![](/screenshots/5ad7b257-61fe-4aa8-bf4d-85a018cc88b2.png)
authset-webverify09.serveftp.com
Open in
urlscan Pro
34.130.144.164
Malicious Activity!
Public Scan
Effective URL: https://authset-webverify09.serveftp.com/Login/?token=
Submission: On April 05 via automatic, source certstream-suspicious — Scanned from CA
Summary
TLS certificate: Issued by R3 on April 5th 2022. Valid for: 3 months.
This is the only time authset-webverify09.serveftp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 164.144.130.34.bc.googleusercontent.com
authset-webverify09.serveftp.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-123-160-80.deploy.static.akamaitechnologies.com
tags.bkrtx.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-182-227.compute-1.amazonaws.com
nexus.ensighten.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-221-200-175.deploy.static.akamaitechnologies.com
stags.bluekai.com | |
tags.bluekai.com |
ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net
bid.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: server-99-84-42-105.ewr52.r.cloudfront.net
cdn.pbbl.co |
ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
sr.rlcdn.com |
ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net
www.googleadservices.com |
ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f2.1e100.net
cm.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org |
ASN26101 (YAHOO-BF1, US)
PTR: spcms.pbp.vip.bf1.yahoo.com
cms.analytics.yahoo.com |
ASN29990 (ASN-APPNEX, US)
PTR: 572.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-202-79.compute-1.amazonaws.com
pm.w55c.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-67-2.compute-1.amazonaws.com
crb.kargo.com |
ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com
udc-neb.kampyle.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
serveftp.com
authset-webverify09.serveftp.com |
2 MB |
18 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 bid.g.doubleclick.net — Cisco Umbrella Rank: 492 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 |
21 KB |
16 |
google.ca
www.google.ca — Cisco Umbrella Rank: 7916 |
2 KB |
16 |
google.com
www.google.com — Cisco Umbrella Rank: 7 |
2 KB |
15 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 70 |
582 KB |
11 |
bluekai.com
1 redirects
stags.bluekai.com — Cisco Umbrella Rank: 469 tags.bluekai.com — Cisco Umbrella Rank: 449 |
11 KB |
9 |
ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 2765 Failed |
85 KB |
4 |
pbbl.co
cdn.pbbl.co — Cisco Umbrella Rank: 9344 Failed px0.pbbl.co — Cisco Umbrella Rank: 9233 |
17 KB |
3 |
kampyle.com
nebula-cdn.kampyle.com — Cisco Umbrella Rank: 3934 udc-neb.kampyle.com — Cisco Umbrella Rank: 2789 |
11 KB |
2 |
w55c.net
2 redirects
pm.w55c.net — Cisco Umbrella Rank: 873 |
1 KB |
2 |
criteo.com
2 redirects
gum.criteo.com — Cisco Umbrella Rank: 389 |
725 B |
2 |
adnxs.com
2 redirects
ib.adnxs.com — Cisco Umbrella Rank: 245 |
2 KB |
2 |
adsrvr.org
2 redirects
match.adsrvr.org — Cisco Umbrella Rank: 326 |
938 B |
2 |
rfihub.com
1 redirects
20766699p.rfihub.com — Cisco Umbrella Rank: 44005 p.rfihub.com — Cisco Umbrella Rank: 725 |
2 KB |
2 |
medallia.com
resources.digital-cloud-citi.medallia.com — Cisco Umbrella Rank: 29663 |
89 KB |
1 |
agkn.com
1 redirects
aa.agkn.com — Cisco Umbrella Rank: 434 |
702 B |
1 |
kargo.com
crb.kargo.com — Cisco Umbrella Rank: 2057 |
504 B |
1 |
turn.com
1 redirects
r.turn.com — Cisco Umbrella Rank: 3000 |
419 B |
1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 230 |
608 B |
1 |
yahoo.com
1 redirects
cms.analytics.yahoo.com — Cisco Umbrella Rank: 899 |
827 B |
1 |
rlcdn.com
sr.rlcdn.com — Cisco Umbrella Rank: 13432 |
646 B |
1 |
rfihub.net
c1.rfihub.net — Cisco Umbrella Rank: 5621 |
6 KB |
1 |
googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 105 Failed |
15 KB |
1 |
bkrtx.com
tags.bkrtx.com — Cisco Umbrella Rank: 2936 |
16 KB |
140 | 24 |
Domain | Requested by | |
---|---|---|
19 | authset-webverify09.serveftp.com |
authset-webverify09.serveftp.com
|
16 | www.google.ca |
authset-webverify09.serveftp.com
|
16 | www.google.com |
authset-webverify09.serveftp.com
|
16 | googleads.g.doubleclick.net |
authset-webverify09.serveftp.com
www.googleadservices.com |
15 | www.googletagmanager.com |
authset-webverify09.serveftp.com
www.googletagmanager.com |
9 | tags.bluekai.com |
1 redirects
stags.bluekai.com
|
9 | nexus.ensighten.com |
authset-webverify09.serveftp.com
|
2 | px0.pbbl.co | 1 redirects |
2 | pm.w55c.net | 2 redirects |
2 | gum.criteo.com | 2 redirects |
2 | ib.adnxs.com | 2 redirects |
2 | match.adsrvr.org | 2 redirects |
2 | stags.bluekai.com |
authset-webverify09.serveftp.com
tags.bkrtx.com |
2 | resources.digital-cloud-citi.medallia.com |
authset-webverify09.serveftp.com
resources.digital-cloud-citi.medallia.com |
2 | cdn.pbbl.co |
authset-webverify09.serveftp.com
nexus.ensighten.com cdn.pbbl.co |
2 | nebula-cdn.kampyle.com |
authset-webverify09.serveftp.com
resources.digital-cloud-citi.medallia.com |
1 | aa.agkn.com | 1 redirects |
1 | udc-neb.kampyle.com | |
1 | crb.kargo.com |
stags.bluekai.com
|
1 | r.turn.com | 1 redirects |
1 | c.bing.com | 1 redirects |
1 | cms.analytics.yahoo.com | 1 redirects |
1 | cm.g.doubleclick.net | 1 redirects |
1 | p.rfihub.com | 1 redirects |
1 | sr.rlcdn.com |
nexus.ensighten.com
|
1 | 20766699p.rfihub.com |
c1.rfihub.net
|
1 | c1.rfihub.net |
nexus.ensighten.com
|
1 | bid.g.doubleclick.net |
authset-webverify09.serveftp.com
|
1 | www.googleadservices.com |
authset-webverify09.serveftp.com
www.googletagmanager.com |
1 | tags.bkrtx.com |
authset-webverify09.serveftp.com
|
140 | 30 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
authset-webverify09.serveftp.com R3 |
2022-04-05 - 2022-07-04 |
3 months | crt.sh |
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2022 Q1 |
2022-02-22 - 2023-03-26 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
*.bkrtx.com DigiCert SHA2 Secure Server CA |
2022-02-07 - 2023-02-06 |
a year | crt.sh |
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA |
2021-11-15 - 2022-10-20 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-14 - 2022-10-12 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
*.google.ca GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA |
2022-02-26 - 2023-03-01 |
a year | crt.sh |
*.rfihub.net Amazon |
2021-12-29 - 2023-01-27 |
a year | crt.sh |
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA |
2020-06-18 - 2022-06-18 |
2 years | crt.sh |
*.pbbl.co Amazon |
2021-11-04 - 2022-12-02 |
a year | crt.sh |
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA |
2022-02-03 - 2023-02-25 |
a year | crt.sh |
www.googleadservices.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
*.app.kargo.com Amazon |
2022-01-06 - 2023-02-03 |
a year | crt.sh |
*.google.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
This page contains 7 frames:
Primary Page:
https://authset-webverify09.serveftp.com/Login/?token=
Frame ID: 40E2B74A1198B5A4526A995C1FC18F03
Requests: 125 HTTP requests in this frame
Frame:
https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&phint=__bk_l%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&phint=__bk_v%3D3.1.10&limit=10&r=92544077
Frame ID: FC672ED5C3CA02F6216B358AB6DD0410
Requests: 1 HTTP requests in this frame
Frame:
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 361444B760CA648A18786B2EA1536018
Requests: 1 HTTP requests in this frame
Frame:
https://20766699p.rfihub.com/ca.html?ver=9&ra=589&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&pf=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&ra=20829304549810224
Frame ID: D677903BF1BDF389647B722FBA2B9B9D
Requests: 1 HTTP requests in this frame
Frame:
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: FC3D79CEDE52B262DE77D197EFC08585
Requests: 1 HTTP requests in this frame
Frame:
https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Frame ID: 4AB86493C4D654BBBCA2803ECD2D185F
Requests: 10 HTTP requests in this frame
Frame:
https://cdn.pbbl.co/i/pp.html
Frame ID: 2C82BA856A0497446A89E620C7425C1E
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/5ad7b257-61fe-4aa8-bf4d-85a018cc88b2.png)
Page Title
Sign On to Your Citi Account - CitibankPage URL History Show full URLs
- https://authset-webverify09.serveftp.com/ Page URL
- https://authset-webverify09.serveftp.com/Login/?token= Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/ensighten.png)
Detected patterns
- //nexus\.ensighten\.com/
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://authset-webverify09.serveftp.com/ Page URL
- https://authset-webverify09.serveftp.com/Login/?token= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 103- https://p.rfihub.com/cm?in=1&pub=530&userid=hFh6JufA99e4RDhi& HTTP 302
- https://tags.bluekai.com/site/4722?id=970033154423801907
- https://cm.g.doubleclick.net/pixel?google_nid=bluekai&google_cm&google_sc&google_hm=V0tQNko0NzI5OTkvS1doaQ%3D%3D& HTTP 302
- https://tags.bluekai.com/site/2981?id=&google_gid=CAESENQB9pzQcM4QBQGKeoi2sxQ&google_cver=1
- https://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai&ttd_tpi=1 HTTP 302
- https://match.adsrvr.org/track/cmb/generic?ttd_pid=bluekai&ttd_tpi=1 HTTP 302
- https://tags.bluekai.com/site/5386?id=6a8fb90f-bc52-4e79-92aa-f8a9c4be9375&gdpr=0&gdpr_consent= HTTP 302
- https://cms.analytics.yahoo.com/cms?partner_id=BLKAI HTTP 302
- https://tags.bluekai.com/site/19505?id=y-CaBRvLtE2pJipcG5KuF6IzrjVeL3gYU41Vc-~A
- https://c.bing.com/c.gif?uid=bOC6Jx9999ehCDhi&Red3=MSBK_pd HTTP 302
- https://tags.bluekai.com/site/4538?id=15E8EC84331766313371FDF932BD6776
- https://r.turn.com/r/du/id/L2NzaWQvMS9zcGlkLzQ/url/https%3A%2F%2Ftags.bluekai.com%2Fsite%2F4499%3Fid%3D%24!%7BTURN_UUID%7D%26BK_SWAP_DEST%3D4499%26r%3D1 HTTP 302
- https://tags.bluekai.com/site/4499?id=3225590576579989553&BK_SWAP_DEST=4499&r=1
- https://ib.adnxs.com/getuid?https://tags.bluekai.com/site/3085?id=$UID& HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Ftags.bluekai.com%2Fsite%2F3085%3Fid%3D%24UID%26 HTTP 302
- https://tags.bluekai.com/site/3085?id=287067831669610509&
- https://gum.criteo.com/sync?c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40 HTTP 302
- https://gum.criteo.com/sync?s=1&c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40 HTTP 302
- https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=q-gk2hH_pgNCn5a15TEG4GZN9Sk_AU9-
- https://pm.w55c.net/ping_match.gif?st=BLUEKAI&rurl=https%3A%2F%2Ftags.bluekai.com%2Fsite%2F2964%3Fid%3D_wfivefivec_ HTTP 302
- https://pm.w55c.net/ping_match.gif?scc=1&st=BLUEKAI&rurl=https%3A%2F%2Ftags.bluekai.com%2Fsite%2F2964%3Fid%3D_wfivefivec_ HTTP 302
- https://tags.bluekai.com/site/2964?id=W3dvWDmz1NBMpo5
- https://px0.pbbl.co/ns/__p2.gif?ppid=73542a37-336c-44da-89d2-ee26bc5b4018&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&referrerUrl=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&targetUrl=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&sessionId=&markerType=seg&rand=288QZoAadUGm1r0y&iabOptOut=-&jsVer=3.2.1&frVer=1.2&markerId=348192 HTTP 302
- https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00 HTTP 302
- https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&_zip=&hk=&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00&mt=&bd=
140 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
authset-webverify09.serveftp.com/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.css
authset-webverify09.serveftp.com/A/css/other/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
authset-webverify09.serveftp.com/Login/ |
385 KB 386 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cool-2.1.15.min.js
nebula-cdn.kampyle.com/resources/onsite/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bk-coretag.js
tags.bkrtx.com/js/ |
51 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Bootstrap.js
authset-webverify09.serveftp.com/Login/js/ |
280 KB 280 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Light.woff
authset-webverify09.serveftp.com/Login/css/ |
74 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Bold.woff
authset-webverify09.serveftp.com/Login/css/ |
70 KB 70 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Regular.woff
authset-webverify09.serveftp.com/Login/css/ |
77 KB 77 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
js
www.googletagmanager.com/gtag/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
conversion_async.js
www.googleadservices.com/pagead/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
1560.js
cdn.pbbl.co/r/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
d139e7d35fc18934e03ae7d1eb3769bf.js
nexus.ensighten.com/citi/na_prod/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
51aba9f62787efbaa13e53a8d1ae3892.js
nexus.ensighten.com/citi/na_prod/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
c942fa5b036f63cf515027e22894e5aa.js
nexus.ensighten.com/citi/na_prod/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
557566dc60916e3de69e006bef252459.js
nexus.ensighten.com/citi/na_prod/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
42d4d669434e7d621371bd59ca097dbf.js
nexus.ensighten.com/citi/na_prod/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fdf45a7c15c1cee06bb71e10dac4e26e.js
nexus.ensighten.com/citi/na_prod/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
serverComponent.php
nexus.ensighten.com/citi/na_prod/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
authset-webverify09.serveftp.com/Login/css/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
embed.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citipridelogo.jpg
authset-webverify09.serveftp.com/Login/css/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
050-location@2x.svg
authset-webverify09.serveftp.com/Login/css/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_globe_med-grey@2x.svg
authset-webverify09.serveftp.com/Login/css/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
320_Citi-PLT@3x.png
authset-webverify09.serveftp.com/Login/css/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1440_Citi-PLT@3x.png
authset-webverify09.serveftp.com/Login/css/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e.gif
nexus.ensighten.com/error/ |
0 107 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serverComponent.php
nexus.ensighten.com/citi/na_prod/ |
1 KB 740 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/916451471/ |
42 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/916451471/ |
42 B 548 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/960621875/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/960621875/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/644574043/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/644574043/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/975701947/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/975701947/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/830907969/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/830907969/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/695231162/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/695231162/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/819500023/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/819500023/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/959299794/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.ca/pagead/1p-user-list/959299794/ |
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LSO_4959.jpg
authset-webverify09.serveftp.com/Login/css/ |
171 KB 171 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Citi-Branding-Sprite.png
authset-webverify09.serveftp.com/Login/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Appstore-Googleplay-JDPower-Sprite.png
authset-webverify09.serveftp.com/Login/css/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_facebook@3x.png
authset-webverify09.serveftp.com/Login/css/ |
445 B 752 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_twitter@3x.png
authset-webverify09.serveftp.com/Login/css/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_youtube@3x.png
authset-webverify09.serveftp.com/Login/css/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
63068
stags.bluekai.com/site/ Frame FC67 |
71 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
generic1642092206405.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pixel
bid.g.doubleclick.net/xbbe/ Frame 3614 |
0 684 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fdf45a7c15c1cee06bb71e10dac4e26e.js
nexus.ensighten.com/citi/na_prod/code/ |
989 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
da6191c2b2959a15b37bb1f025a35ecd.js
nexus.ensighten.com/citi/na_prod/code/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
557566dc60916e3de69e006bef252459.js
nexus.ensighten.com/citi/na_prod/code/ |
2 KB 952 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f21cacf863be4d08be1919c31c663fb2.js
nexus.ensighten.com/citi/na_prod/code/ |
157 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
51aba9f62787efbaa13e53a8d1ae3892.js
nexus.ensighten.com/citi/na_prod/code/ |
1 KB 838 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b2f0446660cb2dea0f6dc3924205e9e6.js
nexus.ensighten.com/citi/na_prod/code/ |
138 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d9242bb4689714e792142b57fb108642.js
nexus.ensighten.com/citi/na_prod/code/ |
39 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tc.min.js
c1.rfihub.net/js/ |
19 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
93 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ca.html
20766699p.rfihub.com/ Frame D677 |
118 B 703 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1560.js
cdn.pbbl.co/r/ |
33 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
425466.html
sr.rlcdn.com/ Frame FC3D |
237 B 646 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
generic1645813044147.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ |
532 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
63068
stags.bluekai.com/site/ Frame 4AB8 |
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conversion_async.js
www.googleadservices.com/pagead/ |
39 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
103 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cool-2.1.15.min.js
nebula-cdn.kampyle.com/resources/onsite/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4722
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2981
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 550 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
19505
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4538
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4499
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3085
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sync
tags.bluekai.com/site/29001/ Frame 4AB8 Redirect Chain
|
62 B 550 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2964
tags.bluekai.com/site/ Frame 4AB8 Redirect Chain
|
62 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oracle
crb.kargo.com/api/v1/dsync/ Frame 4AB8 |
43 B 504 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ |
0 317 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pp.html
cdn.pbbl.co/i/ Frame 2C82 |
27 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adadvisor.gif
px0.pbbl.co/ Redirect Chain
|
42 B 133 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/644574043/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/644574043/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/819500023/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/819500023/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/695231162/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/695231162/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/960621875/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/960621875/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/975701947/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/975701947/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/916451471/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/916451471/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/830907969/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/830907969/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.com/pagead/1p-user-list/959299794/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
www.google.ca/pagead/1p-user-list/959299794/ |
42 B 64 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
- Domain
- www.googletagmanager.com
- URL
- http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
- Domain
- www.googleadservices.com
- URL
- http://www.googleadservices.com/pagead/conversion_async.js
- Domain
- cdn.pbbl.co
- URL
- http://cdn.pbbl.co/r/1560.js
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/code/d139e7d35fc18934e03ae7d1eb3769bf.js?conditionId0=486757
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/code/c942fa5b036f63cf515027e22894e5aa.js?conditionId0=421908
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/code/42d4d669434e7d621371bd59ca097dbf.js?conditionId0=4897099
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
- Domain
- nexus.ensighten.com
- URL
- http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=197721.56227406068&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2
- Domain
- resources.digital-cloud-citi.medallia.com
- URL
- http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642092206405.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)89 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| google_tag_manager object| dataLayer object| ensBootstraps object| Bootstrapper function| Visitor object| s_c_il number| s_c_in object| adobe_visitor function| targetPageParams object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate number| getOfferCount object| citiData object| ttMETA function| ttMBX object| KAMPYLE_EMBED object| tags object| BKTAG function| bk_addUserCtx function| bk_addPageCtx function| bk_addEmailHash function| bk_addPhoneHash function| bk_doJSTag function| bk_doJSTag2 function| bk_doCarsJSTag function| bk_doPartnerAltTag function| bk_doCallbackTag function| bk_doCallbackTagWithTimeOut function| bk_async object| val boolean| bk_use_multiple_iframes boolean| bk_allow_multiple_calls function| gtag function| _rfi object| google_tag_data function| extend function| RocketfuelBCPInclude function| RocketfuelBCPClass function| RocketfuelUtils object| RocketfuelBCP object| _pp undefined| CCSID undefined| citiLocale boolean| citiNGA undefined| pageID object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_CLICKTALE_FUNC object| KAMPYLE_SESSIONCAM object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK undefined| KAMPYLE_POLYFILLS object| KAMPYLE_INTEGRATION object| cooladata function| setImmediate function| clearImmediate function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO31 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
authset-webverify09.serveftp.com/ | Name: PHPSESSID Value: bf86faefb93abfda9177f569b41d645a |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUnvuadzMpqug6kwowLD6-HeHiFBjNXQTO3w5oZnLCI0qs7qVDBgbkOjyM4a |
|
authset-webverify09.serveftp.com/ | Name: 7830 Value: error |
|
authset-webverify09.serveftp.com/ | Name: 7018 Value: |
|
authset-webverify09.serveftp.com/ | Name: 64072 Value: |
|
.bluekai.com/ | Name: bkdc Value: phx |
|
.bluekai.com/ | Name: bku Value: UwR99vNpEsv6f7xk |
|
.authset-webverify09.serveftp.com/ | Name: _gcl_au Value: 1.1.626154947.1649177517 |
|
.rfihub.com/ | Name: ruds Value: H4sIAAAAAAAAAOMSsjQ3MDA2NjQ1MTEytjAwtDQwF-Iz1I3P9nF1jjBMdUutdAcAa5p3jCQAAAA |
|
.rfihub.com/ | Name: rud Value: H4sIAAAAAAAAAOMSsjQ3MDA2NjQ1MTEytjAwtDQwF-Iz1I3P9nF1jjBMdUutdJfiNTQzsTQ0Nzc1NDczMgYALmtWazMAAAA |
|
authset-webverify09.serveftp.com/ | Name: mdLogger Value: false |
|
authset-webverify09.serveftp.com/ | Name: kampyle_userid Value: 8098-4cb4-06f2-d287-ed0e-e66b-7e3d-20de |
|
authset-webverify09.serveftp.com/ | Name: kampyleUserSession Value: 1649177517725 |
|
authset-webverify09.serveftp.com/ | Name: kampyleUserSessionsCount Value: 1 |
|
authset-webverify09.serveftp.com/ | Name: kampyleSessionPageCounter Value: 1 |
|
.rlcdn.com/ | Name: rlas3 Value: QV3ANmXtShpQ/VB4B/GKIDhEs+d46mweHlQ+Mnqf3iU= |
|
.rlcdn.com/ | Name: pxrc Value: CAA= |
|
.rfihub.com/ | Name: eud Value: H4sIAAAAAAAAAFMSyHDLMPMqTXO0tEw1CXLJyMziNTQzsTQ0Nzc1NLewMAcAcEo2HyEAAAA |
|
.rfihub.com/ | Name: euds Value: H4sIAAAAAAAAAFMSyHDLMPMqTXO0tEw1CXLJyAQAZKue9hIAAAA |
|
.adnxs.com/ | Name: uuid2 Value: 287067831669610509 |
|
.adsrvr.org/ | Name: TDID Value: 6a8fb90f-bc52-4e79-92aa-f8a9c4be9375 |
|
.criteo.com/ | Name: uid Value: 1e3e1e03-6688-43a7-9742-2230204cb8bb |
|
.bing.com/ | Name: MUID Value: 15E8EC84331766313371FDF932BD6776 |
|
.c.bing.com/ | Name: MR Value: 0 |
|
.adsrvr.org/ | Name: TDCPM Value: CAESFgoHYmx1ZWthaRILCJrflZfUy8s6EAUYBSABKAIyCwi8ndLD6svLOhAFOAE. |
|
.kargo.com/ | Name: ktcid Value: 992806b5-96cd-0116-5b8a-783267776ed2 |
|
.w55c.net/ | Name: wfivefivec Value: W3dvWDmz1NBMpo5 |
|
.w55c.net/ | Name: matchbluekai Value: 5 |
|
.turn.com/ | Name: uid Value: 3225590576579989553 |
|
.agkn.com/ | Name: ab Value: 0001%3Aksj%2ByvaRmHnC5fFKLgRr2KvJKhnVbXz0 |
|
.yahoo.com/ | Name: A3 Value: d=AQABBK5zTGICECBLXwrkJR1_ySI9_GgBxZIFEgEBAQHFTWJWYgAAAAAA_eMAAA&S=AQAAArDWryd4XOWMen1xD140UtE |
28 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
20766699p.rfihub.com
aa.agkn.com
authset-webverify09.serveftp.com
bid.g.doubleclick.net
c.bing.com
c1.rfihub.net
cdn.pbbl.co
cm.g.doubleclick.net
cms.analytics.yahoo.com
crb.kargo.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
match.adsrvr.org
nebula-cdn.kampyle.com
nexus.ensighten.com
p.rfihub.com
pm.w55c.net
px0.pbbl.co
r.turn.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
tags.bluekai.com
udc-neb.kampyle.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
cdn.pbbl.co
nexus.ensighten.com
resources.digital-cloud-citi.medallia.com
www.googleadservices.com
www.googletagmanager.com
104.123.160.80
142.250.176.211
142.250.65.194
151.101.129.175
151.101.194.133
172.217.165.130
172.253.122.156
199.38.167.129
23.221.200.175
2600:9000:21ec:1400:1a:609a:6780:93a1
2600:9000:21ec:d400:1:76cf:fe80:93a1
2607:f8b0:4006:80b::2002
2607:f8b0:4006:81d::2004
2607:f8b0:4006:822::2003
2607:f8b0:4006:822::2008
2620:100:a001::c
2620:112:f002:bbbb::21
2620:1ec:c11::200
3.232.182.227
34.130.144.164
35.171.67.2
35.190.60.146
35.241.45.82
35.71.131.137
50.19.202.79
68.67.179.122
76.13.32.147
99.84.42.105
0166f029f036ccb5901bec6056bac62f82e106ff9590c4f6ef912d7e61c7ceb6
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
05a45e5c705e5fa8b22c243d3461520e64f75236b702335764bed044e763e25e
08d45bcc1c7b73736f8d1bbd85e7a3f67ae2c7497ef0300c4ded3e1c8aa95564
09e2ce9fd038aea50af25c28a9a1ecb247b6ef4cb056391f12750a757d147cdd
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0bc5d45efad261094011bdb8a3c8e4bec59e3dad2e6a0df7fc251d71593294c0
0fa12303985ea41a46bf77b6ad9f4974eff20a8762c903363cd03a6839e590f3
176078acf95925030c4e9b30530e20df88d737449b844668c3e92ba6824667f0
1ca095719fb9f11a3f1e59104f09b9aad40f7caec4131e980e16c5c71b28a17c
1e30cf9441c0e4caedb09cc3c6398abf74bfa55c34dd64893e26b293478c7ade
225f299dc804d6ffb093870ec81707ca952f5c62f973ed43ad244258ef244e88
24ef04068969210454f752e9d8a9155e1a09ec0f8b3141a4cdb61060e1d5633c
2a606181ce3e676fd43d0ac59e85d5c54712206b5c0b0c601a4c2d1b805591b6
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f3540666c77c26369543b142a222c9bd960649cc64e7f7a39d9c601ca1600a8
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
37fd2cab060aec0691991303de430f904823dc21a9d05ac4984c899798ee1a89
3d747eac7fefaeb99b904eba60af8830f706f70c70e2c87b907b5ff7f7fcf17f
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
47b5837765234c02b8ca25a7f31a47b31f602f87eebb6e07117d600dd1ffe43b
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
5678a90f73bb75934d8a41522d7de1668fcc4011c6ff483a2aff92f23903d603
5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db
5dd491712dd2c4f4f67a58d41f22567180cb70d772ebe784c986c48cf7af6afc
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
68d4dcee4a6d3b22fc72ef23b6ce3ba68da6e3d8ef29a428b0b1799d8786cf38
68ed7ce62092187384deb533768130e646b6a17c6842c37c57ae75db258479b8
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899
7c538f8a3c3e0da60b45759f24187eb0b25dd0531a5a2609302ed0b6b88365b7
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
856d05ea3a44d0c0ebd0f42e830aa206c7330763993ec2da89855ca2900e91b1
873c9ca0a86a367d3a2125284130ccbf7e6dbbe9c5c7b940c890c58d39ef91a2
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
903ad5691af0a363f6384596d96a8fe858d3d8518ba762d25e483d0f098cf24f
9195dbe1afc57b0bb3d30b2b98b40e5e492266a9cf4f62b5a31507dccdd56ded
95f8cbac9c23ca77af81f7993b5427b9c4dfad997655871ecf40983cbd9cf89c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ef820d426c047f05900916f237854413d15910a3d85283184f466d3bacf90b1
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
b976cc370db691ca215022dd64387879e02e25837718752d513affdcca96c0c7
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c4c0e9daa2ed2d36b534b55d8cf2bbf62694db40c6fd2fa7732c2f27838a5893
c6fe085becfe6aa657d3c6f933f2e51c334bc18016fe8cf8b09abd135990d2e5
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
caeae483ceecf25148527a8a3e7320c522b174296138e726af6a277452197250
ce1abb7d40ef29a35dfef5bf0863dfbd6e668199d2567f53a01fae7ad9ba5bf8
d01f8940a7168371458b88c68e977911e4b6d82396b8933ee00732dea77a6b1e
d08b0e82e4be24856001e584cef52bd6dc7461ca0e4c05963b52e4f58dd4449b
d3c55dd060c4ed8c59e7f06c167facb64c9027c8824427cdf51d671e07bb4f8f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
de2f7f8d7b163a0d422d2a426f84db938dbdae1a8fde621b123306a4a12652a6
e1364fc3377e7008e67605a700bfb0aca0bf7643ddb7fcc4bdf23d1f06e99016
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70b591219360000c228ff63f48542aa0d050ea9b4c67f214310094c0c28e711
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ea413c6812fdfcf2416f986ebb15090c08de99ec4d3ed2c8d0247aba13df34dd
eb271e13df873d369a5af35d540b24e1be9c0b445c0b5179e198bcf74dae07e5
ee45e74ae6464cf768688ab1ef5f798a1cfe6f089de8c85308adc0b1d3f33fc5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
f962fdb56eee60b389d12f03aee873d3cb0b06a5f38615a0e4b183a48d6dfdb2
fc6d51c8cf191d581599c9df93f289248272ff952613d0df3d72fc5fbc2060fb