authset-webverify09.serveftp.com Open in urlscan Pro
34.130.144.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://authset-webverify09.serveftp.com/
Effective URL:
https://authset-webverify09.serveftp.com/Login/?token=
Submission: On April 05 via automatic, source certstream-suspicious (April 5th 2022, 4:52:01 pm UTC) — Scanned from CA

Summary HTTP 140 Redirects Behaviour Indicators

Summary

This website contacted 20 IPs in 2 countries across 24 domains to perform 140 HTTP transactions. The main IP is 34.130.144.164, located in Toronto, Canada and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is authset-webverify09.serveftp.com.
TLS certificate: Issued by R3 on April 5th 2022. Valid for: 3 months.

This is the only time authset-webverify09.serveftp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
19	34.130.144.164 34.130.144.164	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	151.101.129.175 151.101.129.175	54113 (FASTLY) (FASTLY)
15	2607:f8b0:400... 2607:f8b0:4006:822::2008	15169 (GOOGLE) (GOOGLE)
1	104.123.160.80 104.123.160.80	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
16	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
9	3.232.182.227 3.232.182.227	14618 (AMAZON-AES) (AMAZON-AES)
16	2607:f8b0:400... 2607:f8b0:4006:81d::2004	15169 (GOOGLE) (GOOGLE)
16	2607:f8b0:400... 2607:f8b0:4006:822::2003	15169 (GOOGLE) (GOOGLE)
1 11	23.221.200.175 23.221.200.175	16625 (AKAMAI-AS) (AKAMAI-AS)
1	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21e... 2600:9000:21ec:d400:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	199.38.167.129 199.38.167.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2	99.84.42.105 99.84.42.105	16509 (AMAZON-02) (AMAZON-02)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
1 1	172.217.165.130 172.217.165.130	15169 (GOOGLE) (GOOGLE)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 1	76.13.32.147 76.13.32.147	26101 (YAHOO-BF1) (YAHOO-BF1)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
2 2	68.67.179.122 68.67.179.122	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
2 2	50.19.202.79 50.19.202.79	14618 (AMAZON-AES) (AMAZON-AES)
1	35.171.67.2 35.171.67.2	14618 (AMAZON-AES) (AMAZON-AES)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
1 2	142.250.176.211 142.250.176.211	15169 (GOOGLE) (GOOGLE)
1 1	2600:9000:21e... 2600:9000:21ec:1400:1a:609a:6780:93a1	16509 (AMAZON-02) (AMAZON-02)
140	20

19 34.130.144.164 (Toronto, Canada)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 164.144.130.34.bc.googleusercontent.com

authset-webverify09.serveftp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.123.160.80 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-123-160-80.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 3.232.182.227 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-182-227.compute-1.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:81d::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:822::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.221.200.175 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-221-200-175.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21ec:d400:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.42.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-42-105.ewr52.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.165.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.147 (Lockport, United States) 1 redirects

ASN26101 (YAHOO-BF1, US)
PTR: spcms.pbp.vip.bf1.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:112:f002:bbbb::21 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.179.122 (Secaucus, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 572.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::c (United States) 2 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.19.202.79 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-202-79.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.171.67.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-67-2.compute-1.amazonaws.com

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.176.211 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f19.1e100.net

px0.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21ec:1400:1a:609a:6780:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	serveftp.com authset-webverify09.serveftp.com	2 MB
18	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 bid.g.doubleclick.net — Cisco Umbrella Rank: 492 cm.g.doubleclick.net — Cisco Umbrella Rank: 206	21 KB
16	google.ca www.google.ca — Cisco Umbrella Rank: 7916	2 KB
16	google.com www.google.com — Cisco Umbrella Rank: 7	2 KB
15	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	582 KB
11	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 469 tags.bluekai.com — Cisco Umbrella Rank: 449	11 KB
9	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2765 Failed	85 KB
4	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 9344 Failed px0.pbbl.co — Cisco Umbrella Rank: 9233	17 KB
3	kampyle.com nebula-cdn.kampyle.com — Cisco Umbrella Rank: 3934 udc-neb.kampyle.com — Cisco Umbrella Rank: 2789	11 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 873	1 KB
2	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 389	725 B
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 245	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 326	938 B
2	rfihub.com 1 redirects 20766699p.rfihub.com — Cisco Umbrella Rank: 44005 p.rfihub.com — Cisco Umbrella Rank: 725	2 KB
2	medallia.com resources.digital-cloud-citi.medallia.com — Cisco Umbrella Rank: 29663	89 KB
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 434	702 B
1	kargo.com crb.kargo.com — Cisco Umbrella Rank: 2057	504 B
1	turn.com 1 redirects r.turn.com — Cisco Umbrella Rank: 3000	419 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 230	608 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 899	827 B
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 13432	646 B
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5621	6 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 105 Failed	15 KB
1	bkrtx.com tags.bkrtx.com — Cisco Umbrella Rank: 2936	16 KB
140	24

	Domain	Requested by
19	authset-webverify09.serveftp.com	authset-webverify09.serveftp.com
16	www.google.ca	authset-webverify09.serveftp.com
16	www.google.com	authset-webverify09.serveftp.com
16	googleads.g.doubleclick.net	authset-webverify09.serveftp.com www.googleadservices.com
15	www.googletagmanager.com	authset-webverify09.serveftp.com www.googletagmanager.com
9	tags.bluekai.com	1 redirects stags.bluekai.com
9	nexus.ensighten.com	authset-webverify09.serveftp.com
2	px0.pbbl.co	1 redirects
2	pm.w55c.net	2 redirects
2	gum.criteo.com	2 redirects
2	ib.adnxs.com	2 redirects
2	match.adsrvr.org	2 redirects
2	stags.bluekai.com	authset-webverify09.serveftp.com tags.bkrtx.com
2	resources.digital-cloud-citi.medallia.com	authset-webverify09.serveftp.com resources.digital-cloud-citi.medallia.com
2	cdn.pbbl.co	authset-webverify09.serveftp.com nexus.ensighten.com cdn.pbbl.co
2	nebula-cdn.kampyle.com	authset-webverify09.serveftp.com resources.digital-cloud-citi.medallia.com
1	aa.agkn.com	1 redirects
1	udc-neb.kampyle.com
1	crb.kargo.com	stags.bluekai.com
1	r.turn.com	1 redirects
1	c.bing.com	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	p.rfihub.com	1 redirects
1	sr.rlcdn.com	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	c1.rfihub.net	nexus.ensighten.com
1	bid.g.doubleclick.net	authset-webverify09.serveftp.com
1	www.googleadservices.com	authset-webverify09.serveftp.com www.googletagmanager.com
1	tags.bkrtx.com	authset-webverify09.serveftp.com
140	30

This site contains no links.

Subject Issuer	Validity	Valid
authset-webverify09.serveftp.com R3	`2022-04-05` - `2022-07-04`	3 months	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-22` - `2023-03-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2022-02-07` - `2023-02-06`	a year	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2021-11-15` - `2022-10-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-14` - `2022-10-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.pbbl.co Amazon	`2021-11-04` - `2022-12-02`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.app.kargo.com Amazon	`2022-01-06` - `2023-02-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://authset-webverify09.serveftp.com/Login/?token=
Frame ID: 40E2B74A1198B5A4526A995C1FC18F03
Requests: 125 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&phint=__bk_l%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&phint=__bk_v%3D3.1.10&limit=10&r=92544077
Frame ID: FC672ED5C3CA02F6216B358AB6DD0410
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 361444B760CA648A18786B2EA1536018
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=589&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&pf=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&ra=20829304549810224
Frame ID: D677903BF1BDF389647B722FBA2B9B9D
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: FC3D79CEDE52B262DE77D197EFC08585
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Frame ID: 4AB86493C4D654BBBCA2803ECD2D185F
Requests: 10 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 2C82BA856A0497446A89E620C7425C1E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Page URL History Show full URLs

https://authset-webverify09.serveftp.com/ Page URL
https://authset-webverify09.serveftp.com/Login/?token= Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

140
Requests

76 %
HTTPS

32 %
IPv6

24
Domains

30
Subdomains

20
IPs

2
Countries

3373 kB
Transfer

5106 kB
Size

31
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://authset-webverify09.serveftp.com/ Page URL
https://authset-webverify09.serveftp.com/Login/?token= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://p.rfihub.com/cm?in=1&pub=530&userid=hFh6JufA99e4RDhi& HTTP 302
https://tags.bluekai.com/site/4722?id=970033154423801907

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=bluekai&google_cm&google_sc&google_hm=V0tQNko0NzI5OTkvS1doaQ%3D%3D& HTTP 302
https://tags.bluekai.com/site/2981?id=&google_gid=CAESENQB9pzQcM4QBQGKeoi2sxQ&google_cver=1

Request Chain 105

https://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=bluekai&ttd_tpi=1 HTTP 302
https://tags.bluekai.com/site/5386?id=6a8fb90f-bc52-4e79-92aa-f8a9c4be9375&gdpr=0&gdpr_consent= HTTP 302
https://cms.analytics.yahoo.com/cms?partner_id=BLKAI HTTP 302
https://tags.bluekai.com/site/19505?id=y-CaBRvLtE2pJipcG5KuF6IzrjVeL3gYU41Vc-~A

Request Chain 106

https://c.bing.com/c.gif?uid=bOC6Jx9999ehCDhi&Red3=MSBK_pd HTTP 302
https://tags.bluekai.com/site/4538?id=15E8EC84331766313371FDF932BD6776

Request Chain 107

https://r.turn.com/r/du/id/L2NzaWQvMS9zcGlkLzQ/url/https%3A%2F%2Ftags.bluekai.com%2Fsite%2F4499%3Fid%3D%24!%7BTURN_UUID%7D%26BK_SWAP_DEST%3D4499%26r%3D1 HTTP 302
https://tags.bluekai.com/site/4499?id=3225590576579989553&BK_SWAP_DEST=4499&r=1

Request Chain 108

https://ib.adnxs.com/getuid?https://tags.bluekai.com/site/3085?id=$UID& HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Ftags.bluekai.com%2Fsite%2F3085%3Fid%3D%24UID%26 HTTP 302
https://tags.bluekai.com/site/3085?id=287067831669610509&

Request Chain 109

https://gum.criteo.com/sync?c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40 HTTP 302
https://gum.criteo.com/sync?s=1&c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40 HTTP 302
https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=q-gk2hH_pgNCn5a15TEG4GZN9Sk_AU9-

Request Chain 110

https://pm.w55c.net/ping_match.gif?st=BLUEKAI&rurl=https%3A%2F%2Ftags.bluekai.com%2Fsite%2F2964%3Fid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=BLUEKAI&rurl=https%3A%2F%2Ftags.bluekai.com%2Fsite%2F2964%3Fid%3D_wfivefivec_ HTTP 302
https://tags.bluekai.com/site/2964?id=W3dvWDmz1NBMpo5

Request Chain 122

https://px0.pbbl.co/ns/__p2.gif?ppid=73542a37-336c-44da-89d2-ee26bc5b4018&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&referrerUrl=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&targetUrl=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&sessionId=&markerType=seg&rand=288QZoAadUGm1r0y&iabOptOut=-&jsVer=3.2.1&frVer=1.2&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00 HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&_zip=&hk=&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00&mt=&bd=

140 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
authset-webverify09.serveftp.com/ 4 KB
4 KB 292ms
244ms Document
text/html 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://authset-webverify09.serveftp.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 164.144.130.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 5678a90f73bb75934d8a41522d7de1668fcc4011c6ff483a2aff92f23903d603

Request headers

Accept-Language: en-CA,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 05 Apr 2022 16:51:54 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 404
Not Found cf.css
authset-webverify09.serveftp.com/A/css/other/ 0
0 18ms
17ms Stylesheet
text/html 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://authset-webverify09.serveftp.com/A/css/other/cf.css
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 164.144.130.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:55 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Primary Request / Show response
authset-webverify09.serveftp.com/Login/ 385 KB
386 KB 60ms
60ms Document
text/html 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://authset-webverify09.serveftp.com/Login/?token=
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 164.144.130.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 176078acf95925030c4e9b30530e20df88d737449b844668c3e92ba6824667f0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 05 Apr 2022 16:51:56 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=98
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 50ms
10ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 2533511
via: 1.1 varnish
x-cache: HIT
content-length: 5197
x-amz-id-2: JDdSGQVPGnUTyV+0jiLE64tAjzkC8uMZbqaIw7ArgH/l8VTsFokcwCDH1rsPmzI0nFqb2oWm2Xs=
x-served-by: cache-yul12827-YUL
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1649177517.778596,VS0,VE0
date: Tue, 05 Apr 2022 16:51:56 GMT
vary: Accept-Encoding
x-amz-request-id: A5S8WWX5S7YNJ6A8
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 133239

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 83ms
34ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9195dbe1afc57b0bb3d30b2b98b40e5e492266a9cf4f62b5a31507dccdd56ded

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41549
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:56 GMT

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 51 KB
16 KB 86ms
19ms Script
application/javascript 104.123.160.80
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.123.160.80 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-123-160-80.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 21 May 2021 19:14:21 GMT
Server: nginx/1.15.8
ETag: W/"60a8068d-cbc2"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Tue, 05 Apr 2022 16:51:57 GMT
Connection: keep-alive
Content-Length: 16078
Expires: Tue, 12 Apr 2022 16:51:57 GMT

GET
H/1.1 200
OK Bootstrap.js Show response
authset-webverify09.serveftp.com/Login/js/ 280 KB
280 KB 270ms
235ms Script
application/javascript 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 286351
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Interstate-Light.woff
authset-webverify09.serveftp.com/Login/css/ 74 KB
74 KB 260ms
224ms Font
font/woff 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://authset-webverify09.serveftp.com/Login/css/Interstate-Light.woff

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authset-webverify09.serveftp.com/Login/?token=
Origin: https://authset-webverify09.serveftp.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 75538
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Interstate-Bold.woff
authset-webverify09.serveftp.com/Login/css/ 70 KB
70 KB 277ms
241ms Font
font/woff 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://authset-webverify09.serveftp.com/Login/css/Interstate-Bold.woff

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authset-webverify09.serveftp.com/Login/?token=
Origin: https://authset-webverify09.serveftp.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 71874
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Interstate-Regular.woff
authset-webverify09.serveftp.com/Login/css/ 77 KB
77 KB 287ms
236ms Font
font/woff 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://authset-webverify09.serveftp.com/Login/css/Interstate-Regular.woff

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authset-webverify09.serveftp.com/Login/?token=
Origin: https://authset-webverify09.serveftp.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 78762
X-XSS-Protection: 1; mode=block

GET conversion_async.js
www.googleadservices.com/pagead/ 0
0

GET js
www.googletagmanager.com/gtag/ 0
0

GET conversion_async.js
www.googleadservices.com/pagead/ 0
0

GET 1560.js
cdn.pbbl.co/r/ 0
0

GET d139e7d35fc18934e03ae7d1eb3769bf.js
nexus.ensighten.com/citi/na_prod/code/ 0
0

GET 51aba9f62787efbaa13e53a8d1ae3892.js
nexus.ensighten.com/citi/na_prod/code/ 0
0

GET c942fa5b036f63cf515027e22894e5aa.js
nexus.ensighten.com/citi/na_prod/code/ 0
0

GET 557566dc60916e3de69e006bef252459.js
nexus.ensighten.com/citi/na_prod/code/ 0
0

GET 42d4d669434e7d621371bd59ca097dbf.js
nexus.ensighten.com/citi/na_prod/code/ 0
0

GET fdf45a7c15c1cee06bb71e10dac4e26e.js
nexus.ensighten.com/citi/na_prod/code/ 0
0

GET serverComponent.php
nexus.ensighten.com/citi/na_prod/ 0
0

GET
H/1.1 200
OK styles.css
authset-webverify09.serveftp.com/Login/css/ 1 MB
1 MB 236ms
218ms Stylesheet
text/css 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://authset-webverify09.serveftp.com/Login/css/styles.css

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1388422
X-XSS-Protection: 1; mode=block

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 62ms
10ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: 7ZFGbm5gfkxV.pQuBY8LWu5zWeTQ0IFs
content-encoding: gzip
etag: "a698e80bc62ebcae5d8ef95ef0d2804d"
age: 1762243
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: rSP6YKYug1CEbUSskUXi+0FA1UWhTlerN8t0wig0FQMu8omK6eLqu5P+6BKXcW86mi3nQXO6L44=
x-served-by: cache-yul12820-YUL
last-modified: Fri, 25 Feb 2022 18:17:26 GMT
server: AmazonS3
x-timer: S1649177517.888391,VS0,VE0
date: Tue, 05 Apr 2022 16:51:56 GMT
vary: Accept-Encoding
x-amz-request-id: PZWMEN6DPEH9FKXY
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 44

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 3 KB
2 KB 86ms
37ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1642148921171&cv=9&fst=1642148921171&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95f8cbac9c23ca77af81f7993b5427b9c4dfad997655871ecf40983cbd9cf89c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1182
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 3 KB
1 KB 86ms
38ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1642148921263&cv=9&fst=1642148921263&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873c9ca0a86a367d3a2125284130ccbf7e6dbbe9c5c7b940c890c58d39ef91a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1183
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 3 KB
1 KB 104ms
56ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1642148921305&cv=9&fst=1642148921305&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b976cc370db691ca215022dd64387879e02e25837718752d513affdcca96c0c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1193
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
1 KB 86ms
39ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1642148921445&cv=9&fst=1642148921445&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f3540666c77c26369543b142a222c9bd960649cc64e7f7a39d9c601ca1600a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1183
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 3 KB
1 KB 87ms
40ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1642148921448&cv=9&fst=1642148921448&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e30cf9441c0e4caedb09cc3c6398abf74bfa55c34dd64893e26b293478c7ade

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1179
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 3 KB
1 KB 88ms
41ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1642148921829&cv=9&fst=1642148921829&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dd491712dd2c4f4f67a58d41f22567180cb70d772ebe784c986c48cf7af6afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1181
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 3 KB
1 KB 88ms
41ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1642148922005&cv=9&fst=1642148922005&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d01f8940a7168371458b88c68e977911e4b6d82396b8933ee00732dea77a6b1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1179
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
1 KB 87ms
40ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1642148922009&cv=9&fst=1642148922009&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09e2ce9fd038aea50af25c28a9a1ecb247b6ef4cb056391f12750a757d147cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1182
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK citipridelogo.jpg
authset-webverify09.serveftp.com/Login/css/ 3 KB
3 KB 182ms
182ms Image
image/jpeg 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/citipridelogo.jpg

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2658
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 050-location@2x.svg
authset-webverify09.serveftp.com/Login/css/ 2 KB
2 KB 255ms
255ms Image
image/svg+xml 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/050-location@2x.svg

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1752
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
authset-webverify09.serveftp.com/Login/css/ 3 KB
4 KB 250ms
248ms Image
image/svg+xml 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/icon_globe_med-grey@2x.svg

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3523
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 320_Citi-PLT@3x.png
authset-webverify09.serveftp.com/Login/css/ 11 KB
12 KB 259ms
257ms Image
image/png 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/320_Citi-PLT@3x.png

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 11562
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 1440_Citi-PLT@3x.png
authset-webverify09.serveftp.com/Login/css/ 27 KB
28 KB 264ms
261ms Image
image/png 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/1440_Citi-PLT@3x.png

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 28149
X-XSS-Protection: 1; mode=block

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
107 B 83ms
22ms Image
text/plain 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 05 Apr 2022 16:51:56 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
740 B 96ms
36ms Script
text/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=8310.299678020045&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e1364fc3377e7008e67605a700bfb0aca0bf7643ddb7fcc4bdf23d1f06e99016

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
cache-control: no-cache, no-store
content-type: text/javascript
server: nginx
content-encoding: gzip
vary: Accept-Encoding
expires: Tue, 05 Apr 2022 16:51:56 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
548 B 91ms
39ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1642148921171&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3983615107&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/916451471/ 42 B
548 B 107ms
57ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/916451471/?random=1642148921171&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3983615107&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
108 B 80ms
40ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1642148921263&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4284487342&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/960621875/ 42 B
108 B 46ms
44ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/960621875/?random=1642148921263&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4284487342&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 43ms
41ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1642148921305&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4170467779&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/644574043/ 42 B
108 B 47ms
45ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/644574043/?random=1642148921305&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4170467779&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
108 B 44ms
42ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1642148921445&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3490699837&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/975701947/ 42 B
108 B 47ms
45ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/975701947/?random=1642148921445&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3490699837&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
108 B 43ms
41ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1642148921448&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1015581637&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/830907969/ 42 B
108 B 41ms
39ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/830907969/?random=1642148921448&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1015581637&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
108 B 44ms
43ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1642148921829&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1179281618&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/695231162/ 42 B
108 B 48ms
47ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/695231162/?random=1642148921829&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1179281618&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
108 B 45ms
43ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1642148922005&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=106579961&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/819500023/ 42 B
108 B 49ms
47ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/819500023/?random=1642148922005&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=106579961&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
108 B 43ms
41ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1642148922009&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2353295137&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/959299794/ 42 B
108 B 47ms
46ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/959299794/?random=1642148922009&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2353295137&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK LSO_4959.jpg
authset-webverify09.serveftp.com/Login/css/ 171 KB
171 KB 198ms
198ms Image
image/jpeg 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/LSO_4959.jpg

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 174933
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
authset-webverify09.serveftp.com/Login/img/ 315 B
315 B 338ms
171ms Image
text/html 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://authset-webverify09.serveftp.com/Login/img/Citi-Branding-Sprite.png
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 164.144.130.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Appstore-Googleplay-JDPower-Sprite.png
authset-webverify09.serveftp.com/Login/css/ 44 KB
44 KB 281ms
232ms Image
image/png 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/Appstore-Googleplay-JDPower-Sprite.png

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 44996
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK social-media_facebook@3x.png
authset-webverify09.serveftp.com/Login/css/ 445 B
752 B 338ms
174ms Image
image/png 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/social-media_facebook@3x.png

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 445
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK social-media_twitter@3x.png
authset-webverify09.serveftp.com/Login/css/ 1 KB
2 KB 332ms
172ms Image
image/png 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/social-media_twitter@3x.png

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1277
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK social-media_youtube@3x.png
authset-webverify09.serveftp.com/Login/css/ 1 KB
1 KB 345ms
190ms Image
image/png 34.130.144.164
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authset-webverify09.serveftp.com/Login/css/social-media_youtube@3x.png

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.130.144.164 Toronto, Canada, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

164.144.130.34.bc.googleusercontent.com

Software

Apache /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/Login/?token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 27 Feb 2022 14:07:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1175
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame FC67 71 B
1 KB 182ms
100ms Document
text/html 23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&phint=__bk_l%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&phint=__bk_v%3D3.1.10&limit=10&r=92544077
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

BK-Server: b003
Connection: keep-alive
Content-Length: 71
Content-Type: text/html
Date: Tue, 05 Apr 2022 16:51:57 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET generic1642092206405.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 0
0

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame 3614 0
684 B 101ms
39ms Document
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/?token=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 16:51:57 GMT
expires: Tue, 05 Apr 2022 16:51:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 23ms
22ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 da6191c2b2959a15b37bb1f025a35ecd.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 23ms
23ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
last-modified: Tue, 01 Mar 2022 18:19:28 GMT
server: nginx
etag: W/"621e63b0-12ea"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
952 B 23ms
23ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 f21cacf863be4d08be1919c31c663fb2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 157 KB
34 KB 45ms
35ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f21cacf863be4d08be1919c31c663fb2.js?conditionId0=421908
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2a606181ce3e676fd43d0ac59e85d5c54712206b5c0b0c601a4c2d1b805591b6

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 15:47:14 GMT
server: nginx
etag: W/"62447b82-275e6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 51aba9f62787efbaa13e53a8d1ae3892.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
838 B 66ms
55ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
last-modified: Tue, 31 Aug 2021 17:19:01 GMT
server: nginx
etag: W/"612e6485-52a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 b2f0446660cb2dea0f6dc3924205e9e6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 138 KB
37 KB 68ms
57ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/b2f0446660cb2dea0f6dc3924205e9e6.js?conditionId0=486757
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 24ef04068969210454f752e9d8a9155e1a09ec0f8b3141a4cdb61060e1d5633c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 21:19:50 GMT
server: nginx
etag: W/"624377f6-226ce"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 d9242bb4689714e792142b57fb108642.js Show response
nexus.ensighten.com/citi/na_prod/code/ 39 KB
8 KB 87ms
76ms Script
application/javascript 3.232.182.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d9242bb4689714e792142b57fb108642.js?conditionId0=467299
Requested by: Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.232.182.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-182-227.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7c538f8a3c3e0da60b45759f24187eb0b25dd0531a5a2609302ed0b6b88365b7

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 21:19:50 GMT
server: nginx
etag: W/"624377f6-9cac"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 35ms
34ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ca095719fb9f11a3f1e59104f09b9aad40f7caec4131e980e16c5c71b28a17c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37569
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 43ms
43ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: authset-webverify09.serveftp.com
URL: https://authset-webverify09.serveftp.com/Login/js/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

225f299dc804d6ffb093870ec81707ca952f5c62f973ed43ad244258ef244e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37567
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 108ms
19ms Script
application/x-javascript 2600:9000:21ec:d400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d9242bb4689714e792142b57fb108642.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ec:d400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:01:52 GMT
content-encoding: gzip
last-modified: Tue, 05 Apr 2022 16:01:42 GMT
server: Jetty(9.3.29.v20201019)
age: 3005
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 18c7c6863d32a25928e512ad864f8a18.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: JFK51-C1
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: SsXB7Z8eSGD5wntZW6CakctNElGZvdYD_Dtb5DRY-NMpBJWJZF6o4w==
expires: Tue, 05 Apr 2022 17:01:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 35ms
34ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3d747eac7fefaeb99b904eba60af8830f706f70c70e2c87b907b5ff7f7fcf17f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37581
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 38ms
38ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce1abb7d40ef29a35dfef5bf0863dfbd6e668199d2567f53a01fae7ad9ba5bf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37583
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 47ms
47ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

856d05ea3a44d0c0ebd0f42e830aa206c7330763993ec2da89855ca2900e91b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37580
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 42ms
42ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6fe085becfe6aa657d3c6f933f2e51c334bc18016fe8cf8b09abd135990d2e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37582
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 60ms
60ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e70b591219360000c228ff63f48542aa0d050ea9b4c67f214310094c0c28e711

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37581
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame D677 118 B
703 B 94ms
24ms Document
text/html 199.38.167.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=589&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&pf=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&ra=20829304549810224
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 199.38.167.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-cache
Content-Length: 118
Content-Type: text/html;charset=utf-8
Date: Tue, 05 Apr 2022 16:51:57 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 138ms
32ms Script
application/javascript 99.84.42.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.42.105 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-42-105.ewr52.r.cloudfront.net

Software

nginx/1.20.1 /

Resource Hash

fc6d51c8cf191d581599c9df93f289248272ff952613d0df3d72fc5fbc2060fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
x-amz-cf-pop: EWR52-C4
x-cache: Miss from cloudfront
x-xss-protection: 1
last-modified: Fri, 10 Dec 2021 19:14:49 GMT
server: nginx/1.20.1
etag: W/"61b3a729-855d"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 6265ab4d72053dc7cb93b359f1255480.cloudfront.net (CloudFront)
cache-control: max-age=1800, public
content-security-policy: default-src 'self';
x-amz-cf-id: 2-sJxXuJcSUmsETafQoadXa81uSrKnCBUW55TrAM22wMcvHVo4-lGA==
expires: Tue, 05 Apr 2022 17:21:57 GMT

GET
H2 200 425466.html Show response
sr.rlcdn.com/ Frame FC3D 237 B
646 B 140ms
49ms Document
text/html 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d9242bb4689714e792142b57fb108642.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d08b0e82e4be24856001e584cef52bd6dc7461ca0e4c05963b52e4f58dd4449b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store
content-length: 237
content-type: text/html
date: Tue, 05 Apr 2022 16:51:57 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
timing-allow-origin: *
via: 1.1 google

GET
H2 200 generic1645813044147.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 532 KB
88 KB 12ms
11ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 05a45e5c705e5fa8b22c243d3461520e64f75236b702335764bed044e763e25e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: n9np7L1i8NPYVmXlDkA6OOYu.Ggu5g4q
content-encoding: gzip
etag: "b6b583d1c21fe708664599f47fe6d042"
age: 1674949
via: 1.1 varnish
x-cache: HIT
content-length: 89444
x-amz-id-2: a1GC8PAIwyDRD5LaZEWFwgPCLNOE4W3HqRv6EgvTvZu1ZES4wWNgiQnsB0dz+r4s+tcJZjRk2iA=
x-served-by: cache-yul12820-YUL
last-modified: Fri, 25 Feb 2022 18:17:26 GMT
server: AmazonS3
x-timer: S1649177518.672820,VS0,VE0
date: Tue, 05 Apr 2022 16:51:57 GMT
vary: Accept-Encoding
x-amz-request-id: FWGRMG3EZ0C22N4Y
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 44

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 4AB8 5 KB
6 KB 126ms
125ms Document
text/html 23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: eb271e13df873d369a5af35d540b24e1be9c0b445c0b5179e198bcf74dae07e5

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

BK-Server: 67cd
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 5586
Content-Type: text/html
Date: Tue, 05 Apr 2022 16:51:57 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 149ms
69ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

de2f7f8d7b163a0d422d2a426f84db938dbdae1a8fde621b123306a4a12652a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14881
x-xss-protection: 0
server: cafe
etag: 17469320936275902838
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 39ms
38ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0bc5d45efad261094011bdb8a3c8e4bec59e3dad2e6a0df7fc251d71593294c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41538
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 65ms
65ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ef820d426c047f05900916f237854413d15910a3d85283184f466d3bacf90b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41577
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 67ms
67ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

08d45bcc1c7b73736f8d1bbd85e7a3f67ae2c7497ef0300c4ded3e1c8aa95564

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41541
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 69ms
68ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c4c0e9daa2ed2d36b534b55d8cf2bbf62694db40c6fd2fa7732c2f27838a5893

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41539
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 79ms
77ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caeae483ceecf25148527a8a3e7320c522b174296138e726af6a277452197250

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41543
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 73ms
71ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3c55dd060c4ed8c59e7f06c167facb64c9027c8824427cdf51d671e07bb4f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41536
x-xss-protection: 0
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 103 KB
41 KB 70ms
69ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

68d4dcee4a6d3b22fc72ef23b6ce3ba68da6e3d8ef29a428b0b1799d8786cf38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41535
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 15:39:51 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Apr 2022 16:51:57 GMT

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 27ms
27ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1645813044147.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 2533512
via: 1.1 varnish
x-cache: HIT
content-length: 5197
x-amz-id-2: JDdSGQVPGnUTyV+0jiLE64tAjzkC8uMZbqaIw7ArgH/l8VTsFokcwCDH1rsPmzI0nFqb2oWm2Xs=
x-served-by: cache-yul12827-YUL
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1649177518.724896,VS0,VE0
date: Tue, 05 Apr 2022 16:51:57 GMT
vary: Accept-Encoding
x-amz-request-id: A5S8WWX5S7YNJ6A8
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 133240

GET
H/1.1

200
OK

4722
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=530&userid=hFh6JufA99e4RDhi&
https://tags.bluekai.com/site/4722?id=970033154423801907

62 B
421 B

196ms
117ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/4722?id=970033154423801907
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:58 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

Redirect headers

Location: https://tags.bluekai.com/site/4722?id=970033154423801907
Date: Tue, 05 Apr 2022 16:51:57 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

2981
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=bluekai&google_cm&google_sc&google_hm=V0tQNko0NzI5OTkvS1doaQ%3D%3D&
https://tags.bluekai.com/site/2981?id=&google_gid=CAESENQB9pzQcM4QBQGKeoi2sxQ&google_cver=1

62 B
550 B

200ms
132ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/2981?id=&google_gid=CAESENQB9pzQcM4QBQGKeoi2sxQ&google_cver=1
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Apr 2022 16:51:58 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: 2d6b
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://tags.bluekai.com/site/2981?id=&google_gid=CAESENQB9pzQcM4QBQGKeoi2sxQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

19505
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=bluekai&ttd_tpi=1
https://tags.bluekai.com/site/5386?id=6a8fb90f-bc52-4e79-92aa-f8a9c4be9375&gdpr=0&gdpr_consent=
https://cms.analytics.yahoo.com/cms?partner_id=BLKAI
https://tags.bluekai.com/site/19505?id=y-CaBRvLtE2pJipcG5KuF6IzrjVeL3gYU41Vc-~A

62 B
421 B

99ms
99ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/19505?id=y-CaBRvLtE2pJipcG5KuF6IzrjVeL3gYU41Vc-~A
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:58 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

Redirect headers

date: Tue, 05 Apr 2022 16:51:58 GMT
via: http/1.1 spdc0109.pbp.bf1.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
strict-transport-security: max-age=31536000
content-type: text/html;charset=utf-8
location: https://tags.bluekai.com/site/19505?id=y-CaBRvLtE2pJipcG5KuF6IzrjVeL3gYU41Vc-~A
content-length: 0

GET
H/1.1

200
OK

4538
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://c.bing.com/c.gif?uid=bOC6Jx9999ehCDhi&Red3=MSBK_pd
https://tags.bluekai.com/site/4538?id=15E8EC84331766313371FDF932BD6776

62 B
421 B

173ms
108ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/4538?id=15E8EC84331766313371FDF932BD6776
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:58 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF4C832A6EEE4111836E802B24D66590 Ref B: YTO01EDGE0718 Ref C: 2022-04-05T16:51:57Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://tags.bluekai.com/site/4538?id=15E8EC84331766313371FDF932BD6776
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1

200
OK

4499
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://r.turn.com/r/du/id/L2NzaWQvMS9zcGlkLzQ/url/https%3A%2F%2Ftags.bluekai.com%2Fsite%2F4499%3Fid%3D%24!%7BTURN_UUID%7D%26BK_SWAP_DEST%3D4499%26r%3D1
https://tags.bluekai.com/site/4499?id=3225590576579989553&BK_SWAP_DEST=4499&r=1

62 B
421 B

145ms
102ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/4499?id=3225590576579989553&BK_SWAP_DEST=4499&r=1
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:58 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

Redirect headers

location: https://tags.bluekai.com/site/4499?id=3225590576579989553&BK_SWAP_DEST=4499&r=1
pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

3085
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://ib.adnxs.com/getuid?https://tags.bluekai.com/site/3085?id=$UID&
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Ftags.bluekai.com%2Fsite%2F3085%3Fid%3D%24UID%26
https://tags.bluekai.com/site/3085?id=287067831669610509&

62 B
421 B

211ms
154ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/3085?id=287067831669610509&
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:58 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 05 Apr 2022 16:51:58 GMT
X-Proxy-Origin: 149.56.153.185; 149.56.153.185; 572.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 238b5bf4-f1c3-4d13-bf38-cdc4878254fb
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://tags.bluekai.com/site/3085?id=287067831669610509&
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

sync
tags.bluekai.com/site/29001/ Frame 4AB8
Redirect Chain

https://gum.criteo.com/sync?c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40
https://gum.criteo.com/sync?s=1&c=4&r=1&a=1&u=https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=%40USERID%40
https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=q-gk2hH_pgNCn5a15TEG4GZN9Sk_AU9-

62 B
550 B

170ms
104ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=q-gk2hH_pgNCn5a15TEG4GZN9Sk_AU9-
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Apr 2022 16:51:58 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 62
BK-Server: a367
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

location: https://tags.bluekai.com/site/29001/sync?3rdpartyuserid=q-gk2hH_pgNCn5a15TEG4GZN9Sk_AU9-
date: Tue, 05 Apr 2022 16:51:57 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 9769
content-length: 205
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

2964
tags.bluekai.com/site/ Frame 4AB8
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=BLUEKAI&rurl=https%3A%2F%2Ftags.bluekai.com%2Fsite%2F2964%3Fid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=BLUEKAI&rurl=https%3A%2F%2Ftags.bluekai.com%2Fsite%2F2964%3Fid%3D_wfivefivec_
https://tags.bluekai.com/site/2964?id=W3dvWDmz1NBMpo5

62 B
421 B

173ms
127ms

Image
image/gif

23.221.200.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/2964?id=W3dvWDmz1NBMpo5
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Server: 23.221.200.175 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-200-175.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Tue, 05 Apr 2022 16:51:58 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 05 Apr 2022 16:51:57 GMT
Server: PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0e1097ac94572790f@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://tags.bluekai.com/site/2964?id=W3dvWDmz1NBMpo5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK oracle
crb.kargo.com/api/v1/dsync/ Frame 4AB8 43 B
504 B 131ms
26ms Image
image/gif 35.171.67.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/oracle?r=https%3A%2F%2Fstags.bluekai.com%2Fsite%2F80323%3Fid%3D%7BKID%7D
Requested by: Host: stags.bluekai.com
URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=72616062
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.67.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-67-2.compute-1.amazonaws.com
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://stags.bluekai.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Apr 2022 16:51:58 GMT
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 43
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
317 B 63ms
28ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMC4wLjQ4OTYuNjAgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwicmVmZXJyaW5nX3VybCI6ICJodHRwczovL2F1dGhzZXQtd2VidmVyaWZ5MDkuc2VydmVmdHAuY29tLyIsInJlZmVycmluZ19kb21haW4iOiAiYXV0aHNldC13ZWJ2ZXJpZnkwOS5zZXJ2ZWZ0cC5jb20iLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0OTE3NzUxNzgyNyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmZmFhM2RmMDA3MzctMDZhYmUxNzFhNjZmNTUtMWYzNDMzNzEtMWQ0YzAwLTE3ZmZhYTNkZjAyNDQ1IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vYXV0aHNldC13ZWJ2ZXJpZnkwOS5zZXJ2ZWZ0cC5jb20vTG9naW4vP3Rva2VuPSIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI4MDk4LTRjYjQtMDZmMi1kMjg3LWVkMGUtZTY2Yi03ZTNkLTIwZGUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0OTE3NzUxNzcyNSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzMzksImthbXB5bGVfdmVyc2lvbiI6ICIyLjQyLjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQyLjEiLCJoaXN0b3J5X2xlbmd0aCI6IDMsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDkxNzc1MTc3NjksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-7rbf
date: Tue, 05 Apr 2022 16:51:57 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 pp.html Show response
cdn.pbbl.co/i/ Frame 2C82 27 KB
7 KB 31ms
31ms Document
text/html 99.84.42.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.42.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-42-105.ewr52.r.cloudfront.net
Software: nginx/1.20.1 /
Resource Hash: 37fd2cab060aec0691991303de430f904823dc21a9d05ac4984c899798ee1a89

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 05 Apr 2022 16:51:57 GMT
etag: W/"5f7c8ffc-6ca7"
last-modified: Tue, 06 Oct 2020 15:40:44 GMT
server: nginx/1.20.1
vary: Accept-Encoding Origin
via: 1.1 6265ab4d72053dc7cb93b359f1255480.cloudfront.net (CloudFront)
x-amz-cf-id: t0R8t6cCm691LwZpj68EGkChCQZXO3bpqVMrYFe8oRTBo8SaSlwyUQ==
x-amz-cf-pop: EWR52-C4
x-cache: Miss from cloudfront

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1 KB 70ms
41ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1649177517931&cv=9&fst=1649177517931&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fa12303985ea41a46bf77b6ad9f4974eff20a8762c903363cd03a6839e590f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1079
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 80ms
53ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1649177517935&cv=9&fst=1649177517935&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea413c6812fdfcf2416f986ebb15090c08de99ec4d3ed2c8d0247aba13df34dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 66ms
40ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1649177517936&cv=9&fst=1649177517936&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f962fdb56eee60b389d12f03aee873d3cb0b06a5f38615a0e4b183a48d6dfdb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1081
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 70ms
46ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1649177517937&cv=9&fst=1649177517937&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b5837765234c02b8ca25a7f31a47b31f602f87eebb6e07117d600dd1ffe43b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1081
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 71ms
47ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1649177517938&cv=9&fst=1649177517938&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

903ad5691af0a363f6384596d96a8fe858d3d8518ba762d25e483d0f098cf24f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 66ms
43ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1649177517939&cv=9&fst=1649177517939&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee45e74ae6464cf768688ab1ef5f798a1cfe6f089de8c85308adc0b1d3f33fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 2 KB
1 KB 65ms
43ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1649177517940&cv=9&fst=1649177517940&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0166f029f036ccb5901bec6056bac62f82e106ff9590c4f6ef912d7e61c7ceb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 2 KB
1 KB 68ms
47ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1649177517941&cv=9&fst=1649177517941&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68ed7ce62092187384deb533768130e646b6a17c6842c37c57ae75db258479b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1079
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=73542a37-336c-44da-89d2-ee26bc5b4018&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fauthset-webverify...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&_zip=&hk=&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00&mt=&bd=

42 B
133 B

60ms
60ms

Image
image/gif

142.250.176.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&_zip=&hk=&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00&mt=&bd=

Protocol

Server

142.250.176.211 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f19.1e100.net

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
x-cloud-trace-context: 862855455dc7987a5d7ddd829b81077a
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
via: 1.1 fb7a91e6436d6c6ab7f46f75c256840c.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: JFK51-C1
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=73542a37-336c-44da-89d2-ee26bc5b4018&_segid=99&_zip=&hk=&iid=9067733a-0ce3-44b3-9dad-4a30b2bafa00&mt=&bd=
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
x-amz-cf-id: s5nt4u1VRdVPmwWJdufHTlwWzR0L4gdbjKI6RkSGD20_a6Dcz0i2zQ==
expires: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 75ms
45ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1649177517936&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2892911837&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/644574043/ 42 B
64 B 72ms
45ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/644574043/?random=1649177517936&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2892911837&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
64 B 73ms
44ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1649177517931&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3562097939&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/819500023/ 42 B
64 B 72ms
45ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/819500023/?random=1649177517931&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3562097939&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
64 B 71ms
45ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1649177517940&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=36693169&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/695231162/ 42 B
64 B 67ms
43ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/695231162/?random=1649177517940&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=36693169&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
64 B 69ms
44ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1649177517939&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2030837680&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/960621875/ 42 B
64 B 63ms
40ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/960621875/?random=1649177517939&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2030837680&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
64 B 63ms
39ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1649177517937&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2104398556&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/975701947/ 42 B
64 B 66ms
44ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/975701947/?random=1649177517937&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2104398556&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
64 B 66ms
43ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1649177517938&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2884466521&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/916451471/ 42 B
64 B 64ms
43ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/916451471/?random=1649177517938&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2884466521&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
64 B 68ms
45ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1649177517941&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=893108125&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/830907969/ 42 B
64 B 61ms
41ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/830907969/?random=1649177517941&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=893108125&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
64 B 67ms
46ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1649177517935&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3266524041&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/959299794/ 42 B
64 B 56ms
39ms Image
image/gif 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/959299794/?random=1649177517935&cv=9&fst=1649174400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa3u0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauthset-webverify09.serveftp.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauthset-webverify09.serveftp.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3266524041&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://authset-webverify09.serveftp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Apr 2022 16:51:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: cdn.pbbl.co
URL: http://cdn.pbbl.co/r/1560.js

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/d139e7d35fc18934e03ae7d1eb3769bf.js?conditionId0=486757

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/c942fa5b036f63cf515027e22894e5aa.js?conditionId0=421908

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/42d4d669434e7d621371bd59ca097dbf.js?conditionId0=4897099

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963

Domain: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=197721.56227406068&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2

Domain: resources.digital-cloud-citi.medallia.com
URL: http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642092206405.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
authset-webverify09.serveftp.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: bf86faefb93abfda9177f569b41d645a
.doubleclick.net/	1970-01-20 11:27:53	Name: IDE Value: AHWqTUnvuadzMpqug6kwowLD6-HeHiFBjNXQTO3w5oZnLCI0qs7qVDBgbkOjyM4a
authset-webverify09.serveftp.com/	1970-01-20 02:06:19	Name: 7830 Value: error
authset-webverify09.serveftp.com/	1970-01-20 02:06:19	Name: 7018 Value:
authset-webverify09.serveftp.com/	1970-01-20 04:15:53	Name: 64072 Value:
.bluekai.com/	1970-01-20 06:25:29	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 06:25:29	Name: bku Value: UwR99vNpEsv6f7xk
.authset-webverify09.serveftp.com/	1970-01-20 04:15:53	Name: _gcl_au Value: 1.1.626154947.1649177517
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSsjQ3MDA2NjQ1MTEytjAwtDQwF-Iz1I3P9nF1jjBMdUutdAcAa5p3jCQAAAA
.rfihub.com/	1970-01-20 11:27:53	Name: rud Value: H4sIAAAAAAAAAOMSsjQ3MDA2NjQ1MTEytjAwtDQwF-Iz1I3P9nF1jjBMdUutdJfiNTQzsTQ0Nzc1NDczMgYALmtWazMAAAA
authset-webverify09.serveftp.com/	1970-01-20 10:51:53	Name: mdLogger Value: false
authset-webverify09.serveftp.com/	1970-01-20 10:51:53	Name: kampyle_userid Value: 8098-4cb4-06f2-d287-ed0e-e66b-7e3d-20de
authset-webverify09.serveftp.com/	1970-01-20 10:51:53	Name: kampyleUserSession Value: 1649177517725
authset-webverify09.serveftp.com/	1970-01-20 10:51:53	Name: kampyleUserSessionsCount Value: 1
authset-webverify09.serveftp.com/	1970-01-20 10:51:53	Name: kampyleSessionPageCounter Value: 1
.rlcdn.com/	1970-01-20 10:51:53	Name: rlas3 Value: QV3ANmXtShpQ/VB4B/GKIDhEs+d46mweHlQ+Mnqf3iU=
.rlcdn.com/	1970-01-20 03:32:41	Name: pxrc Value: CAA=
.rfihub.com/	1970-01-20 11:27:53	Name: eud Value: H4sIAAAAAAAAAFMSyHDLMPMqTXO0tEw1CXLJyMziNTQzsTQ0Nzc1NLewMAcAcEo2HyEAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAFMSyHDLMPMqTXO0tEw1CXLJyAQAZKue9hIAAAA
.adnxs.com/	1970-01-20 04:15:53	Name: uuid2 Value: 287067831669610509
.adsrvr.org/	1970-01-20 10:51:53	Name: TDID Value: 6a8fb90f-bc52-4e79-92aa-f8a9c4be9375
.criteo.com/	1970-01-20 11:27:53	Name: uid Value: 1e3e1e03-6688-43a7-9742-2230204cb8bb
.bing.com/	1970-01-20 11:27:53	Name: MUID Value: 15E8EC84331766313371FDF932BD6776
.c.bing.com/	1970-01-20 02:16:22	Name: MR Value: 0
.adsrvr.org/	1970-01-20 10:51:53	Name: TDCPM Value: CAESFgoHYmx1ZWthaRILCJrflZfUy8s6EAUYBSABKAIyCwi8ndLD6svLOhAFOAE.
.kargo.com/	1970-01-20 10:51:53	Name: ktcid Value: 992806b5-96cd-0116-5b8a-783267776ed2
.w55c.net/	1970-01-20 11:35:05	Name: wfivefivec Value: W3dvWDmz1NBMpo5
.w55c.net/	1970-01-20 02:49:29	Name: matchbluekai Value: 5
.turn.com/	1970-01-20 06:25:29	Name: uid Value: 3225590576579989553
.agkn.com/	1970-01-20 10:51:53	Name: ab Value: 0001%3Aksj%2ByvaRmHnC5fFKLgRr2KvJKhnVbXz0
.yahoo.com/	1970-01-20 10:52:15	Name: A3 Value: d=AQABBK5zTGICECBLXwrkJR1_ySI9_GgBxZIFEgEBAQHFTWJWYgAAAAAA_eMAAA&S=AQAAArDWryd4XOWMen1xD140UtE

28 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://authset-webverify09.serveftp.com/A/css/other/cf.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://cdn.pbbl.co/r/1560.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/d139e7d35fc18934e03ae7d1eb3769bf.js?conditionId0=486757'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/c942fa5b036f63cf515027e22894e5aa.js?conditionId0=421908'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/42d4d669434e7d621371bd59ca097dbf.js?conditionId0=4897099'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=197721.56227406068&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token= Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642092206405.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token=(Line 9240) Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure frame 'http://fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://authset-webverify09.serveftp.com/Login/?token=(Line 9240) Message: Mixed Content: The page at 'https://authset-webverify09.serveftp.com/Login/?token=' was loaded over HTTPS, but requested an insecure frame 'http://cdn.pbbl.co/i/pp.html'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://authset-webverify09.serveftp.com/Login/img/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
aa.agkn.com
authset-webverify09.serveftp.com
bid.g.doubleclick.net
c.bing.com
c1.rfihub.net
cdn.pbbl.co
cm.g.doubleclick.net
cms.analytics.yahoo.com
crb.kargo.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
match.adsrvr.org
nebula-cdn.kampyle.com
nexus.ensighten.com
p.rfihub.com
pm.w55c.net
px0.pbbl.co
r.turn.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
tags.bluekai.com
udc-neb.kampyle.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
cdn.pbbl.co
nexus.ensighten.com
resources.digital-cloud-citi.medallia.com
www.googleadservices.com
www.googletagmanager.com
104.123.160.80
142.250.176.211
142.250.65.194
151.101.129.175
151.101.194.133
172.217.165.130
172.253.122.156
199.38.167.129
23.221.200.175
2600:9000:21ec:1400:1a:609a:6780:93a1
2600:9000:21ec:d400:1:76cf:fe80:93a1
2607:f8b0:4006:80b::2002
2607:f8b0:4006:81d::2004
2607:f8b0:4006:822::2003
2607:f8b0:4006:822::2008
2620:100:a001::c
2620:112:f002:bbbb::21
2620:1ec:c11::200
3.232.182.227
34.130.144.164
35.171.67.2
35.190.60.146
35.241.45.82
35.71.131.137
50.19.202.79
68.67.179.122
76.13.32.147
99.84.42.105
0166f029f036ccb5901bec6056bac62f82e106ff9590c4f6ef912d7e61c7ceb6
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
05a45e5c705e5fa8b22c243d3461520e64f75236b702335764bed044e763e25e
08d45bcc1c7b73736f8d1bbd85e7a3f67ae2c7497ef0300c4ded3e1c8aa95564
09e2ce9fd038aea50af25c28a9a1ecb247b6ef4cb056391f12750a757d147cdd
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0bc5d45efad261094011bdb8a3c8e4bec59e3dad2e6a0df7fc251d71593294c0
0fa12303985ea41a46bf77b6ad9f4974eff20a8762c903363cd03a6839e590f3
176078acf95925030c4e9b30530e20df88d737449b844668c3e92ba6824667f0
1ca095719fb9f11a3f1e59104f09b9aad40f7caec4131e980e16c5c71b28a17c
1e30cf9441c0e4caedb09cc3c6398abf74bfa55c34dd64893e26b293478c7ade
225f299dc804d6ffb093870ec81707ca952f5c62f973ed43ad244258ef244e88
24ef04068969210454f752e9d8a9155e1a09ec0f8b3141a4cdb61060e1d5633c
2a606181ce3e676fd43d0ac59e85d5c54712206b5c0b0c601a4c2d1b805591b6
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f3540666c77c26369543b142a222c9bd960649cc64e7f7a39d9c601ca1600a8
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
37fd2cab060aec0691991303de430f904823dc21a9d05ac4984c899798ee1a89
3d747eac7fefaeb99b904eba60af8830f706f70c70e2c87b907b5ff7f7fcf17f
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
47b5837765234c02b8ca25a7f31a47b31f602f87eebb6e07117d600dd1ffe43b
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
5678a90f73bb75934d8a41522d7de1668fcc4011c6ff483a2aff92f23903d603
5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db
5dd491712dd2c4f4f67a58d41f22567180cb70d772ebe784c986c48cf7af6afc
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
68d4dcee4a6d3b22fc72ef23b6ce3ba68da6e3d8ef29a428b0b1799d8786cf38
68ed7ce62092187384deb533768130e646b6a17c6842c37c57ae75db258479b8
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899
7c538f8a3c3e0da60b45759f24187eb0b25dd0531a5a2609302ed0b6b88365b7
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
856d05ea3a44d0c0ebd0f42e830aa206c7330763993ec2da89855ca2900e91b1
873c9ca0a86a367d3a2125284130ccbf7e6dbbe9c5c7b940c890c58d39ef91a2
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
903ad5691af0a363f6384596d96a8fe858d3d8518ba762d25e483d0f098cf24f
9195dbe1afc57b0bb3d30b2b98b40e5e492266a9cf4f62b5a31507dccdd56ded
95f8cbac9c23ca77af81f7993b5427b9c4dfad997655871ecf40983cbd9cf89c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ef820d426c047f05900916f237854413d15910a3d85283184f466d3bacf90b1
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
b976cc370db691ca215022dd64387879e02e25837718752d513affdcca96c0c7
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c4c0e9daa2ed2d36b534b55d8cf2bbf62694db40c6fd2fa7732c2f27838a5893
c6fe085becfe6aa657d3c6f933f2e51c334bc18016fe8cf8b09abd135990d2e5
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
caeae483ceecf25148527a8a3e7320c522b174296138e726af6a277452197250
ce1abb7d40ef29a35dfef5bf0863dfbd6e668199d2567f53a01fae7ad9ba5bf8
d01f8940a7168371458b88c68e977911e4b6d82396b8933ee00732dea77a6b1e
d08b0e82e4be24856001e584cef52bd6dc7461ca0e4c05963b52e4f58dd4449b
d3c55dd060c4ed8c59e7f06c167facb64c9027c8824427cdf51d671e07bb4f8f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
de2f7f8d7b163a0d422d2a426f84db938dbdae1a8fde621b123306a4a12652a6
e1364fc3377e7008e67605a700bfb0aca0bf7643ddb7fcc4bdf23d1f06e99016
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70b591219360000c228ff63f48542aa0d050ea9b4c67f214310094c0c28e711
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ea413c6812fdfcf2416f986ebb15090c08de99ec4d3ed2c8d0247aba13df34dd
eb271e13df873d369a5af35d540b24e1be9c0b445c0b5179e198bcf74dae07e5
ee45e74ae6464cf768688ab1ef5f798a1cfe6f089de8c85308adc0b1d3f33fc5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
f962fdb56eee60b389d12f03aee873d3cb0b06a5f38615a0e4b183a48d6dfdb2
fc6d51c8cf191d581599c9df93f289248272ff952613d0df3d72fc5fbc2060fb

authset-webverify09.serveftp.com Open in urlscan Pro 34.130.144.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

140 Requests

76 %HTTPS

32 %IPv6

24 Domains

30 Subdomains

20 IPs

2 Countries

3373 kBTransfer

5106 kBSize

31 Cookies

0 Outgoing links

Page URL History

Redirected requests

140 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

authset-webverify09.serveftp.com Open in urlscan Pro
34.130.144.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

140
Requests

76 %
HTTPS

32 %
IPv6

24
Domains

30
Subdomains

20
IPs

2
Countries

3373 kB
Transfer

5106 kB
Size

31
Cookies

140 HTTP transactions
0 data transactions