citibanksavers.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On October 17 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by E1 on October 17th 2023. Valid for: 3 months.
This is the only time citibanksavers.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
66 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:ec80:300... 2a02:ec80:300:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
4 | 23.36.162.77 23.36.162.77 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::2002 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.130 142.250.185.130 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a02:26f0:710... 2a02:26f0:7100:9bd::10fe | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.215.21.85 23.215.21.85 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 35.165.115.120 35.165.115.120 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:205... 2600:9000:2057:1000:19:597a:e108:c5a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.244.189.41 54.244.189.41 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:206... 2600:9000:206f:7a00:2:8f43:5780:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
87 | 13 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-77.deploy.static.akamaitechnologies.com
www.citibank.co.uk |
ASN15169 (GOOGLE, US)
www.googletagservices.com |
ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com |
ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
googleads4.g.doubleclick.net |
ASN20940 (AKAMAI-ASN1, NL)
cdnapisec.kaltura.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-215-21-85.deploy.static.akamaitechnologies.com
cdnsecakmi.kaltura.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-165-115-120.us-west-2.compute.amazonaws.com
stats.kaltura.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-244-189-41.us-west-2.compute.amazonaws.com
analytics.kaltura.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
66 |
citibanksavers.com
citibanksavers.com |
2 MB |
10 |
kaltura.com
cdnapisec.kaltura.com — Cisco Umbrella Rank: 6679 cdnsecakmi.kaltura.com — Cisco Umbrella Rank: 27533 stats.kaltura.com — Cisco Umbrella Rank: 27361 cfvod.kaltura.com — Cisco Umbrella Rank: 8479 analytics.kaltura.com — Cisco Umbrella Rank: 8662 |
1 MB |
4 |
citibank.co.uk
www.citibank.co.uk |
122 KB |
2 |
ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3727 |
3 KB |
2 |
doubleclick.net
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 443 |
|
1 |
googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 |
5 KB |
1 |
googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 223 |
59 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3099 |
15 KB |
87 | 8 |
Domain | Requested by | |
---|---|---|
66 | citibanksavers.com |
citibanksavers.com
|
4 | cdnapisec.kaltura.com |
citibanksavers.com
|
4 | www.citibank.co.uk |
citibanksavers.com
|
2 | nexus.ensighten.com |
citibanksavers.com
|
2 | cfvod.kaltura.com |
citibanksavers.com
|
2 | stats.kaltura.com |
citibanksavers.com
|
2 | googleads4.g.doubleclick.net |
citibanksavers.com
|
1 | analytics.kaltura.com |
citibanksavers.com
|
1 | cdnsecakmi.kaltura.com |
citibanksavers.com
|
1 | pagead2.googlesyndication.com |
citibanksavers.com
|
1 | www.googletagservices.com |
citibanksavers.com
|
1 | upload.wikimedia.org |
citibanksavers.com
|
87 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.citibank.co.uk |
www.mobile.citi.eu |
online.citi.eu |
citibank.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
citibanksavers.com E1 |
2023-10-17 - 2024-01-15 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-10-27 - 2023-11-17 |
a year | crt.sh |
www.citibank.co.uk DigiCert SHA2 Extended Validation Server CA |
2023-02-17 - 2024-03-19 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-09-18 - 2023-12-11 |
3 months | crt.sh |
*.kaltura.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-31 - 2024-04-01 |
a year | crt.sh |
nexus.ensighten.com Amazon RSA 2048 M02 |
2023-09-29 - 2024-10-27 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://citibanksavers.com/
Frame ID: 327AB2412B198E1BAC9C6E4A928EE946
Requests: 91 HTTP requests in this frame
Frame:
https://cdnsecakmi.kaltura.com/p/2645261/sp/264526100/raw/entry_id/1_wkuhthde/version/100001
Frame ID: 2D7706E0138CC7B0CFE3F785C6D7314D
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
Citibank - Wealth Management | Citi UKDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Socket.io (JavaScript Frameworks) Expand
Detected patterns
- socket\.io.*\.js
Ensighten (Tag Managers) Expand
Detected patterns
- //nexus\.ensighten\.com/
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google AdSense (Advertising Networks) Expand
Detected patterns
- googlesyndication\.com/
OWL Carousel (Widgets) Expand
Detected patterns
- owl\.carousel.*\.js
Slick (JavaScript Libraries) Expand
Detected patterns
- (?:/([\d.]+))?/slick(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
32 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Citi Mobile
Search URL Search Domain Scan URL
Title: Citibank Online
Search URL Search Domain Scan URL
Title: Useful documents
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Citigold Wealth Management
Search URL Search Domain Scan URL
Title: Wealth Management Benefits
Search URL Search Domain Scan URL
Title: Dedicated Relationship Manager
Search URL Search Domain Scan URL
Title: International Expertise
Search URL Search Domain Scan URL
Title: Products and Services
Search URL Search Domain Scan URL
Title: Privileges
Search URL Search Domain Scan URL
Title: Wealth Management Approach
Search URL Search Domain Scan URL
Title: Investment Products
Search URL Search Domain Scan URL
Title: Investment Funds
Search URL Search Domain Scan URL
Title: Forex Solutions
Search URL Search Domain Scan URL
Title: Investment ISA
Search URL Search Domain Scan URL
Title: Equities
Search URL Search Domain Scan URL
Title: Bonds
Search URL Search Domain Scan URL
Title: Current Accounts in GBP,USD,EUR
Search URL Search Domain Scan URL
Title: Saving Accounts
Search URL Search Domain Scan URL
Title: Time Deposits
Search URL Search Domain Scan URL
Title: Foreign Currency Deposits
Search URL Search Domain Scan URL
Title: Overdrafts
Search URL Search Domain Scan URL
Title: UK Modern Slavery Act 2021
Search URL Search Domain Scan URL
Title: UK Modern Slavery Act 2016-2020
Search URL Search Domain Scan URL
Title: PPI Complaint
Search URL Search Domain Scan URL
Title: Citi UK location
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms and Conditions
Search URL Search Domain Scan URL
Title: Online Privacy Notice and Cookies Policy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
87 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
citibanksavers.com/ |
578 KB 377 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f.txt
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
11 KB 5 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bc88e81c26d3b937fa929bceb824a689.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
8 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bcf7f6014a21e733eed8425037789352.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
67 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2fb94afa507243775f43fec88c77234b.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
23 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2fb94afa507243775f43fec88c77234b_002.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
23 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
a601344f05594ec6b9b9fb7bd19846c6.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
63a8ebb90da3215bb69735eb1ae81b7b.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
21 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpage.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
1 MB 337 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serverComponent.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
1 KB 778 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jq.min.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
51 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
owl.carousel.min.css
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
owl.theme.default.min.css
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
1013 B 873 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cookies.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
xss.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
468 B 693 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
xfs.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
620 B 668 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
677bb042
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
26 KB 26 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cookies.css
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rx_lidar.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
182 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_002.txt
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
41 KB 17 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
citi-logo.png
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mob-banner.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
36 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
600px-Citibank.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/1/1d/Citibank.svg/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
slick.min.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
42 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
video2.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
26 KB 27 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
play-icon.png
www.citibank.co.uk/citigold-benefits/images/ |
1001 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
video3.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
video.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
11 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cancel.svg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2645261.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
76 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
32 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
advisory.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
34 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
expertise.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
privileges.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
footer-citi-logo-small-min.png
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
619 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fscs_footer.jpg
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
3 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.5.1.min.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
39 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
owl.carousel.min.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
43 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
apply-validation.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
92 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
kaltura.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
scripts.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jq-migrate.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
25 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Bootstrap.js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
129 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_004.txt
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
45 KB 18 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_003.txt
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
49 KB 20 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
citibanksavers.com/Citigold%20-%20Premier%20Banking%20and%20Wealth%20Management%20Citi%20UK_files/ |
178 KB 179 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rx_lidar.js
www.googletagservices.com/activeview/js/current/ |
187 KB 59 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230920/r20110914/elements/html/ |
11 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view
googleads4.g.doubleclick.net/pcs/ |
0 0 |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desk-banner.jpg
www.citibank.co.uk/citigold-benefits/images/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
interstate-light.woff
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Interstate-Bold.woff
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 20 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
70 KB 70 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
602 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mwEmbedFrame.php
cdnapisec.kaltura.com/html5/html5lib/v2.101/ |
205 KB 60 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
product.jpg
citibanksavers.com/images/ |
32 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
advisory.jpg
citibanksavers.com/images/ |
34 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
expertise.jpg
citibanksavers.com/images/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
privileges.jpg
citibanksavers.com/images/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
interstate-regular.woff
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 20 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
65 KB 65 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
100001
cdnsecakmi.kaltura.com/p/2645261/sp/264526100/raw/entry_id/1_wkuhthde/version/ Frame 2D77 |
701 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
load.php
cdnapisec.kaltura.com/html5/html5lib/v2.101/ Frame 2D77 |
4 MB 1018 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 2D77 |
159 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.php
cdnapisec.kaltura.com/api_v3/ |
289 B 662 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
stats.kaltura.com/api_v3/ |
48 B 640 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
100
cfvod.kaltura.com/p/2645261/sp/264526100/thumbnail/entry_id/1_btpub5qr/version/100001/width/100/height/ Frame 2D77 |
3 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
analytics.kaltura.com/api_v3/ |
48 B 640 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.php
cdnapisec.kaltura.com/api_v3/ |
292 B 664 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
stats.kaltura.com/api_v3/ |
48 B 640 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
interstate-light.ttf
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Interstate-Bold.ttf
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
157 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serverComponent.php
nexus.ensighten.com/citi/gb_prod/ |
528 B 859 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookies.css
www.citibank.co.uk/static/projects/cookies/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
glyphicons-halflings-regular.woff2
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mob-banner.jpg
www.citibank.co.uk/citigold-benefits/images/ |
36 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
63a8ebb90da3215bb69735eb1ae81b7b.js
nexus.ensighten.com/citi/gb_prod/code/ |
21 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
pixel_677bb042
citibanksavers.com/akam/13/ |
315 B 647 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
interstate-regular.ttf
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
glyphicons-halflings-regular.woff
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
100
cfvod.kaltura.com/p/2645261/sp/264526100/thumbnail/entry_id/1_btpub5qr/version/100001/width/100/height/undefined/vid_slices/ Frame 2D77 |
94 KB 95 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.ttf
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
glyphicons-halflings-regular.ttf
citibanksavers.com/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view
googleads4.g.doubleclick.net/pcs/ |
0 0 |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)131 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| omrhp function| $ function| jQuery object| cookiesGDPR function| checkJq string| url number| value1 number| value2 string| splChars string| bazadebezolkohpepadr object| ttMETA function| ttMBX function| clsn object| dicnf object| google_js_reporting_queue number| google_srt function| btrp function| pdib3 function| vv function| sasrc object| google_tag_data function| stcc function| jspbGetTypeName number| __google_lidar_ function| osdlfm number| __google_lidar_adblocks_count_ function| __google_lidar_radf_ string| logIfInIframe string| MWEMBED_VERSION string| SCRIPT_LOADER_URL object| KWidget object| kWidget function| kIsIOS function| kSupportsHTML5 function| kGetFlashVersion function| kSupportsFlash function| kalturaIframeEmbed function| kOutputFlashObject function| kIsHTML5FallForward function| kIframeWithoutApi function| kDirectDownloadFallback function| kGetKalturaEmbedSettings function| kGetKalturaPlayerList function| kCheckAddScript function| kAddScript function| kPageHasAudioOrVideoTags function| kLoadJsRequestSet function| kOverideJsFlashEmbed function| kDoIframeRewriteList function| kEmbedSettingsToUrl function| kGetAdditionalTargetCss function| kAppendCssUrl function| kAppendScriptUrl function| kFlashVars2Object function| kFlashVarsToUrl function| kFlashVarsToString function| kServiceConfigToUrl function| kRunMwDomReady function| restoreKalturaKDPCallback object| DomReady object| mw object| preMwEmbedReady object| preMwEmbedConfig function| md5 function| jsCallbackReady object| mwi_kalturaplayer2645261000 function| kWidget_mediaReady_cb0 object| jQuery111106246511497426619 function| base object| rg function| submit_form function| MarketingMenu object| UK_menu function| mapCountryToCode function| generateID object| FormTools object| ensBootstraps object| Bootstrapper function| GooglemKTybQhCsO function| google_trackConversion object| google_conversion_id object| google_conversion_format object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_enable_display_cookie_match object| google_gtag_event_data object| google_remarketing_only object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| google_custom_params object| google_conversion_date object| google_conversion_time object| google_conversion_js_version object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments string| urhehlevkedkilrobacf object| google_tag_manager object| dataLayer object| citiData object| str2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
citibanksavers.com/ | Name: cookie_consent_version Value: 2 |
|
citibanksavers.com/ | Name: 7830 Value: error |
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.kaltura.com
cdnapisec.kaltura.com
cdnsecakmi.kaltura.com
cfvod.kaltura.com
citibanksavers.com
googleads4.g.doubleclick.net
nexus.ensighten.com
pagead2.googlesyndication.com
stats.kaltura.com
upload.wikimedia.org
www.citibank.co.uk
www.googletagservices.com
142.250.185.130
23.215.21.85
23.36.162.77
2600:9000:2057:1000:19:597a:e108:c5a1
2600:9000:206f:7a00:2:8f43:5780:93a1
2a00:1450:4001:806::2002
2a00:1450:4001:82f::2002
2a02:26f0:7100:9bd::10fe
2a02:ec80:300:ed1a::2:b
2a06:98c1:3120::3
35.165.115.120
54.244.189.41
00867bc112c22657951341ce400137562a5779aaede702a6d18ac0b44247d1c4
086bacba6d35de93e6d8404d5fc24374eb9308064ec85d4cf55fbaa957adffac
0999a70c64d69f8287984d4e035625702c20c8e9e520c2fccefda6fb264a7c5c
0e3d2c3b22bcd4bd563ec909b1aced0db891f734f56696d9b8f35fe5348e3042
0e4fd2660e4f207f1f70ed2f301dee8612132aa41e92b7febf972e2094ff7997
0f8e991af1b476fa196faff229c5120fa3b198e371cd7321f1d5e2325872ba77
192ff6131555b488aab72eba179bb37476a5c19eb8837ddded272189495524e0
194de00c4916b5d0308104541a3f6eab62eb828a3ebfff4e25eec5c03e685e41
1a9c7dcf9e9a52bb03faacc4ee19a229248999dec005e0693e948420b67d8407
2112fec6e32b02977f9b1eb2c62fda722f9f00a1339d47c705fac84c5825d45c
226303f0c8bfe136ae37ef02eed089f5ac6d1d3705f1a1795db51f2aaa2ff5cc
2355e3f2041aaf888579c087c6b87d2ab8ba1aebf1aceced789c1d9f62c955e2
2736a8ea56e1728aa1992d13df2b2ae9337c1eb935514ea97b5a253bf3386e66
29b1df40f1731a0fc3bda01eae0e03740644192ecfaec0ea73f6bdc0ca38b99b
2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc
2b8dcd580431e83a1410be6d8ec49e93174361927b51d1109d7853177d373cb3
2c3ad9b2d74e0ba848e539860dc2889d365ea08e11f428eecc97b9b3c6599d2b
2cac08cba0dc1c64ebb4a20096ee5e88f2fca7fcd02671328bfa346883b710e0
2dc43904ec5d58464061316bd4da892e2516012b9261bf57f938f68a32c7357c
3c6531d7f993bfbf278704907ba66d0f6f2bd42ed9f4ae54252914a5703f205f
3c948d6fa71e85546d0aa91f59d070275b0043023bcdbe91af0a3f2c95df78c5
41968221976fac7ff58f878d5caca3f826b570dbda81ceaebcb89479954e8810
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
502cd9eefa7d1e51873f506475465140da9a16d5ac63aa1ad1e01a3eb8fec502
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
547015b82c1e6cdb4fb4a2f65e91b88388a932f8d1de10ad53ffb24275b4bb47
59da6598ab412552fb838f7b0c62972c12b3df70b495bc36b673e3a506e0a30a
5ef889a83c52a2b5760c9613d699f81044475da8de2dbd3b29020f959d31e78e
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7
670f9f133ae7b82f0b92b0b016879f59d2ebd885294c0d69f732860a9ecf609a
6e4bcad109af2d0d9edb61eff091f05851a0fa7de62273a533769a3c0bfee8c1
7897706c4e450e00f4ed644823c09ac34e5ce7029d3cf05b615c8ae9c3596822
791fd110609c55ba57308b2b152520619e48cda3ef61de34ba7b4ed7b4d87b98
79695d8e751b3b8c3851ba552faee7159c198c41c506bbfce7def3ca50b5e8d8
79e160937afc8a0b9922853fd59cf4b06b41c63e284b54d2baa22a67af1c4ca9
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85
7ef9e8f8d039b08cb85555b52b90f5fa3b28dcddea8cbf844a4648cab8e4160b
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0
8491dc4a7557768ff08e5c8fc8b6adc85c8b62ab0a4d2c5fef26f140f405c161
8d9ea8fba5ffe91a05ae0f5cf150eb3bd9d07160f8a6b6437c0c56a2e880a80c
8e3707dbca22729069c15c50af2e37495b70f19f2a3bf4bfebbabe956d01e7d0
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac
9400c5c8d0f14c29f4af61d712fe5da7531635fa1cf9f94cce2776c792098a71
975d1151ee799a3d8bf31f851c6a441fe2df4c647d3dbb38b197e7da8c067b84
a58a4dedd2f3d84dcd8f649d7701755e07079012c1e745fbc5305bd029f43763
ad1c0c80f3d9874af69ac78b09e621fb3ff1f3a8c79acf506788ebb69fd54dc1
b07a8a5b907548f5cd53ae11f4adf92b8feeeeecbf1d65fd5f615dbc3da4a5cc
b26e09eddfbca19eb4854dcba42dfa3e25e8ef6672c31c07707e86728ad3b5eb
bf10704ae460f5c40ec0af8744499284baeaff9039c496efcbd6b1b5279b66e0
c54221f3664ed4585b7d98cce4dbebd957ab333324b6925f9778911f17ce4af9
c7453809d7c17d7c0ce1fc98522d7df0a991eb325c2d98b057e46f65990b2683
cb9d3808503110305d40c9d4acc7e6220a83ef538bf5f8011afc9e7d56fee06b
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d689ff3c3dc73e99faa10ca796ebad4fd5fba736c5af777b0ac046490af3d258
da763022283d1752a1af516ae37c2404625796e2e79ce6b27500f17215a59a55
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
df1cc912b1624459d71c23afc0337a8a86254e6506712157435f2361faa65731
df8da37920d3f65b69462511be5378e6529d4b74cf0e689a5d6dafd112cc1836
e0e0206f6a0693bca48d84ea14ab64ed09e3c426fa839abc7820d35bf319d8d5
e10a991fca072ecaec0437ae6df4b905bac928bf0c4967bde66b3f46c6d34672
e3cb9fad9ad24694b78d14c4f85a2ddb2983e8ab7e172877494d2c4d835ec202
e7308e01d71c0680573b2b4418a1296f5869f359369c8c0472019d0d4783ce1e
ee13c567d4b05042a3dbd07cc0639c9c309124f5c07f1d62c610f7b64ee3a562
ef49b39fb9b7603d751107a3afad3613b7e076c9843e0fd7b1d090344265295e
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f3a88cdfd8df2bf7f7f911193c44cb691211cbe2a9eccfdc54a566429f02ac17
f5b3d4d6ec45f81e4d9f6c2c228cbbf2ae41d4401ea8acad8aadeb82f6262607
f6bc58542ceef977fbf1d379b0c4a69dbddea872253b498f96972bea82330f20
fa4f72fc712f68f4a05edb81695ee54f92c3eb3c407ca76515bf884ed5befe0a
fb92b48cdea0b07da06f4c1de03d323e19e7d2c1c43ca9e878c391cd83739e2f
fd64847a3c8554d7949b87312e1cbd2191c992b7ffe2081550afb53596c836a7