTrazkCookie object| _trazurl string| href string| host string| title string| _utm_source string| _utm_medium string| _utm_campaign string| _gclid string| eee function| $j string| keyv6 string| _key string| _ownerId string| page_root string| widgetURL function| loadScriptAsync function| setTrazkCookie function| onMessage function| syncCookie function| logVisitorHistory function| logWidgetsHistory function| updateInfors function| loadIframe function| autoDetectInfo function| adwordsConversion function| loadWidgets function| sendGoogleEvent function| loadFFFTrack function| loadJqueryRemote function| convertOldData function| startTrazk string| nnn string| ttt string| ppp function| sendLocalLog string| modalJsCSS function| initChatApp function| getCookie function| refeshData function| mobilecheck object| google_conversion_id object| google_conversion_label object| google_remarketing_only object| fac object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| google_custom_params object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_transport_url function| initMaxLead function| clearItemMaxLead function| updatePopupMaxLeadData function| updateItemButtonMaxLead function| updateItemMaxLead boolean| mobi string| styles

9 Cookies

Domain/Path Name / Value
c.trazk.com/ Name: uuid
Value: 14866148131596310383
uhchat.net/chat Name: chattudonged34e8
Value: 1596310382
uhchat.net/chat Name: thoigianvaoed34e8
Value: 1596310382
.uhchat.net/ Name: __cf_bm
Value: edeac56e81b0da4abe16ab5d74eb93e356dfb03f-1596310382-1800-AbPIXDKfV9fhz9V/yDKx8drwCRC/3Qjdt/xVBPTLy9naLwy0zO8dTiKCoN/PKYbd0UkTnEe60gTADFq10N7mLbk=
citigrand-q2.com/ Name: uuid
Value: 14866148131596310383
citigrand-q2.com/ Name: uhchatrelock
Value: 0
.citigrand-q2.com/ Name: _gat_UA-144522217-6
Value: 1
.citigrand-q2.com/ Name: _gid
Value: GA1.2.692623484.1596310382
.citigrand-q2.com/ Name: _ga
Value: GA1.2.1992835516.1596310382

3 Console Messages

Source Level URL
Text
console-api log URL: https://citigrand-q2.com/wp-content/uploads/cache/fvm/1595213040/out/header-f0058641a050d28b94dd899c6780665c0c05dbf9.min.js(Line 15)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://c.trazk.com/widgets/clients/widgetLoader.min.js?uuid=&hostname=citigrand-q2.com(Line 1)
Message:
check 1
console-api log URL: https://themes.trazk.com/004/maxLead-v2c/js/script.js(Line 339)
Message:
check mobile bottom

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
c.trazk.com
citigrand-q2.com
googleads.g.doubleclick.net
localapi.trazk.com
stats.g.doubleclick.net
themes.trazk.com
uhchat.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
125.212.217.61
172.217.16.130
172.96.191.182
210.211.116.252
2606:4700:3032::ac43:dea3
2606:4700:3033::681c:178a
2a00:1450:4001:802::2002
2a00:1450:4001:808::200e
2a00:1450:4001:816::2008
2a00:1450:4001:81d::2004
2a00:1450:4001:81f::200a
2a00:1450:4001:821::2003
2a00:1450:400c:c06::9a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
157bcd0a28191c0042b9412849f5bd6d777888efce78adbaa3195672fdedf14c
16eb8e8ca68fc9640c7825e2912bc9663880965ea75ece3dd028692bfa7afdd3
1db22928209a8298a50f98ae7a3ffb05c9ddbdea1a134ac3bcda958a991e860e
24d5dd213e8233a226357e6a375f5dbe161d246be65fe75d8536bca5ef18bfe5
2cb51f98a0d6862d1a155a8f4f97987bab160fe5976c2724a3e7e175f4abecd4
33d24481ad9790edaff8e5d9587fb445846ef4d82130d59773e9ed602f5bd3ff
3489caa49670a556ef320d02cbdb449c15d4f1d93c6697914b8edb810e386d21
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3a618f41e9a6030a5c5138fb72757df5692a74923f8ae9adfcb946ded8d06808
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
3d7684a8e1cf5d57b58ed3b0cf4c51ef136d851c6955226b0acf2c1ba4bafdb3
3e1e4e919d7e9f9d0b1e03369c43b93822b5f9f8f633e46227b7c601b2849f0a
43744adae985cf04512091d0bfe6a0bb8c8241fa6c0286d6f2c46c1403fb7f12
4c32decf0c5d56b9747d14290edb9d779c234798820ff043272f0834b58c76ca
558968cce04d4dffad0792278f0c14ab5e5b9f828ac3beeb9b900c448243f2da
57138094ed256a65425445d056f17a7eae8903dd88974db089af311b0637207b
5aef3a302e5f4a9ac3b4854fe9b37b4114a04589029e3f69a65ea5d260c77a0b
5cbb8292e4f2286cf49f23bc44e96ad1a780f85c6efca9c55b4dfb0fdb81399d
65b72e15d975f67fbd1cb126d57772c06c21fa016e5651b6ce213b26ce0e6877
6718a07fa13fa05273a15a3442277d187b1b712d9eccef98fba120ef9442e975
6e118352a7aa5decff98701d6440f4c8c50c57868b55319eb41c8781c4df696a
6f2820d01cf08a8da6f7b0e9319a61096564180ef9ccf167cba63ac5dace4096
6f5af67f3d67b997024fd8983f96ebe2e725dc7a6e93901b2df14459470d21d5
7c6bf5f6c91701e080cb2411011d720c6a4f73bc909bb20d0efff5fd8438a889
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844ce3066943e4c7c1f279312b5ee643f5bd2b1f3584bb6bee9cd1265fd177a8
89967ffc1b63ebdb8b541d361205ed603b7949d7e3445be94bba2ea77fed6a26
8b2dcf638a6080162938835d615ac49eaec12851ea616344713573068bd2982b
90a25f1c70da859bd8b02ef32bd249523e768b797854a8584ad2d6bdc3da370a
9a192f04b288f5177a4fa5d9b378e63ae7ed9b873663609a2fd58e209630f627
9f0522b9b45af994560bc71931e86da19c11f251f0567b02776b73041ccb6b49
a18669728f96b7be559ace1b510d6daa1c38f5b6ad8ca72e9992e152ff7a0cd8
a67597e1596d239ee1dabf782a7d9bf2c42e42ba2af1d85e15ffe9e315a13b39
ac0d4221b3719cc1be1df58e2c57a8821abf37b247c60095374b9c113ae5c515
ba1384100563186a5d399248333ddd3ac59a0b39d313b5b7da4f4cf2e5c67915
c2454d27adafe5b2e2d50f17466ea8ca384780db7b847eabf71c74bcceedb19a
c457fdd887fca922cc4047dea0f6ac5b2c11fc6c696d7b672702639cb55ff867
cad472735192b57dbd97425e4c1fe844b2b260623b3aa23f990f1699fec2faa4
cc0b877f420cc481e8499d66d02a97d9e1eef11309db0f03666416132aed22e8
d413e7626f3cf55ef507c5b32b514aaafc318a84a2456d2dfdac844b03ab08b5
dfbb565655b81d226e060a8c4e88854a406c6d8f739d5c283a3b64c090f9ba73
e3481e467134fa6f1f60da87314336e899dcb9481f7879fd447251aadb582935
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e67fb2ad31203de5a297033097a1442773c823ff6dc71f7fb26353e46270538d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef92f6e1fa52b85237de280341403829010d588869f931af932a9fe42d551c4b
f17164d39bdf624fd93d1a3ce6f7a50e4848f1ba85abb5abc0e94f5caf79026e
f6b6960abf91f418f0e9fd7c4f96834f5cc7727a663ac4b1ca8de435b848dff9
fc878d154f60d539e3f6938aab78c6808536fe488a4beb7543ba70ca6ee6a680
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
ff65c6a3b716ae696170f17006e5b017751677908e6b56b53a27379f7dc578df